Privacy Policy

NextWin Technologies, LLC ("NextWin", "we," "our," or "us") is committed to protecting your privacy. "You" or "your" refers to an individual who accesses or uses the NextWin platform, or whose personal information is collected or processed by NextWin in connection with the use of the platform by a business customer. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered bid and sales platform for subcontractors (the "Service"). By using NextWin, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• Name: Your full name as provided during registration
• Email Address: Your work email address used for account access and communications
• Company Information: Company name, address, phone number, and timezone
• Job Title: Your role or position within your company (optional)
• Phone Number: Contact phone number (optional)

1.2 Email Account Data

If you choose to connect your email account (Gmail, Microsoft Outlook, or other supported providers) through OAuth:

• Email Messages: We access, read, and store emails from your connected account (with your permission) to identify and extract business-related information
• Email Metadata: Sender, recipient, subject line, timestamps, thread IDs, and message IDs
• Email Content: Full email body (text and HTML) for AI-powered classification and data extraction
• Attachments: Documents, plans, specifications, and other files attached to emails
• OAuth Tokens: Secure access and refresh tokens stored encrypted to maintain your email connection

1.2a Forwarded Emails

If you choose to forward emails directly to NextWin for processing:

• Forwarded Emails: We receive, process, and store emails that you forward to your NextWin email address
• Email Content: Full email body (text and HTML) and attachments from forwarded emails
• Processing: Forwarded emails are processed using the same AI-powered classification and data extraction as emails from connected accounts

1.3 Business Data

As you use NextWin, we collect and store business-related information that you provide or that is processed through the Service, including:

• Business Records: Information related to your business activities, opportunities, and transactions
• Project Data: Project names, locations, descriptions, and related metadata you provide
• Contact Information: Contact names, emails, and phone numbers of business contacts
• Notes and Updates: Any notes, comments, or updates you add to records within the Service
• Documents: Files and documents you upload or that are processed through the Service

1.4 Usage and Technical Information

We automatically collect certain technical information:

• Usage Data: Feature usage, pages visited, actions taken, timestamps, and session duration
• Device Information: Browser type, operating system, device identifiers, IP address
• Log Data: Server logs, error reports, and diagnostic information
• Cookies and Tracking: Authentication tokens, session data, and preferences (see Section 8)

1.5 Payment Information

For paid subscriptions, we use third-party payment processors (e.g., Stripe) who collect and process payment information. We do not store your full credit card details. We only receive:

• Billing address and contact information
• Payment method type (credit card, ACH, etc.)
• Subscription status and billing history

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

• To provide, maintain, and improve the NextWin platform and its features
• To process and analyze emails to identify and extract bid-related information
• To use AI and machine learning algorithms to classify emails, extract structured data, and provide insights
• To create and manage your account, projects, and bids
• To enable team collaboration features within your company
• To send notifications, updates, and alerts related to your bids and projects

2.2 Communication

• To send service-related communications, including account verification emails, password resets, and security alerts
• To respond to your inquiries, requests, and support tickets
• To send marketing communications (with your consent, which you can opt out of at any time)
• To notify you of changes to our Service, terms, or policies

2.3 Service Improvement

• To analyze usage patterns and improve our AI models and algorithms
• To identify and fix bugs, errors, and performance issues
• To develop new features and functionality
• To conduct research and analytics (using anonymized or aggregated data)

2.4 Legal and Security

• To comply with legal obligations and respond to legal requests
• To enforce our Terms of Use and protect our rights
• To detect, prevent, and address fraud, security breaches, or other harmful activity
• To protect the safety and security of our users and the Service

3. Email Integration and Processing

NextWin's core functionality relies on email integration. When you connect your email account:

3.1 OAuth Authorization

• We use OAuth 2.0 to securely connect to your email provider (Google Gmail, Microsoft Outlook)
• You grant NextWin permission to read, process, and organize your emails
• You can revoke access at any time through your email provider's security settings or through NextWin
• We store encrypted OAuth tokens to maintain the connection

3.2 Email Processing

• We read, store, and process all incoming emails from your connected account (with your permission)
• We process emails that you forward directly to your NextWin email address
• We use AI algorithms to classify and process emails for relevant business information
• We extract structured data from emails and create records based on extracted information
• We store all emails and extracted data in our systems to provide the Service
• We may send emails on your behalf as part of the Service functionality

3.3 What We Do Not Do

• We do not read emails outside the scope of providing NextWin functionality
• We do not access emails that are not relevant to NextWin's functionality
• We do not sell, rent, or share your email data with third parties
• We do not use your email data for advertising or marketing purposes
• We do not use your customer data to train public or third-party AI models
• We do not grant third parties access to your emails

4. Data Storage and Security

4.1 Data Storage

• Your data is stored securely in cloud infrastructure provided by our service providers (e.g., Supabase, Vercel)
• Data is encrypted in transit using TLS/SSL protocols
• Data is encrypted at rest using industry-standard encryption methods
• We implement role-based access controls to ensure only authorized personnel can access your data

4.2 Security Measures

• We use secure authentication methods, including OAuth 2.0 and encrypted passwords
• We implement firewalls, intrusion detection, and other security technologies
• We regularly audit our security practices and update them as needed
• We conduct security training for our personnel
• We use multi-tenant architecture with strict data isolation between companies

4.3 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of discovering the breach (as required by applicable law)
• Provide information about what data was compromised and what steps we're taking
• Recommend steps you can take to protect yourself
• Report the breach to relevant regulatory authorities as required

No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

5. Human Access to Data

By default, customer data is processed automatically by our systems and is not reviewed by humans. However, limited human access may occur in the following circumstances:

• Support and Debugging: Authorized support personnel may access your account data when you request assistance or report issues
• Security and Reliability: Security team members may review data when investigating security incidents, fraud, or system errors
• Product Improvement: Engineering teams may access anonymized or aggregated data to improve features and fix bugs
• Legal Compliance: We may be required to access data in response to legal requests or court orders

All personnel with access to customer data are bound by strict confidentiality agreements and are trained on data protection practices. We do not use customer data for personal or commercial advantage outside of providing the Service.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or email data to third parties for marketing or advertising purposes.

6.2 Service Providers

We share data with third-party service providers who help us operate the Service, under strict confidentiality obligations:

• Cloud Infrastructure: Data hosting and storage (e.g., Supabase, Vercel)
• Payment Processors: Payment processing (e.g., Stripe)
• Email Services: Transactional email delivery (e.g., Resend)
• Analytics: Usage analytics and monitoring (e.g., Vercel Analytics)
• Support Tools: Customer support and help desk software

All service providers are contractually required to:

• Use data only to provide services to NextWin
• Maintain the confidentiality and security of your data
• Comply with applicable data protection laws
• Delete or return data upon termination of the service agreement

6.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process, subpoenas, court orders, or government requests
• Legal obligations to protect rights, property, or safety
• Investigation of fraud, security breaches, or other illegal activity

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and provide options regarding your data.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Right to Access: You can request a copy of the personal data we hold about you
• Data Portability: You can request your data in a structured, machine-readable format

7.2 Correction and Deletion

• Right to Rectify: You can update or correct inaccurate information through your account settings
• Right to Delete: You can request deletion of your account and associated data

7.3 Opt-Out and Restriction

• Email Preferences: You can opt out of marketing emails by clicking unsubscribe or updating your preferences
• Email Integration: You can disconnect your email account at any time through account settings
• Data Processing: You can request restriction of processing in certain circumstances

7.4 Objection and Withdrawal

• Right to Object: You can object to processing of your data for certain purposes
• Withdraw Consent: You can withdraw consent for processing that requires your consent

7.5 Exercising Your Rights

To exercise these rights, please contact us at info@getnextwin.com. We will respond to your request within 30 days, or as required by applicable law.

Note: Some rights may be limited if data is necessary for contract performance, legal compliance, or legitimate business interests.

8. Cookies and Tracking Technologies

8.1 Types of Cookies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the Service to function (authentication, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service (anonymized data)

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality. We do not use tracking cookies for advertising purposes.

9. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service and fulfill contractual obligations
• Comply with legal, tax, and accounting requirements
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Account Deletion: When you delete your account:

• We will delete or anonymize your personal information within 30 days
• Some data may be retained longer if required by law or for legitimate business purposes
• Aggregated or anonymized data that cannot identify you may be retained indefinitely

10. Children's Privacy

NextWin is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using NextWin, you consent to the transfer of your information to these countries.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:

• Standard contractual clauses approved by relevant data protection authorities
• Service provider agreements that comply with applicable data protection laws
• Encryption and other security measures

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about categories and specific pieces of personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt out of the "sale" of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@getnextwin.com.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• All rights listed in Section 7 (Your Privacy Rights)
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority
• Data Controller: NextWin Technologies, LLC acts as the data controller for your personal information

Our legal basis for processing your data includes: contract performance, legitimate interests, consent, and legal compliance.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to your registered email address
• Displaying a notice in the Service

Your continued use of NextWin after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service and delete your account.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: