Privacy Policy

1. Introduction

Mendios Technologies (webMOBI) ("we", "our", or "us"), operating as NexaLink, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications (NexaLink Card, NexaLink Scanner, NexaLink CRM) and website at nexalink.co (collectively, the "Service").

Our registered address is: 1250 Oakmead Pkwy Ste 210, Sunnyvale, California 94085, US.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and authentication credentials when you create an account via email/password, Apple Sign-In, or Google Sign-In.
• Digital Business Card Data: Name, job title, company, phone numbers, email addresses, website, social media links, profile photo, bio, and card design preferences.
• Contact Information: When you scan business cards, import phone contacts, or manually add contacts to the CRM, we store names, email addresses, phone numbers, company, job title, social links, and notes.
• Event Data: Event names, locations, dates, and contacts captured during events.
• Voice Notes: Audio recordings and transcriptions you create in the CRM app.
• Interaction Notes: Notes, tags, and context you add about your contacts and conversations.
• Chat Assistant Queries: Text queries you type into the in-app chat assistant.
• Feedback & Feature Requests: Content you submit through our feedback system.

2.2 Information from Third-Party Services

• Gmail Integration (CRM App): When you connect your Gmail account, we access email metadata (sender, recipient, subject line, and date) from the last 90 days to identify contacts you communicate with. We do not read email body content. We also send follow-up emails on your behalf when you explicitly tap "Send." No emails are sent automatically. You can disconnect Gmail at any time from Settings.
• Google Sign-In: Name, email address, and profile information from your Google account.
• Apple Sign-In: Name and email address (or private relay email) from your Apple ID.
• Phone Contacts: With your permission, we access your device's contact list to enable contact import. We only import contacts you explicitly select.

2.3 Information Collected Automatically

• Usage Data: Features used, screens viewed, actions taken, time spent, and in-app events.
• Device Information: Device type, operating system version, app version, and unique device identifiers.
• Card Analytics: When someone views your digital business card, we record the view event, referral source, device type, and browser type. We do not identify the viewer unless they save your contact.
• Session Replay: A sample of app sessions (up to 10%) may be recorded for debugging and UX improvement. Text and images in session replays are masked to protect sensitive content.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service across all three apps
• Create and manage your account and digital business cards
• Process business card scans using AI (image analysis)
• Generate AI-powered follow-up messages based on your conversation context
• Discover contacts from your email history (Gmail integration)
• Send follow-up emails on your behalf via Gmail (only when you tap "Send")
• Provide analytics on card views and shares
• Send you notifications about follow-ups, reminders, and weekly activity summaries
• Send onboarding and product emails (you can unsubscribe anytime)
• Process subscriptions and manage your plan
• Detect and prevent fraud, abuse, and security incidents
• Improve our AI models and product features (using aggregated, de-identified data only)

4. AI and Automated Processing

Our Service uses artificial intelligence for several features:

• Business Card OCR: Card images are sent to Google Gemini or OpenAI for text extraction. Images are processed in memory and not permanently stored by these providers.
• AI Follow-up Drafting: Your contact context (name, company, conversation topics, notes) is sent to our AI proxy server, which calls Google Gemini or OpenAI to generate personalized messages. We do not send email body content.
• Chat Assistant: Your natural language queries are processed to classify intent and retrieve relevant contact information.
• Contact Scoring: We use algorithmic scoring (not AI) to rank contacts by follow-up urgency based on interaction patterns.

AI-generated content is always presented as a draft for your review. No AI-generated messages are sent without your explicit approval.

5. Data Sharing and Third Parties

We share your information with the following service providers:

We do not sell your personal information. We do not share your data with advertisers.

6. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place through Standard Contractual Clauses and our providers' compliance certifications.

7. Data Retention

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
• Contact and CRM data: Retained as long as your account is active.
• Card analytics: Retained for up to 365 days (depending on plan).
• OCR cache: Business card scan results cached locally for 24 hours, then deleted.
• Voice notes: Retained as long as your account is active.
• Analytics data: Retained by Mixpanel per their data retention policy (typically 5 years).
• Gmail tokens: Stored encrypted on your device. Deleted when you disconnect Gmail or delete your account.

8. Your Rights

All Users

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data (Pro plans and above)
• Disconnect third-party integrations (Gmail, LinkedIn) at any time
• Unsubscribe from marketing emails
• Opt out of session replay (contact us)

European Economic Area (GDPR)

If you are in the EEA, you have additional rights including:

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with your local data protection authority

Legal basis for processing: consent (Gmail, phone contacts), contract performance (account features), legitimate interests (analytics, security).

California Residents (CCPA/CPRA)

California residents have the right to:

• Know what personal information we collect and how it is used
• Request deletion of personal information
• Opt out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising your rights

India (DPDP Act)

Indian users have the right to access, correct, and erase their personal data. Contact us to exercise these rights.

9. Data Security

• Authentication tokens stored in iOS Keychain / Android Keystore (encrypted)
• All API communications over HTTPS/TLS
• Row-level security on all database tables (users can only access their own data)
• AI API keys stored server-side only (never in app bundles)
• Rate limiting on all API endpoints
• Session replay data is masked (text and images obscured)

10. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Contact Data Processing

When you scan a business card or add a contact, we store the contact's information (name, email, phone, company) in your private account to help you manage your professional relationships.

• Contact data is stored only in your account and is not shared with other users or third parties
• We do not use stored contacts for unsolicited outreach — NexaLink never contacts your contacts directly
• You can delete any contact at any time
• When you delete your account, all contact data is permanently removed

12. Email Communications

Onboarding & Product Emails

When you sign up, we send a series of product education emails to help you get started. We also send a weekly networking summary if you have activity. You can unsubscribe from either series independently via the link in each email.

Follow-up Emails You Send

When you use NexaLink to send follow-up messages, those emails are sent from your email account (e.g., Gmail), not from NexaLink. We facilitate the send but do not store or access email body content beyond what's needed for CRM features. Follow-up emails may include a link to your digital business card so recipients can save your contact easily.

We never send unsolicited emails to your contacts or to people who have not signed up for NexaLink.

13. Digital Card Pages & Sharing

When you create a digital business card, it is accessible via a public URL. We track anonymous page views (view count, referrer source, device type) to provide you with analytics on your card's reach.

When someone views your card page, they may see a prompt to try NexaLink. This is standard product promotion and does not involve collecting the visitor's personal data without their consent. If a visitor saves your contact (downloads your vCard), no personal data about the visitor is stored by us.

14. Push Notifications

With your permission, we send push notifications for follow-up reminders, weekly activity nudges, and product updates. You can disable push notifications at any time in your device settings.

15. Cookies and Tracking (Website)

Our website uses essential cookies for functionality. We use Mixpanel for analytics tracking. We do not use advertising cookies or tracking pixels.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Service after changes constitutes acceptance.

17. Contact Us

For privacy-related inquiries, data access requests, or to exercise your rights:

• Email: privacy@nexalink.co
• Address: Mendios Technologies (webMOBI), 1250 Oakmead Pkwy Ste 210, Sunnyvale, California 94085, US
• Website: nexalink.co/contact