Nexumia – Data Processing Agreement (DPA)

Last Updated: December 22, 2025

Between:

Nexumia (“Controller”)

Website: nexumia.com

Email: thevandieg@nexumia.com

AND

You, the User (“Processor” when applicable)

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service and Privacy Policy of Nexumia.

1. Definitions

  • “Personal Data”: Any information relating to an identified or identifiable natural person.
  • “Processing”: Any operation performed on Personal Data (collection, storage, transmission, deletion, etc.).
  • “Controller”: Nexumia, who determines the purposes and means of processing Personal Data.
  • “Processor”: Any third party that processes Personal Data on behalf of Nexumia.
  • “Sub-processors”: External providers engaged by Nexumia to process data (e.g., Stripe).
  • "Applicable Law": GDPR, CCPA (as relevant), and Mexico’s LFPDPPP (Ley Federal de Protección de Datos Personales en Posesión de los Particulares).

2. Subject of the Agreement

This Agreement governs:

  • How Nexumia processes user data
  • Obligations between Nexumia and users
  • Nexumia's relationships with third-party processors (Stripe, Google, Analytics platforms)

3. Nature and Purpose of the Processing

Nexumia processes Personal Data for:

  • Account creation & authentication (email, Google)
  • Subscription and payment management (via Stripe)
  • Analytics & platform optimization
  • Communication via email
  • Access control and security
  • Delivery of digital, subscription-based services (no physical goods and no refunds)

No sensitive data is intentionally collected.

4. Types of Personal Data Processed

  • Name (optional)
  • Email address
  • Login identifiers (Google)
  • Payment-related metadata (handled by Stripe)
  • IP address
  • Device/browser info
  • Usage analytics
  • Subscription status

5. Categories of Data Subjects

  • Registered users
  • Subscribers
  • Visitors accessing the platform

6. Controller Obligations (Nexumia)

Nexumia agrees to:

  • Process Personal Data solely for legitimate business purposes.
  • Follow all applicable data protection laws.
  • Ensure data is stored securely.
  • Notify users of any material data breach within the legally required time.
  • Ensure third-party processors meet data protection requirements.

7. Processor Obligations (Third Parties)

Third-party service providers must:

  • Process data only under Nexumia’s instructions
  • Maintain adequate technical and organizational security measures
  • Assist Nexumia in data access or deletion requests
  • Notify Nexumia in case of a breach

8. Sub-Processors

Current approved sub-processors:

  • Stripe – Payment processing
  • Google OAuth – Authentication
  • Analytics providers (e.g., Google Analytics, Vercel Analytics, or similar)

Nexumia may add or replace sub-processors by updating this list.

9. International Data Transfers

Data may be stored or processed in the United States, Europe, or other jurisdictions where sub-processors operate.

Transfers follow:

  • Standard Contractual Clauses (SCCs)
  • GDPR adequacy decisions, or
  • Equivalent legal safeguards

10. Security Measures

Nexumia implements:

  • HTTPS & TLS encryption
  • Access control & authentication
  • Encrypted storage when applicable
  • Firewall and infrastructure-level protections
  • Monitoring systems for anomalies
  • Separation of production and development environments

11. Data Subject Rights

Users may request:

  • Data access
  • Data correction
  • Data deletion
  • Account deletion
  • Export of their data
  • Restriction of processing

Requests can be sent to: thevandieg@nexumia.com

12. Data Retention

Data is retained only as long as necessary for:

  • Subscription validity
  • Accounting/legal compliance
  • Platform security

Upon account deletion, data is anonymized or securely removed unless legal retention is required.

13. Data Breach Notification

If Nexumia becomes aware of a data breach involving user data, Nexumia will:

  • Investigate the incident
  • Mitigate the impact
  • Notify affected users within the legally mandated timeframe
  • Document the incident internally

14. No Refunds Policy

Since Nexumia offers digital, subscription-based services, payment processing does not involve returnable goods.

Accordingly:

  • No refunds are provided, unless legally required or a billing error occurs.
  • Users may cancel future renewals at any time.

This clause does not override consumer protection laws where applicable.

15. Termination

Upon termination of a user's account:

  • Processing ceases except for legally required retention
  • Non-essential personal data is deleted or anonymized

16. Governing Law

This Agreement is governed by:

  • GDPR (when applicable)
  • Mexico’s LFPDPPP
  • Any other local laws where users reside when required

17. Contact

For DPA-related concerns: