Legal · Last updated May 20, 2026

Privacy Policy

This policy explains what NexusCRM collects when you use our web app and mobile app, how we use it, and the choices you have. We’re writing in plain English on purpose.

In short

  • We only collect data you give us or that’s needed to run the product.
  • Field-agent GPS location is collected during work hours so managers can see field activity. You can revoke this anytime.
  • We don’t sell data. We don’t run ads. We don’t share with third-party advertisers.
  • Data is encrypted in transit (HTTPS) and at rest (AES-256 via Supabase).
  • You can request export or deletion of your data at support@nexunova.com.

1. Who we are

NexusCRM is operated by Nexunova (“Nexunova,” “we,” “us”). NexusCRM is a B2B SaaS CRM for real-estate sales teams in Pakistan, the UAE, and the wider MENA region. We provide a web dashboard for CEOs and managers and a mobile app for field agents.

If you reached this policy from the Google Play Store listing for the NexusCRM mobile app, you can also contact us at support@nexunova.com for any privacy question.

2. The data we collect

Account data (you give us)

  • Name, work email, phone number, role (CEO, Manager, Agent)
  • Profile photo (optional)
  • Workspace / company information your CEO entered during onboarding

Location data (mobile app, agents only)

  • Precise GPS while the app is open — used to check you in at client sites and verify field visits.
  • Background location while you’re on duty — so your manager can see your on-site activity on the Live Map. This is opt-in; you must explicitly enable it the first time you open the app, and you can revoke it any time from device settings or in-app settings.
  • Location is captured at intervals (not continuously streamed) and stored in your company’s isolated workspace.

Lead / CRM data (you enter)

  • Names, phone numbers, emails, project interest, budget, notes about your prospects.
  • Call logs, meeting outcomes, follow-up dates, WhatsApp message logs.

You are responsible for ensuring you have a lawful basis (consent or legitimate interest) to enter third-party contact information. Nexunova acts as a processor of this data on your company’s behalf.

Device & usage data (automatic)

  • App version, OS version, device model, language
  • Crash logs and performance diagnostics (no personal content)
  • In-app actions for product analytics (e.g. “login,” “lead created”)

3. How we use it

  • Run the product — authenticate you, show your dashboard, sync data across devices.
  • Field visibility — let managers and the CEO see lead pipelines, call activity, and (with consent) field-agent locations.
  • Notifications — push reminders for follow-ups, meetings, lead assignments.
  • Account security — detect suspicious sign-ins, fraud, abuse.
  • Improve the product — aggregated usage analytics. We never inspect customer CRM content for analytics.
  • Support — when you write to us we keep a record of the conversation.

We do not use your data for advertising. We do not profile users for marketing purposes.

4. Who we share it with

We share data only with the infrastructure providers we need to run the service:

  • Supabase (database, auth, file storage) — data stored in their EU/US regions, encrypted at rest.
  • Google Maps Platform — when an agent checks in, we resolve coordinates to a human-readable address. Only the lat/lng is sent.
  • Expo / EAS (push notifications) — receives push tokens; never message content.
  • Email providers — for transactional emails (verification, password reset).

We do not sell data, share with advertisers, or expose customer data to other tenants. Each company’s workspace is isolated by row-level security.

We may disclose data if required by law (court order, regulator) — and only the minimum necessary.

5. Where it’s stored

Data is stored on Supabase infrastructure (currently US-East regions) with daily encrypted backups. All connections use TLS 1.2+. Data at rest is encrypted with AES-256.

6. How long we keep it

  • Active accounts: as long as your workspace is active.
  • Deleted accounts: removed within 30 days; backups purged within 90 days.
  • Location history: 12 months rolling, then automatically deleted.
  • Crash logs: 90 days.

7. Your rights

You can:

  • Access the data we hold on you — email us and we’ll send a JSON export within 30 days.
  • Correct it — most fields are editable in-app under Settings.
  • Delete your account and all personal data — write to support@nexunova.com.
  • Withdraw consent for background location at any time from device settings.
  • Complain to a data-protection authority if you think we mishandled your data.

8. Children

NexusCRM is a business tool for sales teams. It is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us data, contact us and we’ll delete it.

9. Changes

If we change this policy materially, we’ll notify active workspace admins by email at least 30 days before the change takes effect. The “Last updated” date at the top will change for any edit.

10. Contact

Privacy questions, data export, or account deletion: support@nexunova.com

Privacy-specific legal enquiries: privacy@nexunova.com

Security vulnerabilities or data-breach reports: security@nexunova.com

Nexunova · Karachi · Lahore · Dubai

© 2026 Nexunova. All rights reserved.