Privacy Policy
1. Introduction
NXTN Line ("NXTN," "we," "us," or "our") is a queue management platform operating via the WhatsApp Business API. This Privacy Policy explains how we collect, use, store, and protect information from businesses that use our platform ("tenants") and customers who interact with those businesses through NXTN.
2. Consent
By using NXTN services — including scanning QR codes, sending messages via WhatsApp, or interacting with our platform — you consent to the collection and processing of your personal data as described in this policy.
For promotional messages and marketing communications, we obtain explicit consent through in-app opt-in mechanisms before sending any promotional content. You may withdraw your consent at any time by ceasing to interact with our services or by contacting us.
Your consent is documented and stored securely in compliance with applicable data protection laws in Kuwait, the UAE, and Saudi Arabia.
3. Information We Collect
- Phone numbers — received when customers send a message via WhatsApp
- Queue interaction data — join time, position, status changes, party size selections
- Flow step selections — seating preferences, service choices, and other configured options
- Review ratings and comments — when customers choose to submit reviews
- QR code scan data — timestamp and basic browser or device metadata
- Business configuration data — queue settings, flow definitions, and staff accounts for tenant administrators
- Message content — processed to operate queue services and route customers
4. How We Use Your Information
- Provide and operate queue management services
- Send WhatsApp notifications about queue status, position updates, and turn calls
- Display customer reviews to the business operator who served the customer
- Generate anonymized analytics for business operators to improve their services
- Improve our platform, services, and user experience
- Communicate service updates and important changes
5. WhatsApp Data
NXTN utilizes Meta's WhatsApp Business Platform (Cloud API) to process messages. NXTN receives the message content necessary for queue operations. Message data is stored securely for service delivery and analytics. Your WhatsApp interactions are also subject to Meta's Privacy Policy.
6. Data Sharing
- Business operators can only access queue data for their own customers
- Customer data is never shared between different business tenants
- NXTN does not sell personal data to third parties
- Anonymized aggregate data may be used for platform improvements
- Law enforcement requests are handled in accordance with applicable Kuwaiti law
- Service providers (hosting, infrastructure) may process data on our behalf under strict agreements
7. Third-Party Data Processors
NXTN uses the following third-party service providers to operate the platform. These providers process data on our behalf under contractual obligations to maintain data security:
- Meta Platforms (WhatsApp Business API): Processes messages between NXTN and customers. Subject to Meta's Privacy Policy and Data Processing Terms.
- DigitalOcean: Cloud infrastructure provider hosting NXTN servers in Frankfurt, Germany. Subject to DigitalOcean's Data Processing Agreement.
- Laravel Forge: Server management service. Does not store customer data directly.
- GitHub: Code repository. Does not process customer data.
We ensure all third-party processors maintain appropriate technical and organizational measures to protect personal data.
8. Data Retention
- Active queue data is retained during the service interaction
- Completed queue records are retained for business analytics purposes
- Customer phone numbers are retained for service continuity
- Reviews are retained until deletion is requested by the customer
- Tenant account data is retained until account termination
- Anonymized data may be retained indefinitely for analytics and platform improvement
9. Your Rights
You have the right to:
- Request access to your personal data held by NXTN
- Request correction of any inaccurate personal data
- Request deletion of your personal data
- Request data portability — receive your data in a structured, machine-readable format
- Object to automated processing — object to decisions made solely through automated processing of your data
- Withdraw consent — withdraw your consent to data processing at any time without affecting the lawfulness of prior processing
- Opt out of promotional messages at any time
- Lodge a complaint with the relevant data protection authority in your jurisdiction
- Contact us with any privacy concerns or requests
10. Data Security
We implement appropriate technical and organizational measures to protect your data. All data is transmitted via HTTPS/TLS encryption. Database access is restricted by role-based authentication. We conduct regular security assessments and updates. Our infrastructure is hosted on secure cloud providers with industry-standard protections.
11. Data Breach Notification
In the event of a personal data breach that compromises the security, confidentiality, or integrity of your personal data, NXTN will:
- Assess the severity and scope of the breach
- Notify the relevant data protection authorities as required by applicable law
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
- Take immediate steps to contain and remediate the breach
- Document the breach and remediation measures taken
For users in the UAE: We will notify the UAE Data Office within 72 hours of becoming aware of a qualifying breach. For users in Saudi Arabia: We will notify SDAIA and affected individuals in accordance with PDPL requirements. For users in Kuwait: We will notify CITRA and affected individuals within 24 hours in accordance with DPPR requirements.
12. Children's Privacy
NXTN services are not directed at individuals under 13 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
13. International Data Transfers
NXTN processes and stores data on servers located in Frankfurt, Germany, operated by DigitalOcean. This means personal data of users in Kuwait, UAE, Saudi Arabia, and other countries may be transferred to and processed in Germany.
We ensure that appropriate safeguards are in place for all international data transfers, including:
- Technical security measures (encryption in transit and at rest)
- Access controls limiting data access to authorized personnel only
- Contractual obligations with our infrastructure providers to maintain data protection standards
For users in Saudi Arabia: In accordance with the Personal Data Protection Law (PDPL) and the Regulation on Personal Data Transfer outside the Kingdom, we ensure that the level of protection for your personal data outside Saudi Arabia is not less than the protection guaranteed under the PDPL.
For users in the UAE: In accordance with Federal Decree-Law No. 45 of 2021 (PDPL), we implement appropriate safeguards for the transfer of personal data outside the UAE.
For users in Kuwait: In accordance with the Electronic Transactions Law and applicable CITRA regulations, we maintain transparency regarding the storage and processing of data outside Kuwait.
14. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. Material changes will be communicated through our platform or via email. Your continued use of NXTN after changes are posted constitutes your acceptance of the updated policy.
15. Privacy Contact and Data Protection
For all privacy-related inquiries, data access requests, or complaints, please contact our designated privacy contact:
Email: contact@nxtn.me
Address: Kuwait City, Kuwait
We will respond to all data subject requests within 30 days of receipt. If we require additional time, we will notify you of the reason for the delay.
You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:
- Kuwait: Communication and Information Technology Regulatory Authority (CITRA)
- UAE: UAE Data Office
- Saudi Arabia: Saudi Data and Artificial Intelligence Authority (SDAIA)