top of page

Next CoLab Privacy Policy

Effective Date: May 13, 2025

Last Updated: May 13, 2025

 

1. Overview

This Privacy Policy explains how Next CoLab ("we", "us", "our") collects, uses, processes, and protects data submitted by users ("you", "your") through our AI-powered B2B SaaS platform (the "Service"). By accessing or using the Service, you acknowledge and agree to this policy.

 

This policy is compliant with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), UK GDPR, and relevant US privacy laws such as the CCPA (where applicable).

 

2. Data We Collect

We collect the following categories of data:

  • User-Provided Content: Any documents, files, or data you upload to the platform for processing.

  • Account Information: Business contact information, credentials, and preferences.

  • Metadata and Analytics: Log files, device and browser information, IP addresses, cookies, and session tracking for security and performance.

  • Consent Signals: Explicit opt-ins, consent timestamps, and preference settings.

 

3. Purpose of Processing

We process your data to:

  • Deliver AI-driven document analysis and related services.

  • Provide account access, support, and usage analytics.

  • Improve product performance and user experience.

  • Comply with legal and contractual obligations.

We do not use uploaded content for AI model training or any secondary purpose unless you explicitly opt in (see Section 4).

4. Consent Management and User-Level Opt-In

You have control over how your data is used. The following consent options are presented to each user during onboarding and available in account settings at any time:

AI Model Training Consent (Optional)

"I consent to allow my uploaded data to be used anonymously to improve AI model accuracy."

✅ Yes / ❌ No (default: No)

Marketing Communications (Optional)

"I consent to receive product updates, newsletters, and event invitations."

✅ Yes / ❌ No (default: No)

All consents are logged and stored securely with a timestamp and IP. Consent may be withdrawn at any time with immediate effect.

5. Legal Basis (for EU/UK GDPR)

Data is processed based on:

  • Performance of a Contract – delivering the services you subscribed to.

  • Legitimate Interest – securing the platform and improving functionality.

  • Legal Obligation – ensuring compliance with applicable laws.

  • Consent – only when required for optional processing (e.g., model training, marketing).

6. Data Retention

We retain data only as long as necessary to:

  • Deliver the Service;

  • Comply with legal and audit obligations;

  • Support your account lifecycle.

Documents are deleted upon request or based on retention rules defined in your admin settings. Aggregated analytics and anonymized logs may be retained for product improvement and fraud prevention.

 

7. Data Security

We implement industry-standard safeguards, including:

  • Encryption of data in transit and at rest.

  • Role-based access controls.

  • Continuous monitoring and logging.

  • ISO 27001-compliant infrastructure partners.

Users are responsible for maintaining the confidentiality of their credentials.

8. International Data Transfers

We comply with applicable cross-border data protection frameworks:

  • EU Standard Contractual Clauses (SCCs) for transfers outside the EEA.

  • UK International Data Transfer Agreement (IDTA) as applicable.

  • EU-U.S. Data Privacy Framework where certified.

A copy of relevant contractual terms is available on request.

 

9. Subprocessors

We work with trusted third-party subprocessors to provide infrastructure, analytics, and communication tools. All subprocessors are contractually obligated to meet GDPR-level safeguards.

 

List of subprocessors is available on request.

 

10. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal data;

  • Object to or restrict certain processing;

  • Data portability;

  • File a complaint with a supervisory authority.

Requests may be sent to: privacy@nextcolab.com

11. No Liability Clause

To the maximum extent permitted by law, Next CoLab shall not be liable for:

  • Any decisions, actions, or losses resulting from reliance on AI-generated outputs;

  • Content or data accuracy, legality, or fitness for any purpose;

  • Unauthorized access resulting from your failure to secure credentials;

  • Errors or omissions in the user-provided data.

The Service is a tool. You are solely responsible for evaluating and acting on any output or insight provided.

12. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated through the platform or via email. Your continued use of the Service after such updates constitutes acceptance.

13. Contact Us

📧 info@nextcolab.com

📞 +1-415-680-3380

_______________________________________________________________________

California Privacy Addendum (CCPA / CPRA)

Effective Date: May 13, 2025

Last Updated: May 13, 2025

This California Privacy Addendum supplements the information contained in the Next CoLab Privacy Policy and applies solely to residents of the State of California ("you"). It is provided to comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA).

1. Categories of Personal Information We Collect

We collect the following categories of personal information as defined by the CCPA/CPRA:

Category

Examples

Collected

Identifiers

Name, email address, company name, IP address, account credentials

✅ Commercial Information

Records of services purchased, support interactions

✅ Internet or Network Activity

Log files, browser type, time spent on site, cookies

✅ Geolocation Data

Approximate location based on IP address

✅ Professional Information

Job title, business affiliation, organizational role

✅ Inferences

Derived from usage patterns (non-personalized unless consented)

❌ by default

Sensitive Personal Information

Login credentials, if considered sensitive

✅ (limited, not used for profiling)

We do not collect:

  • Biometric data

  • Precise geolocation

  • Health or financial information

  • Data from children under 16
     

We do not sell or share your personal information for monetary or behavioral advertising purposes.

2. Purpose for Collection

We collect personal information solely for business purposes including:

  • Account creation and authentication

  • Providing requested services

  • Improving our AI platform

  • Legal compliance and security

We do not use your personal information to infer characteristics or create a profile, unless you explicitly opt in to model training.

3. Retention

We retain your personal information only as long as reasonably necessary for the purposes disclosed, unless extended retention is required by law, regulation, or contract.

You may request deletion of your data at any time (see Section 5 below).

4. Disclosure of Personal Information

We disclose your personal data only to the following third parties:

  • Infrastructure and cloud hosting providers (e.g., AWS, GCP)

  • Customer support and CRM platforms

  • Security and analytics vendors

Each third party is contractually obligated to comply with equivalent privacy and security standards. We do not allow them to use your data for any other purpose.

5. Your California Privacy Rights

As a California resident, you have the following rights under the CCPA/CPRA:

  • Right to Know: Request information about the categories and sources of data we collect, the purpose of collection, and to whom it is disclosed.

  • Right to Access: Request a copy of your personal information.

  • Right to Delete: Request that we delete personal information we have collected.

  • Right to Correct: Request correction of inaccurate personal information.

  • Right to Limit Use of Sensitive Data: Restrict the use of sensitive personal information (we do not use sensitive data for profiling).

  • Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell or share data).

  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights, please submit a request via:

📧 Email: privacy@nextcolab.com
 📞Phone: +1-415-680-3380

We will verify your identity before processing any request. You may also designate an authorized agent to act on your behalf.

6. Notice of Financial Incentives

We do not offer financial incentives or differential pricing based on the collection or use of personal information.

7. Contact for More Information

If you have questions or concerns about our privacy practices or your rights, please contact us at:

Next CoLab
📧 Email: privacy@nextcolab.com
 📞Phone: +1-415-680-3380

8. Updates to This Addendum

We may update this Addendum as required by law or business needs. Material changes will be communicated as outlined in our main Privacy Policy.

bottom of page