Privacy Policy (2025)
Effective from October 1, 2025.
This Privacy Policy explains how Nexd (“we”, “us” or “our”) as a data controller collects, uses, discloses, and protects personal data when individuals (“user” or “you”) interact with our services. We are committed to protecting your privacy and processing your personal data transparently, securely, and in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR). This Privacy Policy applies to Users of our website and platform (e.g. advertisers, agencies, and publishers) and any individual whose personal data we process in connection with our services.
1.Data Controller and Contact Information
1.1. Company Name: Nexd OÜ, registry code 11514601.
1.2. Address: Jõe 2a, 10151 Tallinn, Estonia.
1.3. Contact Email: [email protected].
1.4. If you have any questions about this Privacy Policy or how we handle your data, you can reach us at the contact email above. You also have the right to contact your local data protection authority if you have any concerns (see Your Rights below).
2. Personal Data We Collect
2.1. We collect different types of personal data from you or about you in the context of operating our platform and providing services. This includes:
2.1.1. Identification and Contact Information: Such as your first name, last name, company name, business address, country, and email address. We collect these details, for example, when you create an account, fill out a contact form, or register for a newsletter.
2.1.2. Account Credentials: If you register an account, we may collect login details like username and password (stored securely).
2.1.3. Usage Data and Device Information: When you use our service or visit our website, we automatically collect certain technical data. This includes details like your IP address, browser type, device type, operating system, unique device identifiers (e.g. mobile advertising IDs), cookie identifiers, and information about how you interact with our platform (pages visited, features used, links clicked, time spent, etc.). This Usage Data helps us understand and improve your experience.
2.1.4. Cookies and Tracking Data: We use cookies and similar tracking technologies to collect information about your interactions with our site and ads (see Cookies and Tracking Technologies below for more details). This can include information on your preferences and browsing behavior.
2.1.5. Payment and Transaction Data: If you make purchases or subscriptions through our service, we collect information necessary to process the payment. This may include billing name, billing address, payment method details (such as credit card number or bank account information), and transaction history. (Note: Payment details are typically processed directly by our third-party payment processors – we receive confirmation of payment rather than full financial information.)
2.1.6. Communications Data: If you communicate with us (for example, via support inquiries, chat, or email), we will collect the information you provide in those communications (such as your contact details and the content of your messages).
2.1.7. User-Generated Content: If our platform allows you to upload or create content (e.g. ad creatives, comments, or other materials), we may collect and store such content along with associated metadata.
2.1.8. Third-Party Data: In some cases, we may receive information about you from third parties. For example, if you interact with our content on social media or if you are referred to our service by an affiliated partner, we might receive your name or email. We will treat any such third-party provided data in accordance with this policy.
2.2. Mandatory vs. Optional Data: In general, the information we request from you is necessary to provide our services. If certain data is marked as optional (we will indicate this at collection), you are free not to provide it without impact on your use of the service. However, if you choose not to provide data that is required, we may not be able to fulfil the related service or request. If you are ever unsure which data elements are mandatory, please feel free to contact us.
2.3. No Third-Party Data Without Consent: If you provide us with personal data of others (for example, registering a colleague for a demo or sharing someone’s contact details), you must ensure you have the authority or their consent to do so. You should only share someone else’s personal data with us if you have a legal basis to do so and, where required, that person’s permission.
3. How We Collect Data
3.1. We collect personal data in two main ways:
3.1.1 Directly from You: You may provide personal data when you:
i. Register for an account or use our platform (entering your name, email, etc.).
ii. Fill in forms on our website (such as contact forms or sign-up forms).
iii. Subscribe to our newsletter or marketing communications.
iv. Communicate with us via email, chat, or phone.
v. Post content or interact with our services in a way that provides us information.
3.1.2. Automatically or Indirectly: As you navigate and interact with our website or platform, we use automated data collection technologies (like cookies, scripts, and logging systems) to gather technical information (described in Usage Data above). For example, when you visit our site, our analytics tools will record your IP address, browser type, and browsing actions. We may also receive certain data from third-party partners, such as advertising or analytics providers, to enrich our understanding of how users find and use our service.
3.2. We may combine information you provide directly with information collected automatically or from other sources, in order to improve our service and accuracy of our records.
4. Our Purposes for Using Personal Data
4.1. We collect and process personal data for the following purposes:
4.1.1. Providing and Improving Our Service: To operate the core functionality of our platform and services. This includes creating and managing user accounts, allowing you to build and manage ad campaigns, and providing customer support. We also use data to monitor the performance of our platform, fix issues (for example, by analyzing error reports), and develop new features or enhancements.
4.1.2. Communicating with You: To contact you regarding your account, respond to your inquiries, provide critical updates (like changes to terms or security alerts), and deliver user-requested information. We also send newsletters or promotional communications if you have subscribed to them (you can opt out at any time).
4.1.3. Analytics and Usage Tracking: To understand how our users access and use our website and services. We use analytics tools (for example, Google Analytics with IP anonymization) to collect data about user interactions. This helps us analyze user behavior, improve user experience, and optimize our website and marketing strategies. We may also run internal analytics or use cookies to gather metrics about site performance and usage trends.
4.1.4. Advertising and Marketing: To present you with relevant content and advertisements about our services or third-party products (with your consent where required). For instance, we may use your data to show you targeted ads on our site or on other platforms (such as Google or social media networks) based on your interests or past interactions with our website. We engage in remarketing and behavioral targeting – for example, using Google Ads Remarketing or Facebook Custom Audiences – to reach users who have visited our site. These partners use cookies and similar trackers to serve ads. (You can opt out of targeted advertising through the ad settings provided by those third parties or via your device settings, and we will honor any choices you make through our cookie consent management tool.)
4.1.5. Managing Payments and Purchases: To process payments for our services and maintain transaction records. If you purchase a subscription or service, we will use your provided payment data and personal details to issue invoices, confirm payment, and fulfill the transaction. Payments are handled via secure third-party payment processors (e.g., if paying by credit card or bank transfer), and we receive minimal information in return (such as a confirmation and the last four digits of your card or the sending account for a bank transfer).
4.1.6. Security and Fraud Prevention: To keep our platform safe and secure. We may process personal data (like IP addresses, user activity logs, and device identifiers) to detect, prevent, and respond to suspicious or fraudulent activities, malicious attacks (such as malware or DDOS), spam, or other threats. For example, we use tools like Google reCAPTCHA to filter out spam or bot submissions on our forms, which involves analyzing user interactions for that purpose. We also use infrastructure monitoring services (e.g., error tracking software like Bugsnag) to maintain the integrity and security of our code and environment.
4.1.7. Hosting and Infrastructure: To host our website, database, and related infrastructure. We rely on third-party hosting providers (for example, Amazon Web Services) to store data and enable our application to run reliably for users around the world. These providers process data on our behalf as needed to provide their hosting services.
4.1.8. User Support and Administration: To manage user accounts, preferences, and support requests. For instance, we use customer relationship management or support ticket tools (such as Intercom or Scoro) to organize user information and communications. This helps us respond to inquiries effectively and keep track of user preferences or past communication.
4.1.9. Legal Compliance: To comply with our legal obligations. This includes processing and retaining certain data when required by law (for example, for tax, auditing, or accounting requirements, or responding to government requests). We may also process data to establish or defend legal claims if necessary (for instance, keeping records of transactions or communications to resolve any disputes).
4.1.10. Other Purposes: We may process your data for other reasons that we will describe at the time we collect it. We will always ensure there is a valid legal basis for any new processing purpose and, if required, obtain your consent.
4.2. Our Legal Bases under GDPR
4.3. For each of the purposes above, we ensure that at least one of the following legal bases (as defined in Article 6 of the GDPR) applies:
4.3.1. Performance of a Contract: Much of our data processing is necessary to fulfill our contract with you. When you sign up for and use our platform, we process your data to provide the service you requested (e.g. managing your account, delivering the features of our platform, and providing customer support). We cannot provide the service without this data.
4.3.2. Consent: In certain cases, we rely on your consent to process your data. For example, we will obtain your consent before sending you marketing emails (unless you are an existing customer and applicable law allows limited direct marketing). Similarly, we ask for your consent via our cookie banner before using non-essential cookies or performing targeted advertising and analytics that are not strictly necessary. Where we process data based on your consent, you have the right to withdraw consent at any time. For instance, you can unsubscribe from our marketing emails using the “unsubscribe” link, or adjust your cookie preferences through our Cookie Consent tool. (Note: withdrawing consent will not affect the lawfulness of processing that occurred prior to the withdrawal.)
4.3.3. Legal Obligation: Some processing is necessary for us to comply with a legal obligation. For example, we may retain transaction records to meet financial reporting laws, or disclose information if required by court order or regulatory authorities. We only process the data needed to meet our strict legal responsibilities in these cases.
4.3.4. Legitimate Interests: We process certain data as necessary for our legitimate interests (or those of third parties) after we have balanced those interests against your rights and freedoms. We believe our use of personal data for the following purposes are within our legitimate interests: improving and securing our platform, understanding how it is used, conducting ordinary business administration, and limited marketing to our existing customer base. For instance, it is in our interest to analyze and improve our services (which also benefits users with a better product), and to protect our business from fraud. When we rely on legitimate interests, we ensure our interests are not overridden by your privacy rights – for example, when using analytics we often aggregate or anonymize data where possible, and you always have the right to object to processing based on legitimate interests (see Your Rights below).
4.4. If you have questions about the specific legal basis for a particular processing activity, please contact us. We will gladly explain how your data is handled and the justification for its use in plain language. In cases where providing personal data is a statutory or contractual requirement (or necessary to enter into a contract), we will tell you at the point of collection. For example, when signing up, providing a valid email address is a contractual requirement to create an account; if you do not provide it, we cannot create the account.
5. Cookies and Tracking Technologies
5.1. Cookies are small text files stored on your device by websites you visit. We and our partners use cookies and similar tracking technologies (such as browser local storage, pixels, and tags) to enable the functionality of our site, to understand usage, and to support marketing and analytics. In particular:
5.1.1. We use essential cookies to remember your login sessions, preferences, and ensure our site functions properly. For example, cookies keep you logged in as you navigate between pages.
5.1.2. We use analytics cookies (with your consent where required) to collect information about how visitors use our site. This helps us improve the website’s performance and user experience. For instance, we use Google Analytics (with IP anonymization enabled) to see aggregated statistics on usage.
5.1.3. We use advertising and marketing cookies (with consent) to track your browsing habits and activity on our site so that we can show you targeted advertising on third-party platforms. These cookies remember that you visited our site and may combine with other information about your interests. For example, a Facebook Pixel or LinkedIn Insight Tag may be used to later show you a relevant ad on those networks.
5.1.4. We may also use tracking pixels in emails to know if you open or interact with our marketing communications (which helps us gauge interest and manage our outreach).
5.2. You have control over cookies. When you first visit our site, we will request your consent for non-essential cookies. You can adjust your cookie settings at any time by changing your browser settings to refuse cookies (see your browser’s help documentation for how to do this). Note that if you disable certain cookies, some features of our service might not function as intended (for example, maintaining your login session).
5.3. For more detailed information, please see our Cookie Policy (which provides a breakdown of the types of cookies and trackers we use) or reach out to us with any questions. Our Cookie Policy also provides information on how you can opt-out of interest-based advertising.
5.4. Do Not Track: Some browsers offer a “Do Not Track” (DNT) feature that, when enabled, signals to websites that you do not wish to be tracked. While we respect your privacy, our site does not currently respond to DNT signals due to lack of an industry standard on how to interpret them. We recommend managing your cookie preferences as described above for more effective control over online tracking.
6. How We Share Your Personal Data
6.1. We treat your personal data with care and do not sell your information to third parties for profit. However, in order to run our business, we share certain data with third parties under controlled conditions. These recipients mainly fall into the following categories:
6.1.1. Service Providers (Processors): We use trusted third-party companies to perform tasks on our behalf and help us provide our services. These include:
i. Hosting and Infrastructure: e.g., cloud hosting providers like Amazon Web Services, which store our data and host our application.
ii. Email and Communication Services: e.g., marketing email platforms such as Mailchimp that help us send newsletters or service emails, or transactional email services to send account-related messages.
iii. Analytics Providers: e.g., Google Analytics (provided by Google) which processes Usage Data for analytics purposes, or other analytics tools that help us understand our traffic.
iv. Advertising Partners: e.g., Google, Facebook, LinkedIn, and Adform, which may receive limited data (like cookie identifiers or hashed email addresses) to serve personalized ads and measure ad performance. These partners act as independent controllers of the data they receive for advertising purposes (under their own privacy policies). We only engage in such data sharing with your consent (via cookies or explicit opt-ins).
v. Payment Processors: e.g., payment gateways or banks that process your payment transactions. These third parties process your payment data securely in accordance with financial regulations. We share the minimum necessary information with them to verify and complete your payments.
vi. Customer Support and CRM Tools: e.g., Intercom or Scoro which we use to manage user inquiries, live chat, and support tickets. These tools may store your name, email, and any communications you exchange with us so we can assist you better.
vii. Others: We may use other specialized services such as spam protection (Google reCAPTCHA), tag management (Google Tag Manager, to manage scripts on our site), or content delivery networks (like Cloudflare, to optimize website loading worldwide). These services might incidentally process data like IP addresses as part of their functionality.
6.2. All our service providers are bound by confidentiality and data protection obligations. They are only permitted to process your data for the purposes we specify and in line with this Privacy Policy (acting on our instructions as data processors). We have agreements in place (including Data Processing Addendums) to ensure they safeguard your data.
6.2.1. Within Our Corporate Group: If Nexd is part of a group of affiliated companies, your information may be shared with our subsidiaries or affiliates as necessary to operate the service (for example, if different teams or entities within our group perform different functions like development, marketing, or customer support). All group entities follow the same privacy and security practices described here.
6.2.2. Business Transfers: If our company is involved in a merger, acquisition, asset sale, or other corporate transaction, your personal data may be transferred to the successor or new owner as part of that deal. In such cases, we will ensure the confidentiality of your personal data is maintained and you are informed before your data becomes subject to a different privacy policy.
6.2.3. Legal and Safety Disclosures: We may disclose personal data to third parties when required by law or necessary to protect rights. This includes situations like:
i. Responding to lawful requests from public authorities (e.g. court orders, law enforcement inquiries or subpoenas).
ii. Using or disclosing data in connection with legal claims, compliance, or to protect our rights, property, or safety and that of our users or the public. For example, we may share information with fraud prevention agencies or regulators if appropriate.
6.3. In all cases, we share the minimum amount of information necessary for the specific purpose and in accordance with GDPR’s requirements for third-party sharing. We do not share personal data with third parties for their own independent marketing use without your consent.
7. International Data Transfers
7.1. Because we operate on a global scale, some of the third parties and affiliates mentioned above are located outside of your country, and potentially outside the European Economic Area (EEA). For example, if you are in the EU, a service provider in the United States might process personal data, or we may store data on servers in a country outside the EU. When we transfer personal data internationally, we take steps to ensure adequate protection of your information in line with GDPR requirements.
8. Data Retention
8.1. We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement. In general:
8.1.1. Customer Account Data: This includes information like user profiles, identification and contact details, account credentials, and billing information. We retain this data for the duration of your subscription or active account plus an additional 6 months after it ends. After that period, the data is securely deleted or irreversibly anonymized. (If an account remains inactive for an extended period, we may deactivate or anonymize it after giving prior notice, in line with this retention schedule.).
8.1.2. Content Data: This covers user-generated content you provide or create on our platform (for example, uploaded creatives, campaign configurations, media assets, and similar materials). Content data is kept for the duration of your subscription plus an additional 6 months following the end of your subscription. After this retention period, such content is permanently deleted from our storage systems.
8.1.3. Log and Usage Data: This refers to technical records like application logs, API usage logs, error tracking information, audit trails, and usage analytics data (e.g. details of how you interact with the platform). We retain these logs in identifiable form for a relatively short period – generally around 90 days on a rolling basis. After 90 days, log data is automatically purged or anonymized through our routine rotation and deletion processes. (Non-identifiable aggregate analytics reports, which contain no personal identifiers, may be retained longer for internal analysis.)
8.1.4. Marketing Data: Information you provided to receive marketing communications (like your email for our newsletter) is kept until you unsubscribe or withdraw consent. If you opt out or the subscription is otherwise ended, we may keep limited data (such as your email address) on an internal suppression list, to ensure we respect your opt-out going forward.
8.1.5. Legal Obligations and Disputes: In some circumstances, we may need to keep data longer if required by law. For example, if a legal claim is in process, or if we are required by regulations to retain certain data, we will keep the data as long as necessary to comply. Also, if we receive a deletion request, we may retain some information as necessary to comply with legal obligations (see more in Your Rights below).
8.2. Once the retention period for a given piece of data expires, or if we no longer have a legal basis to process it, we will either delete it or anonymize it (so that it can no longer be associated with you). We also periodically review the data we hold, and safely dispose of information that is no longer needed.
8.3. Please note: after we delete your data from active systems, it might not be immediately removed from all backup systems. However, we maintain policies to ensure that backups eventually purge deleted data, and we will not restore or use deleted data except if required for security or legal compliance (in which case, we would promptly re-delete once those issues are resolved).
9. Data Security
9.1. We take appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We have implemented technical and organizational measures following industry standards to safeguard information. These include, for example:
9.1.1. Encryption of data in transit (e.g., using TLS/SSL protocols for our website to prevent eavesdropping).
9.1.2. Encryption of sensitive data at rest where applicable (to protect information on our servers or databases).
9.1.3. Access controls to restrict personal data to only those employees, contractors, and service providers who need to know it for the purposes described above. Such persons are subject to strict confidentiality obligations.
9.1.4. Regular security monitoring, vulnerability management, and intrusion detection measures. We utilize tools and services (such as infrastructure monitoring and error reporting tools) to promptly identify and address potential issues or breaches.
9.1.5. Organizational policies and training for our staff regarding data protection best practices, to ensure everyone handles personal data with care and in line with GDPR principles like integrity and confidentiality (Art. 5(1)(f) GDPR).
9.2. Despite our efforts, please note that no method of transmission over the Internet, and no method of electronic storage, is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
10. Your Rights
10.1. As a user of our services and as a data subject under the GDPR, you have specific rights regarding your personal data. We respect and uphold these rights, which include:
10.1.1. Right of Access – You can request confirmation of whether we process your personal data and obtain a copy of that data.
10.1.2. Right to Rectification – You can ask us to correct any inaccurate or incomplete personal data we hold about you.
10.1.3. Right to Erasure (“Right to be Forgotten”) – You may request deletion of your data when it’s no longer needed, consent is withdrawn, or other valid grounds apply. Legal or regulatory obligations may prevent deletion in some cases.
10.1.4. Right to Restrict Processing – You can request limited processing of your data in certain cases, such as when accuracy is contested or you have objected to processing.
10.1.5. Right to Data Portability – You can request your personal data in a structured, machine-readable format and ask us to transmit it to another controller, where technically feasible.
10.1.6. Right to Object – You may object to processing based on legitimate interest or public interest. If we process your data for direct marketing, you can object at any time and we will stop.
10.1.7. Right to Withdraw Consent – Where processing is based on your consent, you can withdraw it at any time. This will not affect prior lawful processing.
10.1.8. Right to Lodge a Complaint – You may contact a supervisory authority if you believe your rights have been violated. We encourage you to contact us first so we can try to resolve the issue.
10.2. You can contact us at [email protected] to exercise any of your rights. We may need to verify your identity before fulfilling certain requests. We aim to respond within one month. No fee applies unless the request is clearly excessive or unfounded.
11. Children’s Privacy
11.1. Our service is intended for adult use. We do not knowingly collect personal data from children under the age of 18 (or the applicable age of consent in your jurisdiction, which may be lower than 18). If you are under 18 years old, please do not use our platform or provide any personal data.
11.2. If we become aware that we have inadvertently collected personal data from a child without proper consent or authorization, we will take steps to delete that information promptly. Parents or guardians who believe that we might have information about a minor can contact us to request removal.
12. Changes to this Privacy Policy
12.1. We may update or revise this Privacy Policy from time to time, as our services and legal requirements evolve. If we make material changes, we will notify you by means of a notice on our website or via email (if we have your contact information) prior to the change becoming effective, as required by law. The “effective date” at the top of this policy will always indicate when the latest changes were made.
12.2. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make changes that affect how we process personal data based on your consent, we will seek your consent for those new purposes where required. By continuing to use our services after any updates take effect, you acknowledge the revised policy.
