NexReply logo

Privacy Policy

Last updated: 2025-09-17

Who we are

NexReply (“we”) provides software for automating customer service emails with matching + AI. Contact: info@nexreply.nl.

What data we process

  • Contact details via the form (name, email, message).
  • Operational email data from your mailbox/ticketing system/ERP: sender/recipient, subject, content, attachments, metadata, and system logs.
  • Order and shipping data via your webshop (API/IMAP/SMTP/webhooks; e.g., order number, status, Track & Trace). This information is not persistently stored in our database (only temporarily/cached as needed to provide the service).
  • Usage and logging (technical logs, error reports, security logs).
  • Cookies and similar technologies (see “Cookies” below).

Purposes & legal bases

  • Service delivery (performance of contract): processing emails, generating replies according to your instructions.
  • Security and logging (legitimate interest).
  • Support and communication (legitimate interest/performance of contract).
  • Legal obligations (retention and fiscal requirements).
  • Marketing (only with consent or where legitimate interest applies; you can always opt out).

AI usage

AI replies are generated exclusively within your approved instructions. If there is insufficient certainty, the case is forwarded to an agent (fallback). We do not “invent” data; we only use the context you provide.

Retention periods

  • Form submissions: maximum of 24 months.
  • Operational email data & (security) logs: by default 90 days, unless otherwise agreed or legally required.
  • Contracts/administration: according to statutory terms.

Sharing with third parties

We use processors for hosting, email infrastructure, and AI. With each processor we conclude a Data Processing Agreement (DPA). An up-to-date list of sub-processors is available on request. We may also share data:

  • to comply with applicable laws or a lawful request from an authority,
  • to protect our rights, property, or safety and that of users.

Business transactions

In the event of a (proposed) merger, acquisition, or sale of (part of) our business, data may be transferred to a successor. Where legally required, we will inform you of this.

International transfers

Processing may take place outside the EU/EEA (e.g., when using cloud or AI providers). In such cases we apply appropriate safeguards, such as the Standard Contractual Clauses (SCCs) of the European Commission and additional measures where necessary. Details on regions and providers are available on request.

Security

  • Transport security (TLS) for IMAP/SMTP/API where possible.
  • Access control per mailbox/customer, logging, least privilege.
  • Isolated tenants where applicable; periodic review of rights and configurations.
  • Encryption at rest where supported by the chosen infrastructure.

No method of transmission or storage is 100% secure; we strive to implement appropriate technical and organizational measures in line with risks and the state of the art.

Your rights

Where legally permitted, you have the right to access, rectification, erasure, restriction, data portability, and to object to certain processing (including direct marketing). Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. Requests: privacy@nexreply.nl.

Cookies

We use necessary cookies and — if enabled — analytical cookies.

  • Types: session cookies (expire when you close your browser) and persistent cookies (remain until their expiry date or deletion).
  • Purposes: basic functionality, statistics/analytics, and performance monitoring.
  • Your choices: you can manage cookie preferences via our banner (if present) or via your browser settings. Disabling certain cookies may affect functionality.

Third-party links

Our website/service may contain links to third-party websites or services (e.g., carriers or AI providers). We are not responsible for their privacy practices. Please consult their privacy policies before providing personal data.

Children

Our services are not directed at persons under 16 years of age. We do not knowingly collect data from children under 16. If you believe this has happened, please contact us so that we can take appropriate measures.

Changes to this policy

We may update this policy in case of changes in law, technology, or our services. In the event of material changes, we will publish a clear notice on our website and update the “Last updated” date.

DPA / Data Processing Agreement

We offer a Data Processing Agreement (DPA). Contact us for signing and for the current list of sub-processors.

Contact

Questions or complaints? Email privacy@nexreply.nl. You can also contact your local Data Protection Authority.