Privacy Policy

1. Introduction

Nexbook, Inc. ("Nexbook," "we," "us," or "our") is a New York-based company that operates a scheduling and booking platform for activity-based businesses — swim schools, music academies, tutoring centers, and similar organizations — and the families they serve. Our platform includes the Nexbook mobile application and website (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Service, whether you are a business administrator ("Admin"), an instructor or staff member, or a parent or consumer ("Consumer") booking lessons for yourself or your family.

The Service is intended for use within the United States. By using Nexbook you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

Category	Examples	Who Provides It
Account & identity	Name, email address, phone number, password	All users
Profile	Photo, bio, location, organization affiliation	All users
Payment & billing	Name on card, billing address, payment method (processed by Stripe — we never store full card numbers)	Consumers, Admins
Organization data	Business name, programs, lesson schedules, instructor rosters, pricing, locations	Admins
Family & participant data	Names, ages, and relevant notes for children or other participants	Parents / Admins
Booking & scheduling	Lesson bookings, session attendance, calendar selections, availability	All users
Communications	Messages, booking requests, support inquiries, feedback	All users

2.2 Information Collected Automatically

Category	Examples
Device & browser	Device type, operating system, unique device identifiers, mobile network, screen resolution
Usage data	Screens visited, features used, tap events, search queries, session duration, bookings made
Location	Approximate location (city-level, with your permission) to surface nearby programs and sessions
Log data	IP address, access times, referring URLs, crash reports, performance metrics

2.3 Information from Third Parties

We may receive information from authentication providers if you sign in via a third-party service (e.g., Apple, Google), payment processors (Stripe), and analytics or error-reporting services (Sentry, Expo). We receive only the data necessary to operate the Service and do not purchase personal data from data brokers.

3. How We Use Your Information

We use collected information for the following purposes:

Operate the Service — process bookings, payments, scheduling, and account management
Send transactional communications — booking confirmations, payment receipts, password resets
Provide customer support and respond to inquiries
Improve and develop the Service — analytics, usage trends, feature development
Personalize your experience — relevant programs, sessions, and recommendations based on location and interests
Send marketing communications — new features, promotions, and events (with your consent where required)
Detect, prevent, and address fraud, abuse, security threats, and technical issues
Comply with legal obligations — tax reporting, regulatory requests, litigation holds
Enforce our Terms of Service and protect our rights

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

4. How We Share Your Information

4.1 With Your Consent or Direction

When you book a lesson or join an organization, certain information (name, contact details, booking history) is shared with the relevant organization's administrators and instructors so they can fulfill the service.

4.2 Service Providers

We share information with third-party processors who help us operate the Service. Each provider accesses only the data necessary for its function and is contractually obligated to protect it:

Provider	Function	Data Shared
Stripe	Payment processing (Stripe Connect)	Name, billing address, payment method, transaction amounts
Supabase	Database hosting & authentication	All account and application data (encrypted at rest and in transit)
Sentry	Error tracking & crash reporting	Device info, stack traces, anonymized usage context
Expo / EAS	App distribution, push notifications, performance monitoring	Device tokens, minimal telemetry

4.3 Business Transfers

In connection with a merger, acquisition, reorganization, asset sale, or bankruptcy, your information may be transferred as a business asset. We will notify you before your information becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose information when required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.5 Aggregated or De-Identified Data

We may share aggregated or de-identified data that cannot reasonably identify you for analytics, research, or marketing purposes.

We do not sell your personal information. Nexbook has not sold personal information in the preceding 12 months and does not intend to do so.

5. Marketplace Data Flows

Nexbook is a two-sided marketplace. Understanding how data flows between the parties is important:

Admin → Consumer

When you browse or book with an organization, you may see the organization's name, location, program descriptions, instructor names, lesson schedules, and pricing. This information is published by the Admin.

Consumer → Admin

When you book a lesson, the organization receives your name, contact information, participant details (e.g., child's name and age), and booking history within their organization. Admins are prohibited from using this data for purposes unrelated to the services you booked.

Admin Responsibilities

Organizations using Nexbook act as independent data controllers for the participant and booking data they manage. Each organization is responsible for its own compliance with applicable privacy laws regarding the data it collects and processes through Nexbook.

6. Cookies & Tracking Technologies

The Nexbook mobile app uses the following tracking technologies:

Technology	Purpose	Can You Opt Out?
Session tokens	Keep you signed in	Required for the Service to function
Analytics (Expo)	Understand feature usage and app performance	Yes — see Section 9
Crash reporting (Sentry)	Identify and fix bugs	Required for service quality
Push notification tokens	Deliver booking updates and reminders	Yes — device Settings → Notifications

On our website (nexbook.io), we use essential cookies for site functionality. We do not use third-party advertising cookies. Your browser's "Do Not Track" signal is respected where technically feasible; however, there is no universal standard for how DNT signals are interpreted.

7. Data Retention

We retain your information only as long as necessary for the purposes described in this policy. Specific retention periods:

Data Category	Retention Period
Active account data	Duration of account plus 30 days after deletion request
Booking & transaction records	7 years (tax and legal compliance)
Payment data (held by Stripe)	Per Stripe's retention policy
Crash reports & logs	90 days
Analytics data	24 months (aggregated/anonymized)
Communications & support tickets	3 years after resolution
Marketing consent records	Duration of consent plus 3 years

After the applicable retention period, data is deleted or anonymized. Where we are legally required to retain information (e.g., tax records, litigation holds), we will do so for the minimum period required by law.

8. Data Security

We implement technical and organizational safeguards designed to protect your information:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Secure password hashing (bcrypt)
Role-based access controls — staff, instructors, and admins access only the data relevant to their role within an organization
Row-level security on all database tables (Supabase RLS)
Regular security assessments and dependency audits
Secure authentication with support for social login (Apple, Google) and session management

No system is perfectly secure. While we work to protect your information, we cannot guarantee absolute security and encourage you to use a strong, unique password for your Nexbook account.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and applicable regulatory authorities in accordance with New York's SHIELD Act and other applicable state breach notification laws. Notification will occur in the most expedient time reasonable and without unreasonable delay.

9. Your Rights & Choices

Access & Correction

You can view and update your profile, contact details, and notification preferences directly in the Nexbook app under Settings.

Account Deletion

You may request deletion of your account and associated personal data by contacting nexbook.io@gmail.com or through Settings → Account → Delete Account. We will process your request within 30 days, subject to any legal retention obligations.

Marketing Opt-Out

Email: Click "Unsubscribe" in any marketing email, or adjust in Settings → Notifications.
Push notifications: Manage in your device's Settings → Notifications → Nexbook.

Opting out of marketing does not affect transactional communications (booking confirmations, payment receipts, security alerts).

Location Data

You can revoke location permissions at any time through your device settings. This may limit our ability to show you nearby programs.

Data Portability

You can request an export of your personal data in a structured, machine-readable format by contacting nexbook.io@gmail.com.

10. U.S. State Privacy Rights

New York

New York residents are protected under the New York SHIELD Act, which requires us to implement reasonable safeguards for private information (covered in Section 8) and to notify affected individuals in the event of a data breach. We comply with all applicable New York data security and breach notification requirements.

California (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know — request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it.
Right to delete — request deletion of your personal information, subject to legal exceptions.
Right to correct — request correction of inaccurate personal information.
Right to opt-out of sale/sharing — Nexbook does not sell or share (as defined by the CCPA/CPRA) your personal information for cross-context behavioral advertising.
Right to limit use of sensitive personal information — You may limit the use of sensitive personal information to what is necessary to perform the Service.
Right to non-discrimination — We will not deny you the Service, charge different prices, or provide a different quality of service because you exercised a privacy right.

To exercise these rights, email nexbook.io@gmail.com or use the in-app request flow. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, provided the agent presents a valid power of attorney or you verify your identity directly with us.

Categories of personal information collected in the past 12 months: Identifiers (name, email, phone), commercial information (booking and payment records), internet/electronic activity (usage data, device info), geolocation (approximate), and personal information under Cal. Civ. Code §1798.80(e) (name, address, phone). We collect this information for the purposes described in Section 3.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and Other States

Residents of states with comprehensive privacy laws may have rights to access, correct, delete, and obtain a copy of their personal data, as well as to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. Nexbook does not engage in targeted advertising, sell personal data, or profile users in ways that trigger these opt-out rights.

To exercise any applicable right, contact nexbook.io@gmail.com. If we deny your request, you may appeal by responding to our denial with "Appeal" in the subject line, and we will respond within the timeframe required by your state's law.

11. Children's Privacy

Nexbook accounts are intended for users aged 16 and older. We do not knowingly collect personal information directly from children under 13.

However, Nexbook is a platform where parents and guardians book lessons for their children. In this context:

Parents and guardians provide their children's names, ages, and relevant details as part of the booking process.
This participant data is used solely to fulfill the requested service and is shared only with the organization providing the lesson.
Organizations (Admins) are independently responsible for complying with applicable children's privacy laws (including COPPA) for the data they manage.
Parents can view, update, or request deletion of their children's data at any time through their account or by contacting nexbook.io@gmail.com.

If we learn that we have collected personal information directly from a child under 13 without parental consent, we will delete it promptly.

12. Third-Party Services

The Service may contain links to third-party websites, apps, or services. This Privacy Policy applies only to Nexbook. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service you interact with.

Key third-party services integrated with Nexbook:

Stripe — Payment processing under Stripe's Connected Accounts Agreement and Privacy Policy.
Supabase — Database and authentication under Supabase's Privacy Policy.
Expo — App services under Expo's Privacy Policy.
Sentry — Error monitoring under Sentry's Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and notify you through the app or via email. Your continued use of Nexbook after the changes take effect constitutes your acceptance of the revised policy.

We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: nexbook.io@gmail.com