Privacy Policy

Your Nexpher Account and the personal data associated with it is controlled by Nexpher Limited ("Nexpher", "we", "us", or "our"), the data controller for all Nexpher group identity services.

To deliver the full range of Nexpher services, your information may also be processed by our subsidiary Nexpher Images Limited and other Nexpher group companies, each acting as a data processor or independent controller as appropriate for the service provided.

We collect information you provide directly and information generated through your use of our services:

• Account information – name, email address, username, password (stored as a cryptographic hash), and profile picture.
• Identity verification data – government-issued ID documents or selfie images submitted during KYC verification, where required.
• Authentication activity – login timestamps, IP addresses, device and browser information, and session data.
• OAuth & application data – which third-party applications you have authorised and the scopes you granted.
• Communications – support requests and correspondence you send to us.
• Usage data – pages visited, features used, and interactions within account settings.

We use your personal data to:

• Create and manage your Nexpher Account.
• Authenticate you across all Nexpher group services using single sign-on.
• Verify your identity where required by law or platform policy.
• Provide, maintain, and improve Nexpher services.
• Send transactional communications (e.g. password resets, security alerts).
• Detect and prevent fraud, abuse, and unauthorised access.
• Comply with legal obligations.

We will only send you marketing communications with your consent. You may withdraw consent at any time from your account notification settings.

We do not sell your personal information. We may share your data in the following circumstances:

4.1 Within the Nexpher Group

Your account information is shared within the Nexpher group of companies to provide a seamless, integrated experience. This includes:

• Nexpher Images Limited – receives your account identity and relevant profile data to provide image hosting and management services under the Nexpher platform.
• Other present and future subsidiaries and affiliates of Nexpher Limited, to the extent required to deliver the services you use.

4.2 Service Providers

We engage trusted third-party service providers to assist in operating our platform (e.g. cloud infrastructure, email delivery, analytics). These providers access only the data necessary to perform their functions and are bound by contractual data-processing obligations.

4.3 Third-Party Applications

When you grant an OAuth application access to your account, we share only the data covered by the scopes you approve. You can manage and revoke application access at any time in your account settings.

4.4 Legal Requirements

We may disclose your information where required by law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, safety, or property of Nexpher, our users, or the public.

We retain your personal data for as long as your account remains active and for a reasonable period thereafter to fulfil legal, tax, or contractual obligations. You may request deletion of your account and associated data at any time by visiting your account settings or contacting us at [email protected].

Certain categories of data (e.g. fraud-prevention records) may be retained for longer periods where required by law.

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee the absolute security of your information.

If you believe your account has been compromised, please change your password immediately and contact [email protected].

Depending on your location, you may have the following rights regarding your personal data:

• Access – request a copy of the data we hold about you.
• Correction – request correction of inaccurate or incomplete data.
• Deletion – request erasure of your data, subject to legal retention requirements.
• Portability – receive your data in a structured, machine-readable format.
• Restriction – request that we limit how we process your data in certain circumstances.
• Objection – object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

We use essential cookies to maintain your authenticated session and ensure the security of your account. We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies will affect your ability to stay signed in.

Nexpher operates globally. Your data may be processed in countries outside your own. Where data is transferred internationally, we ensure appropriate safeguards are in place (such as standard contractual clauses) to protect your information in accordance with applicable law.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice within your account. Continued use of the services after the effective date of any changes constitutes acknowledgment of the updated Policy.

For privacy-related questions or concerns, please contact our Privacy team at [email protected].