Nexa icon
← Back to home Open app
Legal

Privacy Policy

We respect your privacy and are committed to protecting the personal information you share with us when using the Nexa app.

Last updated: February 2026

Contents

  1. Who we are
  2. Information we collect
  3. Camera & media access
  4. How we use your information
  5. Data storage & security
  6. Data sharing & third parties
  7. Your rights & choices
  8. Children’s privacy
  9. Changes to this policy
  10. Contact us
1

Who we are

Nexa is a business management application developed and operated by Five2Nine Projects, a South African company. We provide tools for sales tracking, expense management, invoicing, manufacturing, team collaboration, and more — designed for entrepreneurs and small businesses.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Nexa mobile application (“the App”) and any related services.

By using Nexa, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the App.

2

Information we collect

We collect information you provide directly, information generated through your use of the App, and limited technical data required to operate the service.

  • Account information: Name, email address, and password when you register.
  • Business information: Company name, business type, country, and currency preferences.
  • Financial records: Sales, expenses, invoices, quotations, purchases, and account balances that you enter into the App.
  • Product & inventory data: Products, raw materials, packaging materials, recipes, and production records you create.
  • Customer & supplier data: Names, contact details, and transaction history for your customers and suppliers.
  • Team data: Names and email addresses of team members you invite to your company workspace.
  • Device & usage data: Device type, OS version, app version, and general usage patterns to help us improve the App.
  • Push notification tokens: Device tokens used to deliver in-app notifications such as invoice reminders and task deadlines.
3

Camera & media access

Nexa requests access to your device’s camera and photo library to support specific features. Camera access is never used for surveillance, background recording, or any purpose unrelated to the features described below.

Why the camera is used

The camera is activated only when you initiate one of the following in-app actions:

  • Receipt & invoice scanning: Capture photos of paper receipts or supplier invoices so the App can extract and record purchase details automatically.
  • Recipe scanning: Photograph handwritten or printed recipes to import ingredient lists into your manufacturing workflow.
  • Document attachment: Attach photos of supporting documents (e.g. delivery notes, proof of payment) to sales, expense, or purchase records.
  • Profile & company branding: Upload a profile photo or company logo for use within the App and on generated documents such as invoices and quotations.
Receipt scanning Invoice scanning Recipe scanning Document attachments Profile & logo upload

Photo & video storage

Photos are not stored beyond what is necessary for the feature you are using:

  • When you scan a receipt or invoice, the image is processed to extract structured data (amounts, dates, line items). The raw image may be retained temporarily during processing and then discarded, or saved as an attachment only if you choose to keep it.
  • Document attachments you explicitly save are stored securely and are accessible only to you and authorised team members within your company workspace.
  • Profile photos and company logos are stored to display within the App and on your generated documents.
  • No video is ever recorded or stored by the App. The camera is used only for still image capture.
  • Images are never used for advertising, profiling, or shared with third parties for marketing purposes.

You are always in control. Camera and photo library access is only activated when you initiate a scanning or upload action. The App requests permission before accessing your camera for the first time. You can revoke camera access at any time through your device’s Settings app without affecting other App functionality.

4

How we use your information

We use the information we collect solely to provide, maintain, and improve the Nexa service:

  • To operate the App: Store and sync your business records, generate reports, and power features like invoicing, manufacturing, and team collaboration.
  • To personalise your experience: Apply your currency, country, and business-type preferences across the App.
  • To send notifications: Deliver invoice reminders, task deadlines, and other alerts you have opted in to receive.
  • To process payments: Handle subscription billing securely via our payment provider (PayFast). We do not store card details.
  • To provide support: Respond to your queries and troubleshoot issues when you contact us.
  • To improve the App: Analyse aggregated, anonymised usage patterns to identify bugs and prioritise new features.
  • To comply with legal obligations: Retain records as required by applicable South African law.

We do not sell your personal information, use it for targeted advertising, or share it with data brokers.

5

Data storage & security

Your data is stored on secure cloud infrastructure provided by Supabase, which uses industry-standard encryption at rest and in transit (TLS/HTTPS). Access is controlled by row-level security policies so each user and company can only access their own records.

  • Encryption in transit: All data sent between the App and our servers is encrypted using TLS.
  • Encryption at rest: Data stored in our database and file storage is encrypted at rest.
  • Access controls: Strict row-level security ensures your data is isolated from other users’ data.
  • Authentication: Passwords are never stored in plain text. We use secure hashing and token-based authentication.
  • Data retention: Your data is retained for as long as your account is active. If you delete your account, your personal data is removed in accordance with our deletion procedures.

While we implement strong security measures, no system is completely immune to risk. We encourage you to use a strong, unique password and to keep your device secure.

6

Data sharing & third parties

We do not sell, rent, or trade your personal information. We share data only in the limited circumstances below, and only to the extent necessary:

  • Supabase (infrastructure): Our database and file storage provider. Data is processed under their privacy and security terms.
  • PayFast (payments): Subscription billing is processed by PayFast. We share only the information required to process your payment. Card details are handled entirely by PayFast and are never stored by us.
  • Email delivery: Transactional emails (e.g. invoice delivery, team invitations, password resets) are sent via a third-party email service. Only the recipient address and email content are shared for this purpose.
  • AI features: If you use the AI assistant, your queries may be processed by a third-party AI provider. We do not send personally identifiable financial records to AI providers without your explicit action.
  • Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority in South Africa.

All third-party providers are contractually required to handle your data securely and only for the purposes we specify.

Your business data is yours. We do not use your financial records, customer lists, or product data for any purpose other than operating the App on your behalf.

7

Your rights & choices

Under the Protection of Personal Information Act (POPIA) and applicable privacy law, you have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that inaccurate or incomplete information be corrected. Most information can be updated directly within the App.
  • Deletion: Request deletion of your account and associated personal data. You can initiate account deletion from within the App’s settings.
  • Objection: Object to certain types of processing, such as receiving marketing communications.
  • Portability: Request an export of your data in a machine-readable format where technically feasible.
  • Notifications: Manage push notification preferences at any time through your device settings or within the App.
  • Camera permissions: Revoke camera or photo library access at any time through your device’s Settings app.

To exercise any of these rights, please contact us using the details in Section 10.

8

Children’s privacy

Nexa is designed for use by adults and business owners. The App is not directed at children under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will take steps to remove it promptly.

9

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you via the App or by email.

Continued use of the App after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

10

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please reach out to us. We aim to respond to all privacy-related enquiries within 5 business days.

Five2Nine Projects

For privacy enquiries, data access requests, or account deletion.

support@five2nineprojects.com