NexStops

Privacy Policy

Version 3.0 · Effective July 14, 2026

1. Data Controller

The controller responsible for the processing of personal data within the meaning of Art. 4 No. 7 GDPR is:

NEX NEXT EXPERIENCE LLP 5307 Victoria Drive #458 Vancouver, BC, V5P 3V6, Canada

Registered in the British Columbia LLP register under LL03158.

Contact: support@nexstops.com

For EU data subjects: We accept data-protection requests from data subjects in the EU/EEA at the email address above at any time, and respond to them within the one-month period laid down in Art. 12(3) GDPR. If you prefer the written, postal route, please use the address above, marked "Data Protection".

2. General principles of data processing

2.1 Scope of processing

We process our users' personal data only insofar as this is necessary to provide a functional website and app, as well as our content and services. Processing generally takes place only with the user's consent, unless prior consent cannot be obtained for factual reasons and processing is permitted by law.

3. What data we process and why

3.1 Account data

Data: email address, hashed password (bcrypt), name, optional phone number, language preference, subscription tier, creation date, last login, device ID, number of failed login attempts, where applicable a 2FA secret (Fernet-encrypted), recovery codes, FCM push token, company association. Purpose: provision of the user account, authentication, protection against unauthorized access. Legal basis: Art. 6(1)(b); additionally Art. 6(1)(f) for security logs. Retention: until account deletion by the user; thereafter also removed from the backup snapshots within 30 days.

3.2 Position data (GPS)

Data: current GPS coordinate, timestamp, speed, accuracy. Purpose: live route guidance (navigation), route optimization, documentation of arrival, SOS emergency call, and — in the case of company/fleet-management use — display of the live position to the fleet administrator during the period of work. Legal basis: Art. 6(1)(b); in an emergency Art. 6(1)(d); for the fleet-management live position Art. 6(1)(f), or, within an employment relationship, performance of the employment relationship. Retention and storage: the current position processed during navigation and route planning is used in real time. We do not create or store any movement history (track) of your journeys. In the case of the fleet-management live position, we store solely your last known position (a single, continuously overwritten record per user); this is overwritten by each further update, and earlier positions do not accumulate. The record is permanently deleted when the account is deleted.

Background location: some functions (continuing navigation while the app is in the background; monitoring driving time / fatigue) require the device's background location. We activate this through a separate device permission request, and you may revoke it at any time; we use it solely for the duration of the active function (e.g. running navigation).

Map and address services: location determination is performed by the app itself on the device; we do not transmit the precise GPS position to the map provider (details in Sections 4 and 5 — Stadia Maps, OpenStreetMap Nominatim).

3.3 Route data

Data: stops entered, optimized order, completion status, trip duration. Purpose: route optimization and history. Legal basis: Art. 6(1)(b). Retention: until account deletion.

3.4 Cargo documents (photos, signatures, ePOD/eCMR)

Data: photos taken of the cargo (with timestamp; in the case of a company proof of delivery — POD — with the place of capture and GPS coordinate), handover/receipt signatures (with the signatory's name and role), ePOD/eCMR documents, and the shipment and party data (place of loading and unloading, cargo type; in the case of eCMR the name, address, phone number and email address of the parties concerned — consignor, consignee, carrier). Purpose: transport documentation and proof of damage. Legal basis: Art. 6(1)(b). Storage: we store the photos and signatures in our database, and the larger files (e.g. eCMR and company POD photos) on Cloudflare R2 storage (EU data residency), via an encrypted connection. The summary document produced for the shipment (PDF) is sent as an email attachment to the parties involved in the shipment; there is no public download interface associated with it. Retention: until deletion of the document or the associated account. If a statutory retention obligation applies to you or to the company involved in the shipment, fulfilment of that obligation is the responsibility of you or the company concerned.

3.5 Electronic logbook (Fahrtenbuch)

Data: driver ID, kilometres travelled, client, vehicle data (registration number), driving-licence number, odometer photos, and the daily route — which we store as address-based text, not as a GPS track. A precise GPS coordinate is recorded only by the (police) inspection confirmation, if one takes place. Purpose: payroll-tax and accounting documentation. Legal basis: Art. 6(1)(b). Retention: until account deletion; fulfilment of any statutory retention obligation is the responsibility of you or the company concerned.

3.6 Fuel-price optimization and recording of fuel expenses

Data: for fuel-price optimization, the saved/favourite fuel stations linked to the user and the temporary position used at the time of the query; for manual fuel-expense recording, the amount of the expense, the VAT, the date and the description. We do not process any bank-card number, card data or receipt. Purpose: finding a more favourable fuel price and cost accounting. Legal basis: Art. 6(1)(b). Retention: until account deletion.

3.7 Chat messages

Data: messages between the driver and the company admin, and between the driver and NexStops support. Purpose: performance of a contract, customer service, order communication. Legal basis: Art. 6(1)(b). Retention: 12 months from the last activity.

3.8 SOS emergency call and emergency contacts

Data: the GPS coordinate valid at the moment the emergency alert is triggered (with accuracy), the time of the alert, an optional note, notification status, and the emergency contacts (name, phone, email). This is a point-in-time capture of position, not continuous tracking. The function is available solely to company (fleet-management) drivers. Purpose: saving lives; rapid notification of the company's administrator and the emergency contacts (via push notification and email). In order to provide emergency support and to handle open alerts, the platform operator may display the drivers' last known position and the unresolved SOS alerts on an overview map. Legal basis: Art. 6(1)(d) — vital interest; additionally Art. 6(1)(f). Retention: we retain the SOS alert record — owing to its emergency and safety significance — (we do not delete it automatically on a time basis) so that a potential incident can be investigated after the fact. The record is permanently deleted when your account or your company's account is deleted.

3.9 Payment data

Data: Stripe customer ID, subscription status, billing data, the last four digits of the card. We never store the full card number — these are recorded directly by Stripe. Purpose: subscription billing, invoicing. Legal basis: Art. 6(1)(b); with respect to accounting retention, Art. 6(1)(c). Retention: we retain the billing data for the period required by the accounting and tax law applicable to us.

3.10 Marketplace (cargo and vehicle listings)

Data: the listings published by the user, prices, the place of loading and unloading (where applicable with GPS coordinate), and the contact data (the employer's contact person, email, phone, tax number; the driver's name, phone number). We process these as our own controller. Purpose: publication and brokerage of cargo and vehicle offers. Legal basis: Art. 6(1)(a) (consent — the user actively publishes). Retention: until deletion by the user or after 90 days of inactivity.

3.10a FreightEx (freight-exchange brokerage)

Data: the FreightEx function brokers to an external freight exchange (FreightEx.EU); we do not maintain our own listing database. We store your search criteria temporarily. The data relating to the shipment is transmitted to the external exchange. Purpose: access to external freight offers. Legal basis: Art. 6(1)(b), or Art. 6(1)(f) (legitimate interest in providing the service). Data transfer: the external FreightEx.EU freight exchange is an independent service provider; the processing of the data transmitted there is subject to their data-protection terms.

3.11 Push token (FCM)

Data: the anonymous device token from Firebase Cloud Messaging. Purpose: delivery of critical system and emergency notifications; on request also marketing push. Legal basis: Art. 6(1)(f) for system-critical notifications; Art. 6(1)(a) for marketing push. Retention: until push notifications are disabled or the account is deleted.

3.12 Driver Score (automated scoring)

Data: the driving events recorded while driving, which include the location of the event (GPS coordinate), the speed and the direction, and the aggregate score calculated from these. The recorded location data are point events (not a continuous track). Purpose: identification of training needs and safety monitoring on the part of the company admin. Notice under Art. 22 GDPR: the scoring is used exclusively internally. It has no automated legal effect on the driver. A natural person (the company admin) decides on any measures based on the score. Right to human review: you have the right at any time to request a manual review of your score, to present your point of view and to object to the scoring (Art. 21 GDPR). Legal basis: Art. 6(1)(f). Retention: we retain the driving events and the score until account deletion.

3.13 Route optimization

The algorithm suggests an optimized stop order. This function is purely advisory and non-binding — the driver may deviate from it at any time. Within the meaning of Art. 22 GDPR, there is no automated decision producing legal effect. The route calculation takes place on NexStops's own server; we do not use any external service provider for this.

3.14 System monitoring and error tracking

Data: request IDs, anonymized user IDs, error stacktraces. Personal data are filtered out before transmission. Purpose: operational security, error diagnosis, SOS escalation to the admin pool. Legal basis: Art. 6(1)(f). Retention: 30 days raw, 90 days aggregated.

3.15 Server log files

Data: IP address, timestamp, URL accessed, HTTP status code, User-Agent, referrer. Purpose: operational security, abuse and attack detection. Legal basis: Art. 6(1)(f). Retention: 30 days.

3.16 Recording of country at registration

Data: two-letter country code (e.g. "DE"), which we resolve from the IP address of the registration device. We do not store the IP address. Purpose: statistical and business analysis — understanding from which countries the service is used. Legal basis: Art. 6(1)(f) — legitimate interest, in accordance with the principle of data minimization (country code only, without IP). Retention: until account deletion.

The country-code resolution takes place locally, using a database running on our own server (MaxMind GeoLite2). We do not transmit your IP address to MaxMind for this (the resolution takes place offline), and we do not store the IP address — we save only the result of the resolution (the country code).

3.17 Fahrer Radar (nearby drivers)

Data: your displayed name, nationality, configured languages, vehicle type, status message and status indicator; your real GPS position (solely for internal processing, to calculate distances); your deliberately blurred (fuzzy) position (this is what is shared); the approximate distance calculated from the blurred position. Purpose: enabling drivers nearby who use the same function to see one another on the map and — if they wish — exchange messages. Legal basis: Art. 6(1)(a) — consent, which you give by expressly switching the function on and which you can withdraw at any time by switching it off. Retention: the position record is automatically deleted 12 hours after the last update; after approximately 30 minutes of inactivity you go offline. Messages sent within the radar are stored encrypted and automatically deleted after 30 days. Availability: Pro tier and above.

Opt-in: Fahrer Radar is switched off by default; until it is switched on, we do not share any position or profile data.

Blurred location sharing: if you switch it on, we display your position in a deliberately blurred form — with a random offset at least approximately 2 kilometres from your real location (which can be increased to at most 5 km in the settings); the offset cannot be reverse-engineered from the publicly visible data. The system processes your real position solely for internal purposes and never shares it with other users.

The vehicle registration number: we do not share it with other users.

Liability: NexStops accepts no liability for the connections established through the function, for the content of the messages users exchange with one another, or for any consequences arising from possible in-person meetings (details: Terms and Conditions).

3.18 Traffipax (speed-camera warning)

Data: in the case of a report, the location of the camera, its type, optional data (direction, speed limit); a user ID assigned to the report for internal purposes, which other users do not see. Purpose: display of fixed and reported speed cameras + optional live warning while driving. Legal basis: Art. 6(1)(a) — consent (express switching on + acceptance of the legal notice); withdrawable at any time by switching off. Retention: cameras reported by users (mobile ones) automatically disappear from the display after a time. Availability: Pro tier and above.

Opt-in and acceptance: Traffipax is switched off by default; the function works only if you expressly switch it on and, on first activation, accept the legal notice.

Anonymity: the reported camera appears to other users anonymously.

Lawfulness of use — your own responsibility: the use of speed-camera warning functions while driving is restricted or prohibited by the laws of some countries, and breaching the prohibition may entail a fine or other sanction; the applicable rules differ from country to country (for example, in some EU member states use while driving is prohibited). You are yourself responsible for ensuring that your use of the function complies with the laws of your place of residence. NexStops accepts no liability for the legal consequences arising from use of the function (fines, deduction of points or other sanctions) — details: Terms and Conditions.

4. Recipients of the data

We pass your data to the following processors, where required by law, on the basis of a data-processing agreement under Art. 28 GDPR. In the case of transfers outside the European Union, we apply appropriate safeguards (the European Commission's standard contractual clauses — SCC, or an adequacy framework).

Recipient Function Location Transfer safeguard
Stripe Payments Europe Ltd. / Stripe Inc. Payment processing IE / US Processing within the EU + SCC / adequacy framework
Sendinblue SAS (Brevo) Transactional and notification email FR Processing within the EU
Google (Firebase Cloud Messaging) Push notifications IE / US Adequacy framework
Cloudflare, Inc. (R2) File storage of cargo documents EU data residency SCC + EU data residency
Contabo GmbH Server hosting Data center: Lauterbourg, France (EU) Processing within the EU
Stadia Maps, Inc. Display of map tiles US SCC
OpenStreetMap Foundation (Nominatim) Address and coordinate resolution (geocoding) United Kingdom Adequacy decision
MaxMind, Inc. (GeoLite2) Country-code resolution Locally, on our own server We do not transmit the IP address (offline processing)
Functional Software Inc. (Sentry) Error tracking US SCC

Map and location determination — clarification: location determination is performed by the app itself on the device. Stadia Maps supplies solely the visual elements (tiles) of the displayed map; for this it receives the identifiers of the displayed map section and — as a technical corollary — the device's IP address, not the precise position (from which it could at most infer the approximate area of residence). We use the OpenStreetMap Nominatim service for address and coordinate resolution: for coordinate-based resolution (reverse) we send the precise coordinate, and for address-based search (forward) we send the address text entered, to the service. The MaxMind database runs locally, without IP transfer.

We do not transmit the data to other third parties, except where required by law (e.g. an official request). We do not sell your location data and do not make it accessible for advertising purposes.

5. International data transfers

Some of our processors are established outside the European Union. The transfer is based on one of the following legal bases: - Adequacy framework / adequacy decision (Stripe, Google/Firebase; in the case of Nominatim, the United Kingdom's adequacy decision): a level of protection comparable to that of the EU. - Standard contractual clauses (SCC) in accordance with the European Commission's model (Cloudflare, Stadia Maps, Sentry, and the subcontractors established in the US): a contractually stipulated obligation to comply with European data-protection standards. - MaxMind: the country-code resolution takes place locally; we do not transfer your IP address to a third country.

A current list of the processors and their safeguards is available on request (support@nexstops.com).

6. Retention periods — overview

Data category Retention
Account data Until deletion + 30-day backup
GPS position Last position overwritten; no track storage; deleted when the account is deleted
Route data Until account deletion
Cargo documents (ePOD/eCMR) Until deletion of the document/account; statutory retention is the user's responsibility
Logbook, fuel expenses Until account deletion; statutory retention is the user's responsibility
Chat messages 12 months from last activity
SOS events Retained (no time-based deletion); deleted when the account is deleted
Payment / billing data In accordance with the accounting/tax law applicable to us
Marketplace listings Until deletion or 90 days of inactivity
Push token Until disabled / account deletion
Driver Score (driving events + score) Until account deletion (also contains GPS — see 3.12)
Fahrer Radar position Deleted after 12 hours; radar messages 30 days
Country (code) Until account deletion
Monitoring / error logs 30 days raw, 90 days aggregated
Server logs 30 days

7. Your rights

As against us as controller, you have the following rights: - Right of access (Art. 15 GDPR) - Right of rectification (Art. 16 GDPR) - Right of erasure (Art. 17 GDPR) — unless a statutory retention obligation stands in the way - Right to restriction of processing (Art. 18 GDPR) - Right to data portability (Art. 20 GDPR) — JSON export available - Right to object (Art. 21 GDPR) — including the Driver Score - Right to withdraw consent (Art. 7(3) GDPR) — at any time, with effect for the future; the withdrawal does not affect the lawfulness of the processing carried out until then - Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may turn to the data-protection supervisory authority of the member state of your habitual residence, your place of work, or the place of the alleged infringement. (Example: in Hungary, the National Authority for Data Protection and Freedom of Information — NAIH, Falk Miksa utca 9-11, 1055 Budapest.)

To exercise your rights, please contact us at support@nexstops.com.

8. Cookies and similar technologies

8.1 Web (nexstops.com)

Cookie Purpose Retention Legal basis
Session cookie Login state Until end of session Art. 6(1)(b) — necessary
_ga, _gid, _gat (Google Analytics 4) Audience measurement up to 24 months Art. 6(1)(a) — consent
Stripe.js Secure payment active only during payment Art. 6(1)(b)
Consent cookie Stores your cookie choice 12 months ePrivacy Directive (2002/58/EC), Article 5(3)

Analytics cookies are loaded only with your explicit consent via our cookie banner (in accordance with Article 5(3) of the "ePrivacy" Directive 2002/58/EC on privacy in electronic communications). You can change or withdraw your selection at any time via the "Cookie settings" link at the bottom of the page.

8.2 In the app

9. Security

10. Server location

Our servers are located in the data center of our hosting provider, Contabo GmbH, in Lauterbourg (Grand Est region, France, 67630). Processing accordingly takes place within the European Union. No transfer of your account, route or cargo data to third countries takes place, other than the specific processors indicated in Sections 4 and 5.

11. Children

Our service is not directed at children under 16. We do not knowingly collect personal data from children. Where the consent of a person under 16 is required, it may be given or authorized in accordance with Art. 8 GDPR by the person holding parental responsibility.

12. Automated decision-making

We do not make automated decisions producing legal effects concerning you. Route optimization is expressly advisory; the Driver Score serves exclusively internal use — the identification of training needs and safety monitoring — the decision on concrete measures is always made by a natural person (the company admin). Details in Sections 3.12 and 3.13.

13. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy to the changed legal situation or to changes in our processing practice. The version in force at any given time is available at https://nexstops.com/privacy. We inform you of material changes by email and in-app notification at least 30 days before they take effect.

14. Contact

Email: support@nexstops.com Postal address: NEX NEXT EXPERIENCE LLP, Data Protection, 5307 Victoria Drive #458, Vancouver, BC, V5P 3V6, Canada