Version 2.1 · Effective 24 May 2026
The controller responsible for the processing of personal data within the meaning of Art. 4 No. 7 GDPR is:
NEX NEXT EXPERIENCE LLP 5307 Victoria Drive #458 Vancouver, BC, V5P 3V7, Canada
Registered in the British Columbia LLP register under LL03158.
General contact: admin@nex.company Data-protection contact: dataprivacy@nex.company
Note on EU representation: As a controller not established in the EU, we accept data-protection requests from data subjects in the EU at the email addresses above and respond within the statutory one-month period (Art. 12(3) GDPR). For postal requests, please use the Canadian address above, marked "Data Protection".
We process personal data of our users only insofar as this is necessary to provide a functional website, app and our content and services. Processing generally takes place only with the user's consent, unless prior consent cannot be obtained for practical reasons and processing is permitted by law.
Data: email, bcrypt-hashed password, name, optional phone number, language preference, subscription tier, creation date, last login, device ID, failed-login counter, optional 2FA secret (Fernet-encrypted), recovery codes, FCM push token, company association. Purpose: provision of the user account, authentication, protection against unauthorized access. Legal basis: Art. 6(1)(b); additionally Art. 6(1)(f) for security logs. Retention: until account deletion by the user; thereafter removed from backup snapshots within 30 days.
Data: current GPS coordinates, timestamp, speed, accuracy. Purpose: live route guidance, route history, SOS emergency, Driver Score evaluation. Legal basis: Art. 6(1)(b); Art. 6(1)(d) in an emergency. Retention: tier-based — Free 30 days, Lite 60, Pro 90, Solo 180, Business/Enterprise 365; soft-delete on cut-off, hard-delete after 30 days.
Data: stops entered, optimized order, completion status, trip duration. Purpose: route optimization and history. Legal basis: Art. 6(1)(b). Retention: until account deletion; cleaned together with GPS retention.
Data: cargo photos, handover signatures, ePOD/eCMR documents, shipment metadata. Purpose: delivery documentation, proof of damage, statutory retention. Legal basis: Art. 6(1)(b) and Art. 6(1)(c) (HGB §257, AO §147). Retention: 10 years from the end of the calendar year of creation. Storage: Cloudflare R2 with EU data residency; access only via signed URLs valid for 60 minutes.
Data: driver, vehicle and route metadata per shift. Purpose: payroll-tax and accounting documentation. Legal basis: Art. 6(1)(b) and Art. 6(1)(c) (R 8.1(9) LStR, GoBD). Retention: 10 years.
Data: transaction ID, date, amount, card last-4, driver/vehicle allocation. The full card number is not stored. Purpose: expense reporting, cost control. Legal basis: Art. 6(1)(b) and (c). Retention: 10 years.
Data: messages between driver and company admin, and between driver and NexStops support. Purpose: contract execution, support, order communication. Legal basis: Art. 6(1)(b). Retention: 12 months after last activity.
Data: emergency-trigger timestamp, GPS coordinate, severity, notification status, emergency contacts (name, phone, email). Purpose: saving lives, rapid notification of contacts and admins. Legal basis: Art. 6(1)(d) and Art. 6(1)(b). Retention: 24 months as an audit trail, then anonymized.
Data: Stripe customer ID, subscription status, invoice data, card last-4. Full card numbers are never stored by us — they are captured directly by Stripe. Purpose: subscription billing, invoicing. Legal basis: Art. 6(1)(b) and Art. 6(1)(c). Retention: invoices 10 years (HGB §257).
Data: user-published cargo/vehicle listings, prices, locations, contact data. Purpose: publication and matching of cargo and vehicle offers. Legal basis: Art. 6(1)(a) (consent — active publication by the user). Retention: until deletion by the user or 90 days after inactivity.
Data: anonymous device token from Firebase Cloud Messaging. Purpose: delivery of critical system and emergency notifications; optionally marketing push. Legal basis: Art. 6(1)(f) for system-critical; Art. 6(1)(a) for marketing push. Retention: until push is disabled or the account is deleted.
Data: acceleration, braking, speed compliance, punctuality (aggregated from the GPS data above). Purpose: training identification and safety monitoring by the company admin. Notice under Art. 22 GDPR: the score is used exclusively internally. It has no automated legal effect on the driver. A natural person (the company admin) decides on any measures based on the score. Right to human review: you may at any time request a manual review of your score, present your point of view, and object (Art. 21 GDPR). Legal basis: Art. 6(1)(f). Retention: 24 months, then anonymized.
The algorithm recommends an optimized stop order. This function is purely advisory and non-binding — the driver may deviate at any time. There is no automated decision producing legal effect within the meaning of Art. 22 GDPR.
Data: request IDs, anonymized user IDs, error stacktraces. PII payloads are filtered before transmission to Sentry. Purpose: operational security, error diagnosis, SOS escalation to the admin pool. Legal basis: Art. 6(1)(f). Retention: 30 days raw, 90 days aggregated.
Data: IP address, timestamp, URL accessed, HTTP status code, user agent, referrer. Purpose: operational security, abuse and attack detection. Legal basis: Art. 6(1)(f). Retention: 30 days.
We share your data with the following processors under data-processing agreements (Art. 28 GDPR):
| Recipient | Function | Location | Transfer safeguard |
|---|---|---|---|
| Stripe Inc. / Stripe Payments Europe Ltd. | Payment processing | US / IE | EU-US Data Privacy Framework + SCC |
| Sendinblue SAS (Brevo) | Transactional email | FR | EU-internal processing |
| Mailgun Technologies Inc. | Secondary email gateway | US | SCC |
| Twilio Inc. / Twilio Ireland Ltd. | SMS (emergency, monitoring) | US / IE | SCC + EU subprocessor |
| Google LLC (Firebase Cloud Messaging) | Push notifications | US | EU-US Data Privacy Framework |
| Functional Software Inc. (Sentry) / Sentry GmbH | Error tracking | US / AT | SCC + EU subprocessor |
| Cloudflare, Inc. (R2) | File storage | Global edge (EU data residency) | SCC + EU data residency |
| Contabo GmbH | Server hosting | Data center: Lauterbourg, France (EU) | EU-internal processing |
No transfer to other third parties takes place unless we are legally obliged to do so (e.g. by court order).
Some processors are located in the US (Stripe, Mailgun, Twilio Inc., Google/Firebase, Sentry Inc., Cloudflare). Each transfer is based on one of: - EU-US Data Privacy Framework (Stripe, Google/Firebase): certified recipients guaranteeing a level of protection equivalent to the EU. - Standard Contractual Clauses (SCC) of the EU Commission (Mailgun, Twilio, Sentry, Cloudflare): contractual commitment to comply with European data-protection standards.
A current list of processors and their safeguards is available on request (dataprivacy@nex.company).
| Data category | Retention |
|---|---|
| Account data | Until deletion + 30-day backup |
| GPS positions | 30/60/90/180/365 days (tier-based) + 30-day hard-delete |
| Route data | Until account deletion |
| Cargo documents (ePOD/eCMR) | 10 years (HGB §257, AO §147) |
| Logbook | 10 years (GoBD) |
| Fuel-card data | 10 years (accounting) |
| Chat messages | 12 months after last activity |
| SOS events | 24 months, then anonymized |
| Payment / invoice data | 10 years (HGB §257) |
| Marketplace listings | Until deletion or 90 days inactivity |
| Push token | Until disabled |
| Driver Score | 24 months |
| Monitoring / error logs | 30 days raw, 90 days aggregated |
| Server logs | 30 days |
As a data subject you have the following rights vis-à-vis us as controller: - Right of access (Art. 15 GDPR) - Right of rectification (Art. 16 GDPR) - Right of erasure (Art. 17 GDPR) — unless legal retention obligations apply - Right of restriction (Art. 18 GDPR) - Right of data portability (Art. 20 GDPR) — JSON export available - Right of objection (Art. 21 GDPR) — including the Driver Score - Right to withdraw consent (Art. 7(3) GDPR) — at any time, effective for the future; lawfulness of prior processing is unaffected - Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The lead authority in Germany is the Federal Commissioner for Data Protection and Freedom of Information (BfDI), Graurheindorfer Straße 153, 53117 Bonn. Users in other EU member states may contact their local supervisory authority.
To exercise these rights, please contact dataprivacy@nex.company.
| Cookie | Purpose | Retention | Legal basis |
|---|---|---|---|
| Session cookie | Login state | End of session | Art. 6(1)(b) — necessary |
_ga, _gid, _gat (Google Analytics 4) |
Audience measurement | up to 24 months | Art. 6(1)(a) — consent |
| Stripe.js | Secure payment | Active only at checkout | Art. 6(1)(b) |
| Consent cookie | Stores your cookie choice | 12 months | TTDSG §25(2) No. 2 |
Analytics cookies are loaded only after your explicit consent via our cookie banner. You can change or withdraw your selection at any time via the "Cookie settings" link at the bottom of the page.
Our servers are located in the data center of our hosting provider Contabo GmbH in Lauterbourg, Grand Est, France (postal code 67630). Processing therefore takes place within the European Union. No transfer of your account, route or cargo data to third countries takes place other than via the specific processors listed in Section 4 and 5.
Our service is not directed at children under 16. We do not knowingly collect personal data of children. Where the consent of a person under 16 is required, it must be given or authorized by the holder of parental responsibility (Art. 8 GDPR).
We do not make automated decisions producing legal effects concerning you. Route optimization is purely advisory; the Driver Score is used exclusively internally for training identification and safety monitoring — the decision on any concrete measures is always made by a human company admin. See Sections 3.12 and 3.13.
We reserve the right to adapt this Privacy Policy to reflect legal changes or changes in our processing. The current version is available at https://nexstops.com/privacy. We notify you of material changes by email and via in-app notification at least 30 days before they take effect.
Email: dataprivacy@nex.company Post: NEX NEXT EXPERIENCE LLP, Data Protection, 5307 Victoria Drive #458, Vancouver, BC, V5P 3V7, Canada