LegalBack to home

Privacy Policy

Last updated: January 2025

1. Introduction

Nexub Pte. Ltd. (“Nexub”, “we”, “our”, or “us”), incorporated in Singapore (UEN 202200001A), operates nexub.com and the Nexub platform. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our services. We are committed to compliance with Singapore’s Personal Data Protection Act 2012 (PDPA) and India’s Digital Personal Data Protection Act 2023 (DPDP Act).

2. Information We Collect

We collect the following categories of personal data:

  • Account data: name, email, phone, and company details when you register.
  • Business data: company financial records, employee data, and payroll information you input into our products.
  • Usage data: pages visited, features used, browser type, IP address (anonymized), and session duration.
  • Payment information: billing address and last 4 digits of payment card only — full card numbers are processed directly by Stripe and never stored on Nexub servers.
  • Communications: emails and support tickets you send us.

3. How We Use Your Information

  • Service delivery: to operate Leap, Bookub, Payub, and Founderub.
  • Compliance filings: to submit your data to ACRA, IRAS, CPF Board (Singapore) or MCA, GSTN, EPFO (India) as instructed by you.
  • Account management: billing, authentication, and customer support.
  • Communications: product updates, compliance reminders, and marketing (you can unsubscribe anytime).
  • Analytics: anonymized usage data to improve our products.
  • Legal obligations: when required by Singapore or Indian law.

4. Legal Basis for Processing

  • Contractual necessity: operating your account.
  • Legitimate interests: improving products and preventing fraud.
  • Legal obligation: regulatory filings.
  • Consent: marketing communications.

5. Data Sharing

We share personal data only in the following circumstances:

  • Service providers: AWS (hosting, Singapore region), Stripe (payments), Intercom (support), Mixpanel (anonymized analytics) — all under data processing agreements.
  • Regulators: ACRA, IRAS, CPF Board (Singapore) or MCA, GSTN, EPFO, IT department (India) — only when required to complete filings you instruct us to make.

We never sell personal data to third parties.

6. Data Retention

  • Active accounts: data retained for the duration of your subscription plus 7 years (required for tax record keeping under Singapore Income Tax Act and India IT Act).
  • Deleted accounts: personally identifiable data deleted within 30 days.
  • Anonymized analytics: retained indefinitely.

7. Your Rights

Singapore users (PDPA): right of access to your personal data, right to correct inaccurate data, and right to withdraw consent for non-essential processing.

India users (DPDP Act): right of access, right to correction and erasure, right to grievance redressal (we respond within 72 hours), and right to nominate.

To exercise your rights, email privacy@nexub.com with “Data Rights Request” in the subject line. We respond within 30 days.

8. Cookies

  • Essential cookies: session management and authentication.
  • Analytics cookies: Google Analytics 4 — anonymized, opt-out available.

We do not use advertising or tracking cookies. You can manage cookies in your browser settings. Our cookie banner lets you decline non-essential cookies.

9. Security

  • Data encrypted in transit using TLS 1.3.
  • Data encrypted at rest using AES-256.
  • Access controls with role-based permissions.
  • We are working toward SOC 2 Type II certification.

Report security issues to security@nexub.com.

10. Data Transfers

Data is primarily stored in AWS Singapore (ap-southeast-1). India user data is additionally replicated to AWS Mumbai (ap-south-1) to comply with DPDP Act data localization requirements.

11. Children’s Privacy

Our services are intended for business use by persons aged 18 or above. We do not knowingly collect data from minors.

12. Contact & DPO

Data Protection Officer
Nexub Pte. Ltd., 10 Anson Road, #10-11, Singapore 079903
Email: privacy@nexub.com

13. Changes to This Policy

We will notify registered users by email at least 14 days before making material changes. Continued use after the effective date constitutes acceptance.