Privacy Policy
Effective: May 9, 20261. Information We Collect
Information You Provide Directly
We collect information you voluntarily share when you:
- Submit our contact form (name, email, phone, practice name, message, topic of inquiry)
- Book a strategy call through Calendly (name, email, phone, time slot)
- Email us directly at our contact addresses
- Engage us as a client (business information, account credentials for platforms you authorize us to manage, payment details)
Information Collected Automatically
When you visit our website, we automatically collect:
- IP address, browser type, device information, and operating system
- Pages visited, time spent, referral source, and click behavior
- Approximate geographic location based on IP address
- Cookies and similar tracking technologies (see Section 6 below)
Information We Do NOT Collect
NexioBit’s website is not designed to collect Protected Health Information (PHI) under HIPAA. Please do not submit patient information, medical records, or PHI through our contact forms. If you are a current client and need to share PHI as part of our services, we will provide a separate HIPAA-compliant channel under a Business Associate Agreement (BAA).
2. How We Use Information
We use the information we collect to:
- Respond to your inquiries and provide requested information about our services
- Schedule and conduct strategy calls and consultations
- Provide marketing services to clients (CRM setup, ads, SEO, websites, automation, AI agents)
- Send service-related communications (project updates, invoices, support)
- Send marketing communications about NexioBit’s services (you can opt out anytime)
- Improve our website, services, and customer experience
- Comply with legal obligations and protect our rights
3. How We Share Information
We do not sell, rent, or trade personal information. We share information only in these specific circumstances:
With Service Providers
We use third-party services to operate our business. These providers may receive your information only as needed to perform their services for us:
| Service Provider | Purpose |
|---|---|
| Calendly | Strategy call scheduling |
| Brevo (formerly SendinBlue) | Email delivery |
| Google Analytics | Website analytics |
| Google Search Console | Search performance monitoring |
| Bluehost | Website hosting |
| YouTube | Video hosting (testimonials) |
| GoHighLevel | Client CRM (only for engaged clients) |
| Stripe / payment processors | Payment processing (clients only) |
For Legal Reasons
We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety, or that of our clients or the public.
In Business Transfers
If NexioBit is involved in a merger, acquisition, or sale of assets, your information may transfer to the successor entity. You will be notified of any change in ownership or use of your personal information.
With Your Consent
We will share your information for any purpose with your explicit consent.
4. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website, analyze traffic, and improve user experience. Cookies are small data files stored on your device.
Types of Cookies We Use
- Essential cookies: Required for the website to function (e.g., session management)
- Analytics cookies: Help us understand how visitors use our site (Google Analytics)
- Functionality cookies: Remember your preferences and settings
You can control cookies through your browser settings. Disabling cookies may affect website functionality. Most browsers allow you to refuse cookies or alert you when cookies are being sent.
5. Third-Party Links and Services
Our website may contain links to third-party websites and services (such as YouTube videos, LinkedIn profiles, and Calendly booking pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
6. Data Retention
We retain personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods:
- Contact form submissions: 24 months (then deleted unless you become a client)
- Client records: 7 years after engagement ends (for tax and legal purposes)
- Marketing email lists: Until you unsubscribe
- Analytics data: 26 months (Google Analytics standard retention)
7. Data Security
We implement reasonable technical and organizational measures to protect your information, including:
- HTTPS encryption for all website traffic
- Secure password practices and access controls
- Limiting access to personal information on a need-to-know basis
- Regular security updates to our systems and platforms
- HIPAA-compliant configurations for client data when applicable, under signed BAAs
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Your Privacy Rights
For California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and share
- Request deletion of your personal information
- Request correction of inaccurate personal information
- Opt out of the “sale” or “sharing” of personal information (we do not sell or share for cross-context behavioral advertising)
- Limit the use of sensitive personal information
- Non-discrimination for exercising these rights
For EU/UK Residents (GDPR)
If you are in the European Union or United Kingdom, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
- Lodge a complaint with your local data protection authority
How to Exercise Your Rights
To exercise any of these rights, email [email protected] with the subject line “Privacy Request.” We will respond within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).
9. Children’s Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately and we will delete it.
10. Do Not Track
Some browsers offer a “Do Not Track” (DNT) signal. Because there is no universal standard for DNT signals, we currently do not respond to DNT signals. We will update this policy if industry standards change.
11. International Users
NexioBit is based in the United States and our services are designed for US-based medical spas. If you access our website from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.
12. HIPAA and Client Data
For clients who engage NexioBit to manage HIPAA-protected systems (such as patient CRM, intake forms, or appointment workflows), we sign a Business Associate Agreement (BAA) and implement HIPAA-compliant safeguards. Patient data is governed by the BAA, not by this Privacy Policy. This Privacy Policy applies to website visitors and our business relationship with you, not to patient information you handle within HIPAA-covered systems.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:
- Update the “Effective” date at the top of this policy
- Post a notice on our website
- For significant changes, notify clients by email
We encourage you to review this policy periodically.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:
NexioBit
Email: [email protected]
Website: nexiobit.com/contact
Questions about your privacy?
Email us anytime — we respond within one business day.
[email protected]