Privacy Policy

Last Updated: October 12, 2025

1. Introduction

This Privacy Policy describes how AY Group ("we", "us", or "our") collects, uses, and protects your information when you use the Nuvex software platform (the "Service").

2. Information We Collect

A) Information you provide directly

  • Account details (name, email, company, phone, billing address)
  • Payment information (handled by PCI-compliant processors)
  • Content entered into modules (HR, CRM, Projects, Accounting, Inventory, POS), attachments, and comments
  • Support requests, feedback, surveys

B) Data collected automatically

  • Usage logs (pages/features used, timestamps, crash reports)
  • Device and network data (browser type, OS, IP address, language, referrer, approximate location)
  • Cookies and similar technologies

C) Data from third parties (when you connect them)

  • Integrations you enable (e.g., payment gateways, storage, calendars, shipping, messaging, analytics)
  • Identity providers (SSO), if enabled

3. How We Use Data

We use your data to:

  1. Provide the Service: account creation, authentication, core features across modules
  2. Operate & improve: monitoring, debugging, analytics, product development
  3. Security: fraud prevention, abuse detection, incident response
  4. Communications: service notices, onboarding, updates, billing emails
  5. Legal & compliance: enforcing terms, tax & accounting, regulatory requests
  6. Marketing: with consent or where permitted; you can opt out anytime
  7. AI Assist: generate content/suggestions (optional)

4. Data Sharing

We do not sell personal data. We share data only with:

  • Sub-processors that help us deliver Nuvex (hosting, email, payments, telemetry, support)
  • Integrations you enable, under their own privacy terms
  • Professional advisors (legal, accounting) under confidentiality
  • Authorities where required by law or to protect rights, safety, and security
  • Business transfers (merger, acquisition); we'll notify you of material changes

5. Data Retention

We retain data for as long as needed to provide the Service and for legitimate business/legal purposes:

  • Account & billing records: 7 years (tax/audit)
  • Logs & telemetry: 6-18 months (security & diagnostics)
  • Support tickets: up to 3 years
  • Free Testing tenants: may be purged after inactivity of 30-90 days

6. Security

We apply reasonable technical and organizational measures: encrypted transit (TLS), hardened hosting, access controls, backups, role-based permissions, and security reviews.

7. Your Rights

  • Access/Correction/Deletion: Manage via settings or contact us
  • Portability: Export features are available for many modules
  • Marketing Opt-out: Unsubscribe links are included in emails
  • Cookies: Control via browser settings or our cookie banner

8. Contact Us

Questions, requests, or complaints: nuvex@ay-group.net

Postal: Azaiba, Muscat, Sultanate of Oman

9. Changes to this Policy

We may update this Policy to reflect changes in law, features, or practices. We will post the new version with an updated "Effective date" and, for material changes, provide notice via the Service or email.