Privacy Policy

Last updated: April 2026

Data Controller

EuroSourcingCenter Limited, 47, Oyia Business Centre Level 0, Cross Road, Marsa MRS 1547, Malta. Email: privacy@nexapto.com

Data We Collect

When you create an account, we collect your email address, display name, and role selection. If you sign in via Google or LinkedIn, we receive your name and email from the OAuth provider. We also collect usage data such as login timestamps and language preferences.

Legal Basis for Processing

We process your data based on: (a) your consent for account creation (Art. 6(1)(a) GDPR), (b) performance of our service contract (Art. 6(1)(b) GDPR), and (c) legitimate interest for platform security and improvement (Art. 6(1)(f) GDPR).

Data Sharing

We share your data only with essential service providers: Resend (transactional email), Cloudflare (CDN and security), and OAuth providers (Google, LinkedIn) when you choose social login. Your profile data is visible to recruiters or freelancers on the platform according to your role. We do not sell your data.

Data Retention

Account data is retained for the duration of your membership. After account deletion, data enters a 30-day grace period before permanent removal. Anonymized usage analytics may be retained indefinitely.

Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You can delete your account in the Settings page. For other requests, contact us at privacy@nexapto.com.

Contact

For privacy-related inquiries, contact the data controller at privacy@nexapto.com or at the postal address listed above.