This Privacy Policy explains how Nexo Technologies (Pty) Ltd collects, uses, stores, and protects your personal information. It is written in plain language as required by the Consumer Protection Act 68 of 2008 and complies with the Protection of Personal Information Act 4 of 2013 (POPIA).
By using our website or services, you confirm that you have read and understood this policy.
Nexo Technologies (Pty) Ltd (Registration No. 2024/608377/07) is a private company incorporated in the Republic of South Africa. We operate the nexo.app platform — a point-of-sale software and payment processing service for South African businesses.
As the entity that determines the purpose and means of processing your personal information, Nexo Technologies (Pty) Ltd is the Responsible Party as defined in POPIA.
Our registered details as required by the Electronic Communications and Transactions Act 25 of 2002 (ECTA):
We collect personal information only to the extent necessary to provide our services.
Information you provide directly:
Information collected automatically:
Information from third parties:
We use your personal information for the following purposes:
| Purpose | Details |
|---|---|
| Service delivery | Setting up and managing your POS account, processing transactions, and providing technical support |
| Onboarding | Verifying your identity and business details as required by our banking partners and applicable law |
| Communication | Sending account updates, invoices, security alerts, and responding to support queries |
| Marketing | Sending product updates and promotional offers — only with your consent, and you may opt out at any time |
| Analytics | Understanding how our platform is used to improve features and performance |
| Legal compliance | Meeting obligations under POPIA, FICA, ECTA, and other applicable South African legislation |
| Fraud prevention | Detecting and preventing fraudulent transactions and unauthorised access |
We will not use your personal information for any purpose other than those listed above without obtaining your prior consent.
Under POPIA, we process your personal information on the following lawful grounds:
We do not sell, rent, or trade your personal information. We share it only in the following circumstances:
All third parties who process personal information on our behalf are contractually required to comply with POPIA.
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account and contact information | Duration of the contract + 5 years |
| Transaction records | 5 years (SARS and banking regulatory requirements) |
| FICA / KYC documents | 5 years after the business relationship ends |
| Marketing consent records | Until consent is withdrawn + 3 years |
| Website usage data | 24 months from collection |
| Support communications | 3 years from last interaction |
Once the retention period has lapsed, we will securely delete or anonymise your personal information.
As a data subject, you have the following rights under the Protection of Personal Information Act:
To exercise any of these rights, contact our Information Officer at [email protected]. We will respond within 30 days as required by POPIA.
Information Regulator of South Africa:
Website: www.justice.gov.za/inforeg
Email: [email protected]
Tel: 010 023 5207
Some of our service providers may be located outside South Africa (for example, cloud infrastructure providers). Where we transfer personal information across South African borders, we ensure that:
We will not transfer personal information outside South Africa where the protection of your information may be compromised.
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against:
Our security measures include industry-standard encryption (TLS/SSL), access controls, regular security assessments, and staff training on data protection obligations.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and affected data subjects as required by POPIA Section 22, within a reasonable time.
We use cookies and similar tracking technologies on our website to improve your experience and analyse usage.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the website to function correctly (e.g. session management) | Session |
| Analytics | Google Analytics — understanding site usage and performance | Up to 24 months |
| Marketing | Meta Pixel — measuring ad campaign effectiveness | Up to 90 days |
You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use our core services.
Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from children under the age of 18. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by:
Your continued use of our services after notification constitutes acceptance of the updated policy.
For any privacy-related queries, requests, or complaints, contact our Information Officer:
Information Officer
Jared David Chellan
Nexo Technologies (Pty) Ltd
Email: [email protected]
Phone: 076 690 8838
Post: Unit G07 InoSpace Malibongwe Exchange, 123 Malibongwe Drive, Strydompark, Johannesburg, 2195, South Africa
We are registered with the Information Regulator of South Africa as required by POPIA Section 55.