Nexstock — Privacy Policy
Premier Tech Lab Ltd. (“Nexstock”, “we”, “us”, “our”) respects your privacy. Nexstock is a product of Premier Tech Lab Ltd. This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have. It applies to our inventory, point-of-sale, sales, and invoicing software, applications, websites, and APIs (the “Service”).
This Policy should be read together with our Terms of Service.
1. Who we are and our two roles
Nexstock is a business tool used by organizations (“Merchants”) to run their inventory and sales operations. Our privacy responsibilities differ depending on whose data is involved:
- As a controller — for the personal data of Merchants, their account contacts, and Authorized Users (e.g. owners, managers, cashiers), and for visitors to our website, we decide how and why the data is processed, and this Policy governs.
- As a processor — for the personal data of a Merchant’s End Customers (e.g. a buyer named on an invoice, or a registered customer record) that a Merchant enters into the Service, the Merchant is the controller and we process that data only on the Merchant’s instructions. If you are an End Customer, please contact the relevant Merchant to exercise your rights; we will assist the Merchant as required.
2. Information we collect
a) Information you provide to us (as a Merchant / Authorized User):
- Identity & account data — name, email address, password (stored only as a secure hash), role, and profile details.
- Organization data — business name, branches, tax identification details, logo, and configuration/settings.
- Billing data — subscription plan and payment metadata. Card payments are processed by Stripe; we do not store full card numbers.
- Support communications — messages, requests, and feedback you send us.
b) Information you enter about your business operations:
- Product, inventory, supplier, sales, invoice, proforma, transfer, shift/cash, and discount records.
- End Customer records you choose to store — which may include a customer’s name, phone number, email address, postal address, and tax identification number (TIN).
c) Information we collect automatically:
- Usage & device data — log data, IP address, browser/device type, pages and features used, and timestamps.
- Cookies and similar technologies — used for authentication, session management, security, preferences (such as light/dark theme), and to keep you signed in. See Section 6.
- Diagnostic data — error and performance information collected via our error-monitoring provider to keep the Service reliable.
We do not intentionally collect special-category (sensitive) personal data, and you should not enter such data into free-text fields.
3. How and why we use information
We use personal data to:
- Provide the Service — create and manage your Account, authenticate users, and deliver core inventory/POS/invoicing functionality.
- Process payments — manage subscriptions and billing through Stripe.
- Communicate — send transactional and service messages (e.g. password resets, low-stock alerts you opt into, invoices, and important notices) via our email provider.
- Secure and protect — detect, prevent, and investigate fraud, abuse, security incidents, and Terms violations; maintain audit logs.
- Support — respond to your requests and troubleshoot issues.
- Improve — understand usage to maintain, debug, and enhance the Service (using aggregated or minimized data wherever practicable).
- Comply with law — meet legal, tax, accounting, and regulatory obligations.
Legal bases (where required, e.g. Ghana DPA / GDPR)
We rely on one or more of: performance of a contract (providing the Service to you); legitimate interests (securing and improving the Service, preventing fraud) balanced against your rights; consent (e.g. optional email alerts and certain cookies), which you may withdraw at any time; and compliance with a legal obligation.
4. Email and notifications
We send transactional emails necessary to operate the Service (e.g. account, password, and invoice-related messages). Some notifications, such as low-stock digests, are opt-in and can be turned off in your settings. We do not sell your contact information.
5. How we share information
We do not sell personal data. We share it only as follows:
a) Service providers / sub-processors who process data on our behalf under contract, including:
| Provider | Purpose | Notes |
|---|---|---|
| Supabase | Database, authentication, and backend infrastructure | Stores Account and operational data |
| Vercel | Application hosting and content delivery | Serves the Service |
| Stripe | Subscription billing and payment processing | Handles card data directly |
| Resend | Transactional and notification email delivery | Sends Service emails |
| Sentry | Error and performance monitoring | Diagnostic data to keep the Service reliable |
A current list of sub-processors is available on request.
b) Legal and safety — when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Premier Tech Lab Ltd., our users, or the public.
c) Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
d) With your direction — when you or your Merchant instruct us to share data (e.g. integrations you enable).
6. Cookies and similar technologies
We use strictly-necessary cookies and local storage for authentication, session security, and remembering preferences (such as your theme). We may use a limited set of functional/analytics technologies to understand and improve usage. You can control cookies through your browser; disabling strictly-necessary cookies may prevent you from signing in.
7. International data transfers
We and our service providers operate across multiple regions, and your information may be stored and processed in countries outside Ghana, including in the European Union and the United States, depending on our providers’ globally distributed infrastructure. Where personal data is transferred across borders, we take the steps required by applicable law — including appropriate contractual safeguards with our providers — to ensure it remains protected to a standard consistent with this Policy.
8. Data retention
We retain personal data for as long as your Account is active and as needed to provide the Service, then for the period required to comply with legal, tax, and accounting obligations, resolve disputes, and enforce agreements. After account termination, Your Data may be exported on request for 30 days and is then deleted in the ordinary course, subject to legal retention requirements and routine backup cycles. End Customer data is retained per the controlling Merchant’s instructions.
9. How we protect information
We use technical and organizational measures appropriate to the risk, including: encryption in transit; hashed passwords; row-level security and role/permission-based access controls; tenant data isolation; audit logging of sensitive actions; and access restricted to personnel who need it. No system is perfectly secure, but we work to protect your data and will notify you and any authority of a personal-data breach where required by law.
10. Your rights
Subject to applicable law (including the Ghana Data Protection Act, 2012 (Act 843) and, where applicable, the GDPR), you may have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- delete your data (“right to erasure”), within legal limits;
- restrict or object to certain processing;
- port your data to another provider;
- withdraw consent where processing is based on consent; and
- complain to a data-protection authority — in Ghana, the Data Protection Commission.
To exercise these rights as a Merchant or Authorized User, contact us at info@premiertechlab.com. End Customers should contact the Merchant that holds their data; we will support the Merchant in responding. We may need to verify your identity before acting and will respond within the timeframe required by law.
11. Children’s privacy
The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Third-party links
The Service or our communications may link to third-party sites or services we do not control. This Policy does not apply to them; review their privacy policies.
13. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide reasonable notice (e.g. by email or in-product notice). Continued use after the changes take effect constitutes acceptance.
14. Contact us
For privacy questions or to exercise your rights:
Premier Tech Lab Ltd. — Privacy Contact
4th Floor, Silver Star Tower, Airport, Accra–Ghana
Email: info@premiertechlab.com
Premier Tech Lab Ltd. is registered with the Data Protection Commission of Ghana.
