/
Book a consultation

Legal

Privacy Policy

Last updated: May 14, 2026

Definitions and Legal References

  • Website / Application: nexitomedia.com — the property that enables the provision of the Service.
  • Owner / We / Us: NEXITO MEDIA LLC — the legal entity that provides this Website and/or the Service to Users.
  • User / You: The natural person or legal entity that uses this Website.
  • Service: The service provided by this Website as described in these Terms and on this Website.
  • Personally Identifiable Information (PII): Information that identifies or could locate a person, including name, address, phone number, email address, financial profiles, and similar data. Anonymous or aggregated demographic data is excluded.
  • Cookies: A string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns.
  • Data Controller (GDPR): The company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Owner and Data Controller:
NEXITO MEDIA LLC
1309 Coffeen Avenue STE 1200
Sheridan, WY 82801, United States
Email: support@nexitomedia.com

Although NEXITO MEDIA LLC is incorporated in the United States, this website is directed at business clients in the European Union, Germany, Austria, Switzerland and the United Kingdom. Accordingly, we apply the standards of the EU General Data Protection Regulation (GDPR / DSGVO) and — where applicable — the German Telecommunications-Telemedia Data Protection Act (TTDSG).

1. What Personally Identifiable Information is Collected?

We collect basic user profile information from all users. When you contact us, we collect: name, email address, subject, and message content. When you book a consultation, we collect: name and email address. We may also collect information that the User intends to engage us for services.

GDPR Definition:"Any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity."

CCPA Definition:"Any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You."

2. Data we collect and legal bases

2.1 Contact form

When you submit our contact form, we collect your name, email address, subject and message content. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). Data is retained for as long as necessary to fulfil the enquiry and any resulting business relationship.

2.2 Booking a consultation

When you book a consultation via our booking page, you provide your name and email address. This data is processed via Cal.com. Legal basis: Art. 6(1)(b) GDPR. See Cal.com's privacy policy at cal.com/privacy.

2.3 Server and access logs

Our hosting provider automatically logs standard server access data including IP address (truncated after 24 hours), browser type, referring URL and pages visited. This data is used solely for security and performance monitoring. Legal basis: Art. 6(1)(f) GDPR. Retention: up to 30 days.

2.4 Analytics (Google Analytics 4)

With your consent, we use Google Analytics 4 (GA4) to understand how visitors use this website. GA4 is only activated after you accept analytics cookies via our cookie banner. IP anonymisation is enabled. Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 25 TTDSG. You can withdraw consent at any time via Cookie Settings in the footer.

2.5 Marketing tracking (Meta Pixel + Conversions API)

With your consent, we use the Meta Pixel (browser-side) and Meta Conversions API (server-side) to measure the effectiveness of advertising on Facebook and Instagram. When you submit our contact form, your hashed email address, IP address and browser information may be transmitted to Meta Platforms Inc. (USA) for conversion attribution. Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 25 TTDSG. You can withdraw consent at any time via Cookie Settings in the footer.

2.6 Cookies and local storage

We use strictly necessary cookies for theme preference and consent storage. These contain no personal data. Analytics and marketing cookies are only set after explicit consent. For full details see our cookie notice in the consent banner.

3. Behavioral Remarketing

We use remarketing services to advertise to you after you have visited our website. We and our third-party vendors use cookies and non-cookie technologies to help recognise your device and understand how you use our Service so that we can improve it, and to deliver advertising that may be of interest to you.

Third-party vendors working on our behalf may use this information to:

  • Measure and analyse traffic and browsing activity on our Service
  • Show advertisements for our products and/or services to you on third-party websites or apps
  • Measure and analyse the performance of our advertising campaigns

Facebook / Meta Remarketing: Remarketing service provided by Meta Platforms Inc. You can learn about interest-based advertising from Facebook at facebook.com/help/516147308587266 and opt out via your Facebook settings or via Facebook ad preferences. Data Policy: facebook.com/privacy/policy/

Google Ads / Remarketing: Service provided by Google LLC. Google uses the DoubleClick Cookie to track use of this website and user behaviour concerning ads, products and services. You can opt out at adssettings.google.com.

Additional opt-out options:

Remarketing is only activated after you accept marketing cookies via our consent banner. You can withdraw consent at any time via Cookie Settings in the footer.

4. Third-party service providers

We use the following service providers that may process personal data on our behalf or as independent controllers:

Website infrastructure

  • Vercel Inc. (US) — Website hosting and deployment. DPA in place. Data Privacy Framework (DPF) certified. Privacy Policy
  • Cloudflare Inc. (US) — DNS, CDN and DDoS protection. Processes IP addresses at the network edge. DPF certified. EU Data Localization Suite in use. Privacy Policy
  • Namecheap Inc. (US) — Domain registrar. Processes registrant data for domain management. Privacy Policy
  • Render (Render Services Inc.) (US) — Application hosting for certain backend services. SCCs in place. Privacy Policy

Communication and email

  • Resend Inc. (US) — Transactional email delivery for contact form submissions. Processes sender/recipient metadata. SCCs in place. Privacy Policy
  • Google LLC (US) — Google Workspace and Gmail for internal business communication. DPF certified. Privacy Policy

Analytics and marketing

  • Google LLC (US) — Google Analytics 4. DPF certified. Only activated after consent. Privacy Policy
  • Meta Platforms Inc. (US) — Meta Pixel and Conversions API. DPF certified. Only activated after consent. Privacy Policy

Database and storage

  • Supabase Inc. (US) — Database infrastructure. Not DPF certified. Transfer based on Standard Contractual Clauses (SCCs Module 2, EU Decision 2021/914). EU project region selected. Privacy Policy

Business operations

  • Zoho Corporation Pvt. Ltd. (India/US) — Accounting software (Zoho Books). Processes customer invoicing data. DPA in place. Privacy Policy
  • Make (Celonis SE, formerly Integromat) (EU/US) — Workflow automation. Processes data as directed. SCCs in place. Privacy Policy

Artificial intelligence tools

We use AI tools in the course of our work. Where client data is involved, we apply data minimisation (no client names, no sensitive details in prompts). The following providers are in use:

  • Anthropic, PBC (US) — Claude AI. Not DPF certified. Transfer based on SCCs Module 2. Privacy Policy
  • OpenAI Ireland Limited (EU/US) — ChatGPT. EEA users contract with OpenAI Ireland. US backend processing via SCCs Module 3. Privacy Policy
  • Google LLC (US) — Gemini. DPF certified. Privacy Policy
  • OpenRouter Inc. (US) — AI model routing. SCCs in place. Privacy Policy

5. What organisations are collecting the information?

Third-party service vendors providing services on our behalf may collect information as described in Section 4 above. We do not control how these third parties use such information beyond our contractual arrangements with them, but we require them to disclose how they use personal information provided to them.

We will disclose Personally Identifiable Information in order to comply with a court order, subpoena or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our Users.

6. How is Personally Identifiable Information stored?

Personally Identifiable Information collected by NEXITO MEDIA LLC is securely stored and is not accessible to third parties except for use as indicated above. All employees and contractors with access to personal data operate under confidentiality obligations.

We implement appropriate technical and organisational measures (Art. 32 GDPR) including TLS encryption for all data in transit, access controls, and regular security reviews. We use reputable infrastructure providers with established security certifications. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering and break-ins, and we cannot guarantee that such events will not take place.

7. Retention Time

  • Contact form enquiries: retained for the duration of the business relationship and deleted within 3 years of last contact, unless a longer statutory retention period applies
  • Invoicing and accounting data: 10 years (statutory obligation under US and applicable EU law)
  • Server access logs: up to 30 days
  • Analytics data: 14 months (GA4 default, configured in Google Analytics)
  • Consent records: 3 years from the date of consent

Personal data processed for contract performance is retained until contract fulfilment is complete. Data processed on the basis of consent may be retained longer if the user has given consent; the user may withdraw consent at any time. After expiration of the applicable retention period, Personal Data shall be deleted.

8. International data transfers

NEXITO MEDIA LLC is based in the United States. Data submitted via this website may be transferred to and processed in the US or other third countries. Where such transfers occur, we rely on one or more of the following mechanisms:

  • EU-US Data Privacy Framework (DPF) adequacy decision — for DPF-certified providers
  • Standard Contractual Clauses (SCCs) pursuant to EU Commission Decision 2021/914 — for non-DPF providers including Supabase, Anthropic and OpenRouter
  • UK Adequacy Decision (renewed December 2025, valid until December 2031) — for transfers to the United Kingdom

9. GDPR Privacy — Your Rights

The Company undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights. If you are located in the EU, EEA, UK or Switzerland, you have the following rights under GDPR Articles 15–22:

  • Right to Access (Art. 15): The right to access, update or request a copy of the information we hold on you.
  • Right to Rectification (Art. 16): You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to Erasure (Art. 17): You have the right to ask us to delete or remove Personal Data when there is no good reason for us to continue processing it ("right to be forgotten").
  • Right to Restriction (Art. 18): You have the right to request restriction of processing of your Personal Data.
  • Right to Data Portability (Art. 20): We will provide to you, or to a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): This right exists where we are relying on a legitimate interest as the legal basis for processing and there is something about your particular situation which makes you want to object. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)): You have the right to withdraw your consent on the use of your Personal Data at any time. You can withdraw consent via Cookie Settings in the footer or by emailing us.

To exercise any of these rights, contact us at support@nexitomedia.com. We will try to respond as soon as possible and in any case within one month (Art. 12 GDPR). We may ask you to verify your identity before responding. You also have the right to lodge a complaint with your local supervisory authority. For Germany: BfDI. For Austria: DSB. For Switzerland: EDÖB. For the UK: ICO.

10. CCPA Privacy — California Residents

This section applies to California residents under the California Consumer Privacy Act (CCPA).

Information we collect

We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked with a particular consumer or device. The categories of personal information we may collect include: identifiers (name, email address, IP address); commercial information (services requested); internet or other electronic network activity information (browsing behaviour on our website); and inferences drawn from the above categories.

We collect this information directly from users (via forms and communications) and indirectly from users (by observing actions on the website).

Use of personal information

We use personal information to:

  • Fulfil or meet the reason you provided the information (e.g. responding to an enquiry)
  • Process and manage service engagements
  • Respond to support requests and investigate concerns
  • Comply with applicable law and defend our rights

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Your rights under the CCPA

  • Right to Notice: You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
  • Right to Request: Upon verifying your identity, we will disclose the categories of personal information collected, the sources, the business purposes, and the specific personal information collected about you.
  • Right to Opt-Out: You have the right to direct us not to sell your personal information. To submit an opt-out request, please contact us at support@nexitomedia.com.
  • Right to Delete: You have the right to request deletion of your Personal Data, subject to certain exceptions required by law.
  • Right Not to be Discriminated Against: You have the right not to be discriminated against for exercising any of your consumer rights.

Only you, or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a verifiable request related to your personal information. We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request, extendable by a further 45 days when reasonably necessary.

California Shine the Light Law

California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.

11. What options are available regarding collection, use and distribution?

Users may opt out of receiving unsolicited information from or being contacted by us and/or our vendors by responding to emails as instructed, or by contacting us at support@nexitomedia.com.

12. How can users correct or delete Personally Identifiable Information?

Users may contact us to update Personally Identifiable Information about them or to correct any inaccuracies by emailing support@nexitomedia.com.

We provide users with a mechanism to delete/deactivate Personally Identifiable Information from our database by contacting us. However, because of backups and records of deletions, it may be impossible to delete a user's entry without retaining some residual information. An individual who requests to have Personally Identifiable Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personally Identifiable Information relating to that individual in any way going forward.

13. Changes to this policy

We will let our Users know about changes to our privacy policy by posting such changes on the Website. However, if we are changing our privacy policy in a manner that might cause disclosure of Personally Identifiable Information that a User has previously requested not be disclosed, we will contact such User to allow such User to prevent such disclosure. The date at the top of this page indicates when it was last revised.

14. Links to other websites

This website contains links to other websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.

15. Contact

For all privacy-related enquiries:
NEXITO MEDIA LLC
1309 Coffeen Avenue STE 1200
Sheridan, WY 82801, United States
Email: support@nexitomedia.com

Back to homepage