Comment

Did you know?

Users have report up to a 52% boost in sales using Neexa?

Login / Signup
Updated on March 13, 2026
Frequently Asked (FAQs)

Neexa Data & Privacy FAQs

Estimated reading: 6 minutes

This article covers the questions we’re asked most often about how Neexa handles data, privacy, AI processing, and compliance, so you can find the essentials quickly and with clarity.

For a comprehensive view, consider using the Resources Section

1. What data does Neexa collect, and why do you need it?
We collect the data needed to deliver and support the service properly.

That includes things like account and workspace details, conversation history, contacts, uploaded files, knowledge sources, usage activity, technical logs, and limited billing information. We use this to run the platform, secure it, support users, troubleshoot issues, manage billing, and improve performance.

2. Who owns the data in Neexa, and are you the controller or the processor?
You keep your rights in your customer data. For the data you put into Neexa and process through your workspace, you are usually the controller and we act as the processor on your behalf.

For our own account administration, billing, fraud prevention, support, security, and legal compliance activities, we act as an independent controller.

3. Does Neexa or third-parties use our data to train AI models?
By default, we may use de-identified and anonymized data from workspaces on the Default Free Plan for internal AI training and improvement.

We do not use data from paid, enterprise, invoiced, or paid-equivalent plans for internal AI training unless that is expressly agreed in writing.

Where we use third-party AI providers, we contractually restrict them from using customer data to train or improve their own models.

4. Where is Neexa data hosted, and how do you handle international transfers?
Our primary hosting is in Europe, with primary servers in Stockholm, Sweden. Because some processing may be processed in multiple locations, we apply appropriate safeguards where international transfers are involved and where the law requires them.

5. How does Neexa protect our data?
We use administrative, technical, and organisational safeguards designed to protect personal data. This includes access controls, monitoring, logging, and encryption in transit where supported. At the same time, customers also have an important role in securing their own setup, especially around workspace configuration, user roles, permissions, credentials, integrations, and deployment settings.

6. What happens if there is a data breach affecting our data?
If we become aware of a personal data breach affecting customer personal data, we notify the customer without undue delay. We also provide the information reasonably available to help the customer meet its own legal and compliance obligations.

7. Can your team access our data?
Yes, but only in limited and controlled cases. Authorised personnel and authorised service providers may access relevant data where reasonably necessary for support, onboarding, maintenance, troubleshooting, security, fraud prevention, abuse review, legal compliance, or lawful requests from regulators or authorities. That access is limited to what is reasonably necessary and is subject to confidentiality and access controls.

8. Does Neexa use subprocessors, and how do you manage them?
Yes. We use selected third-party providers to help us host, operate, secure, support, monitor, and improve the service. We require relevant subprocessors to take on substantially similar data protection obligations, and we remain responsible for their processing to the extent required by law and our agreements.

9. How long do you keep data, and what happens if we delete our account?
We keep data only for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and protect the platform. After account deletion, we delete or de-identify associated data within 90 days unless a longer retention period is required for legal, tax, dispute, security, or limited backup reasons. We may also delete or deactivate inactive workspaces after 12 months of no activity and inactive user accounts after 24 months of no login activity.

10. Can our users or end users request access, correction, or deletion of their data?
Yes. Depending on the applicable law, individuals may have rights such as access, correction, deletion, restriction, objection, portability, and withdrawal of consent. If we are processing data on behalf of a customer, those requests should usually go to that customer first, and we support the customer where required in our role as processor.

11. Who is responsible for consent, privacy notices, cookie notices, and AI disclosures when we deploy Neexa?
That is mainly the customer’s responsibility. If you use Neexa through your website, portals, forms, channels, or other environments, you are responsible for making sure you have the right legal basis, obtaining any required consents, providing the right notices, handling opt-outs where required, and making any AI or cookie disclosures required by law or platform rules.

12. Does Neexa support GDPR and other local data protection laws?
Yes. Our legal framework is designed to support applicable data protection laws, including GDPR where it applies. Our DPA is written broadly enough to cover applicable local data protection law, and we provide reasonable assistance where required with data subject requests, security obligations, breach notifications, DPIAs, and regulator consultations.

13. Can we audit Neexa’s data protection posture?
Where required by applicable data protection law, we make available information reasonably necessary to demonstrate compliance. We also allow and contribute to reasonable audits or inspections, subject to confidentiality, security, scope, frequency, and cost controls so the process stays practical and does not disrupt our systems or other customers.

14. Is AI output from Neexa guaranteed to be accurate?
No. AI output can be useful, but it may still be incorrect, incomplete, misleading, or not suitable for a specific situation. Customers are responsible for reviewing and evaluating AI output before relying on it, especially in sensitive or high-impact contexts.

15. What if we use Neexa in education or in contexts involving minors?
Our services are not directed to children for independent consumer use. Where schools or other institutions use Neexa in contexts involving students or minors, the customer is responsible for providing the right notices, obtaining parental or guardian consent where required, and configuring the service appropriately for those sensitive contexts.

Privacy Policy: https://campaignity.com/legal/privacy/

Data Processing Agreement: https://campaignity.com/legal/data-processing-agreement/

Terms of Service: https://campaignity.com/legal/terms

Next - Frequently Asked (FAQs) Neexa General FAQs
Share this Doc

Neexa Data & Privacy FAQs

Or copy link

CONTENTS

Subscribe

×
Cancel