Last updated: April 2026. We wrote this to be readable by humans, not just lawyers.
We collect the following categories of information when you use NextGen Digital Craft services and products:
Account Data: Name, email address, and password when you register for NextGen Digital Craft SaaS products. Optionally, your company name, role, and industry.
Business Data: Data you or your organisation uploads or enters into NextGen Digital Craft products — such as employee records (HRMS Portal), sales orders and field agent data (SFA App), or website content (AI Website Generator). This data belongs to you and is processed only to deliver the service.
Usage Data: Pages visited, features used, session frequency, and in-app navigation paths. This is used to improve the product experience.
Payment Data: We do not store payment card details. All payments are processed by Stripe. We receive a tokenised payment confirmation only.
Communications: If you contact us by email or through the contact form, we store the content of your message and our reply for support record-keeping purposes.
We use the information we collect solely to:
We do not use your session recordings, answers, or personal data for advertising targeting. We do not sell your data to third parties.
We share your data only in the following circumstances:
With coaches you book: When you book a human coaching session, your AI session history, scores, and résumé analytics are shared with that specific coach to enable personalised preparation. This sharing is limited to sessions you have booked and ends when the coaching relationship ends.
With service providers: We use third-party providers for infrastructure (AWS), payments (Stripe), email delivery (SendGrid), and error monitoring (Sentry). These providers access your data only as necessary to provide their services and are bound by data processing agreements.
Legal requirements: We may disclose your information if required by law, court order, or government authority, or to protect the safety of NextGen Digital Craft users or the public.
We do not share your data with advertisers, data brokers, or any third party for marketing purposes.
All personal data is stored on AWS infrastructure in encrypted form (AES-256 at rest, TLS 1.3 in transit). Session recordings are stored for 90 days and then permanently deleted unless you manually extend retention in your account settings.
We are SOC 2 Type II certified. Our security programme includes: - Regular third-party penetration testing - Role-based access controls — staff can only access data necessary for their job function - Audit logs for all data access events - Incident response plan with 72-hour notification obligation to affected users
If you discover a security vulnerability, please report it to security@nextgendigitalcraft.com.
If you are located in the European Union, the United Kingdom, or India, you have the following rights regarding your personal data:
Access: You can request a full export of all personal data we hold about you.
Deletion: You can request deletion of your account and all associated data at any time. Deletion is permanent and takes effect within 30 days.
Correction: You can update your account data directly in your profile settings.
Portability: You can export your session history, scores, and reports in JSON or PDF format at any time from your account settings.
Objection: You can object to processing for direct marketing at any time by unsubscribing or emailing privacy@nextgendigitalcraft.com.
Withdrawal of consent: Where processing is based on consent (e.g., session recording), you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, email privacy@nextgendigitalcraft.com. We will respond within 30 days.
We use the following categories of cookies:
Essential cookies: Required for the platform to function (authentication, session management). These cannot be disabled.
Analytics cookies: We use a privacy-first analytics tool (no cross-site tracking) to understand how users navigate the product. These can be disabled in your browser settings.
Preference cookies: Stores your theme preference (light/dark) and other UI settings. These are functional and expire after 12 months.
We do not use advertising cookies or third-party tracking pixels.
NextGen Digital Craft is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has created an account, we will delete the account and all associated data promptly. If you believe a child has provided us with personal information, please contact privacy@nextgendigitalcraft.com.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and by posting a notice on the platform at least 14 days before the changes take effect. Your continued use of NextGen Digital Craft after the effective date constitutes acceptance of the updated policy.
For privacy-related questions, requests, or complaints, contact our Data Protection Officer:
Email: privacy@nextgendigitalcraft.com Response time: Within 30 days Address: NextGen Digital Craft, Hyderabad, Telangana, India
For EU/UK users, you have the right to lodge a complaint with your local data protection authority if you are not satisfied with our response.
Whether you need a custom web app, a mobile product, or want to explore our HRMS and SFA platforms — let's talk. No commitments. Just a conversation about your goals.