Privacy Policy

The data controller responsible for your personal data is NxtWaveAI, registered at Registered Address, Kathmandu, Nepal. For all data protection inquiries, you may contact our Data Protection Officer at legal@nxtwaveai.com.

We process your personal data on the following legal bases: (a) Consent: Where you have given clear consent for us to process your personal data for a specific purpose. (b) Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party. (c) Legal Obligation: Where processing is necessary for compliance with a legal obligation to which the Company is subject. (d) Legitimate Interests: Where processing is necessary for the legitimate interests pursued by the Company, except where such interests are overridden by your fundamental rights and freedoms.

We use your personal information for the following purposes: (a) to provide, maintain, and improve our Services; (b) to process transactions and send related information; (c) to communicate with you, including responding to inquiries and providing customer support; (d) to send promotional communications, where you have opted in; (e) to monitor and analyze trends, usage, and activities; (f) to detect, investigate, and prevent security incidents and fraudulent activity; (g) to comply with legal obligations; (h) to enforce our Terms of Service and other agreements; and (i) for any other purpose with your consent.

We do not sell your personal data. We may share your personal information in the following circumstances: (a) with service providers who perform services on our behalf, subject to confidentiality agreements; (b) with business partners in connection with services provided to you; (c) in response to a request for information if we believe disclosure is required by applicable law, regulation, or legal process; (d) if we believe your actions are inconsistent with our agreements or policies, or to protect the rights, property, and safety of the Company or others; (e) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business; and (f) with your consent or at your direction.

Your personal data may be transferred to and processed in countries other than Nepal. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including: (a) standard contractual clauses; (b) data processing agreements; and (c) ensuring the receiving country provides an adequate level of data protection. For clients within the European Economic Area, we ensure transfers comply with GDPR requirements.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period is determined based on: (a) the nature of the data; (b) the purposes for which the data is processed; (c) applicable legal requirements; and (d) relevant statutes of limitation. Generally, we retain client data for a period of seven (7) years following the termination of the business relationship, unless a longer period is required by law.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: (a) encryption of data in transit and at rest; (b) access controls and authentication mechanisms; (c) regular security assessments and audits; (d) employee training on data protection; and (e) incident response procedures. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Subject to applicable law, you have the following rights regarding your personal data: (a) Right of Access: the right to request a copy of the personal data we hold about you; (b) Right to Rectification: the right to request correction of inaccurate or incomplete data; (c) Right to Erasure: the right to request deletion of your personal data under certain circumstances; (d) Right to Restrict Processing: the right to request that we restrict the processing of your data; (e) Right to Data Portability: the right to receive your personal data in a structured, commonly used, and machine-readable format; (f) Right to Object: the right to object to the processing of your personal data; (g) Right to Withdraw Consent: the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, please contact us at hemantgoyal@nxtwaveai.com.

Our website and Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with a revised effective date. We encourage you to review this Privacy Policy periodically.

If you have any questions about these Terms, please contact us at: