How we handle your data.
We collect the minimum needed to run the business. We do not sell data, we do not use it for advertising, and we keep it on infrastructure you would trust with your own data.
What you can expect from us.
Minimum data collection
We collect only what we need: contact form submissions, server access logs, and two strictly necessary session cookies. No tracking pixels, no third-party ad networks, no behavioral profiling.
No data sales, ever
We do not sell, rent, or trade personal information to any third party for any purpose. Your data is used only to respond to your inquiry and to operate the site.
Azure-hosted infrastructure
The site runs on Microsoft Azure App Service in the United States. Data is stored in Azure-managed infrastructure, which carries ISO 27001, SOC 2 Type II, and FedRAMP certifications at the platform level.
Encrypted in transit and at rest
All traffic is served over HTTPS with HSTS enforced. Data at rest is encrypted using Azure platform-managed keys. Transactional email is sent via Postmark over TLS.
Limited retention
Contact form submissions are retained for 24 months then deleted. Server logs are retained for 90 days. You can request deletion at any time by emailing privacy@nextekk.com.
Your rights, honored
Regardless of your jurisdiction, we honor requests to access, correct, or delete personal information we hold about you. Submit requests to privacy@nextekk.com. We respond within 30 days.
Third-party services we use.
We use a small number of third-party services to operate the site. Each is listed below with the data it receives.
| Provider | Purpose | Data received | Region |
|---|---|---|---|
| Microsoft Azure | Hosting, compute, storage, database | All site data, contact submissions, server logs | United States |
| Postmark (ActiveCampaign) | Transactional email delivery | Sender address, recipient address, message content | United States |
| Google Analytics (GA4) | Aggregate site analytics (production only) | Anonymized pageview data, no personal identifiers | United States |
If we add a new sub-processor, this table is updated before the integration goes live.
How we protect your data.
Access controls
Admin access to the site requires authentication. Passwords are hashed with bcrypt. The admin interface is not publicly reachable via search or linked from the public site.
Transport security
HTTPS is enforced on all pages with HSTS and a strict Content Security Policy. The site does not load scripts or styles from third-party CDNs (all assets are self-hosted).
Input validation
All user inputs are validated server-side before storage or processing. Contact form submissions are sanitized and stored with parameterized queries. CSRF tokens protect all form submissions.
Exercising your data rights.
Regardless of your jurisdiction, we honor the following requests submitted to privacy@nextekk.com:
Access
Request a copy of all personal information we hold about you, including what was collected, when, and how it has been used. Delivered in a readable format within 30 days.
Correction
Ask us to correct inaccurate or incomplete information. We will update our records and notify any third parties who received the incorrect data where required by law.
Deletion
Request permanent deletion of your personal information from our systems. We will confirm within 30 days except where retention is required by law or a legitimate business purpose.
Portability
Request a structured, machine-readable export (CSV or JSON) of the data you provided directly to us, so you can transfer it to another service or keep it for your own records.
Objection
Tell us you object to processing your data for a specific purpose. We will stop that processing unless we can demonstrate a compelling legitimate ground that overrides your interests.
Restriction
Ask us to pause all processing while a correction request or objection is pending. Your data will be retained but not otherwise used until the matter is resolved.
We respond to all rights requests within 30 days. For complex requests we will notify you and extend to 60 days where applicable law permits. We will never charge a fee for a reasonable request.
Privacy questions or requests
Contact our privacy team directly. We respond personally to every message.
Nextekk, LLC · Addison, TX · 469-558-3188