1. Introduction

Welcome to HashNext, operating under the brand HashLinks ("we", "us", "our", or the "Company"). We deeply respect your privacy and are unconditionally committed to protecting your personal data. This comprehensive Privacy Policy outlines how we collect, process, manage, and safeguard your personal data when you interact with our website, use our Software as a Service (SaaS) platform, or engage with our services in any capacity. This document is designed to inform you of your privacy rights and how the law protects you, ensuring absolute transparency in our data operations.

Our platform provides advanced workspace management, sales agent coordination, and various API integrations. Given the multifaceted nature of our services, this policy applies to all individuals accessing our system, including Super Admins, Workspace Owners, Sales Agents, and end-users interacting with our tenants. We urge you to read this Privacy Policy carefully alongside any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you.

2. Definitions and System Roles

To ensure absolute clarity, it is essential to understand the roles within our ecosystem and how data is governed across different tiers of our SaaS architecture:

• Super Admin: The core administrative entity managing the overarching HashNext infrastructure. We act as the Data Controller for system-wide analytics, billing, and global platform security.
• Workspace Owners (Tenants): Businesses or individuals subscribing to our SaaS platform. Workspace Owners act as Data Controllers for the information they collect from their own clients and customers. In this context, HashNext acts purely as a Data Processor, handling data only upon the documented instructions of the Workspace Owner.
• Sales Agents: Authorized personnel operating under specific Workspaces. Their access to personal data is strictly governed by the permissions set by their respective Workspace Owners.
• End-Users: Individuals whose data is inputted into our system by Workspace Owners or Sales Agents. If you are an end-user of one of our Workspace Owners, please refer to their respective privacy policies to understand how your data is managed.

3. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data: Includes first name, last name, username, marital status, title, date of birth, and gender.
• Contact Data: Includes billing address, business address, email address, and telephone numbers.
• Financial Data: Includes bank account and payment card details required for subscription processing. Note that sensitive payment data is securely handled by compliance-certified third-party payment gateways; we do not store raw credit card numbers on our servers.
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage Data: Includes information about how you use our website, products, and specific SaaS modules (such as dashboards, settings, and communication panels).

4. How Is Your Personal Data Collected?

We use different methods to collect data from and about you, including through direct interactions. You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you apply for our products or services, create an account on our platform, subscribe to our service or publications, request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback.

As you interact with our website and SaaS platform, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Furthermore, we may receive personal data about you from various third parties and public sources, such as analytics providers like Google, advertising networks, and search information providers.

5. Third-Party Integrations and API Usage

Our platform inherently supports integration with various third-party services to enhance Workspace functionality. This includes, but is not limited to, official WhatsApp API integrations, email SMTP servers, and cloud storage providers. When you configure these integrations, you authorize us to transmit, fetch, and process data through these external APIs on your behalf.

It is strictly your responsibility as a Workspace Owner to ensure that you have obtained the necessary consent from your end-users before routing their communication or data through our system via these third-party APIs. HashNext does not claim ownership of the content transmitted through these integrations and relies entirely on the encryption and data processing agreements provided by the respective third-party vendors (e.g., Meta Platforms, Inc. for WhatsApp).

6. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: where we need to perform the contract we are about to enter into or have entered into with you; where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation.

Specific purposes for which we use your data include: registering you as a new customer; processing and delivering your orders including managing payments, fees, and charges; managing our relationship with you which includes notifying you about changes to our terms or privacy policy; enabling you to partake in a prize draw, competition or complete a survey; administering and protecting our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); delivering relevant website content and advertisements to you; using data analytics to improve our website, products/services, marketing, customer relationships, and experiences; and making suggestions and recommendations to you about goods or services that may be of interest to you.

7. Data Security

We have put in place robust, bank-grade security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. This includes the implementation of advanced hashing algorithms (such as bcrypt for password storage), SSL/TLS encryption for all data transmitted over the internet, and isolated database schemas for individual Workspaces to prevent data spillage between tenants.

In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a strict duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

9. Your Legal Rights

Under certain circumstances, you have comprehensive rights under data protection laws in relation to your personal data. These include the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in specific scenarios.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

10. Contact Us & Jurisdiction

Our operations are overseen and managed with strict adherence to local and international business standards. This policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of the applicable jurisdiction where HashNext operates.

If you have any questions about this privacy policy, our privacy practices, or if you wish to exercise your legal rights, please contact our administrative team at the details provided below: