Nexpense
Nexpense

Privacy policy

May 28, 2026

Your privacy is important to us. This policy explains how NexClass Luxembourg S.à r.l. (“we”, “us”) processes personal data when you use Nexpense, in accordance with the GDPR and applicable Luxembourg law.

1. Who is responsible?

NexClass Luxembourg S.à r.l., 19 Rue de l'église, L-7421 Cruchten, Luxembourg. Email: contact@nexclass.lu.

Nexpense is a multi-tenant association management platform. Associations using Nexpense act as independent controllers for the member and operational data they enter. We act as processor for that association data under their instructions, and as controller for account, billing, and platform operation data described below.

2. Data we collect

Depending on how you use Nexpense, we may process:

  • Association registration: association name, URL slug, and administrator name and email address.
  • Staff accounts: name, email address, role, and permission settings for association staff.
  • Member accounts: name, email address, membership status, profile fields, and related association data entered by your organisation.
  • Operational data: accounting entries, documents, broadcast messages, calendar events, and registrations that your association stores in the platform.
  • Authentication and security: verification tokens, password reset requests, session identifiers, and rate-limiting metadata.
  • Technical data: IP address, browser type, timestamps, and request logs needed to operate and secure the service.

3. Purposes and legal bases

We process personal data to:

  • Provide, maintain, and improve Nexpense (contract / legitimate interest, Art. 6(1)(b) and (f) GDPR).
  • Register associations and authenticate users (contract, Art. 6(1)(b)).
  • Send transactional emails such as verification and password reset messages (contract / legitimate interest).
  • Deliver email broadcasts that association staff initiate to their members (contract; staff act on behalf of the association).
  • Ensure security, prevent abuse, and comply with legal obligations (legitimate interest / legal obligation, Art. 6(1)(f) and (c)).

4. Cookies and similar technologies

We use essential cookies and similar storage to run the service, for example session cookies, association context, and interface preferences. See our Cookie policy for details. We do not use advertising cookies on Nexpense.

5. Recipients and processors

We do not sell personal data. We use trusted subprocessors bound by data processing agreements, including hosting and database providers (Supabase, EU region), application hosting (Vercel), and email delivery (Resend). Data is processed within the European Economic Area where possible.

6. Retention

We retain data for as long as your association account is active and as needed to provide the service, resolve disputes, and meet legal obligations. Associations may delete member records subject to product functionality and their own legal duties. Backups may persist for a limited period after deletion.

7. Your rights

Under the GDPR you may request access, rectification, erasure, restriction, portability, or object to certain processing, and withdraw consent where processing is consent-based. Contact contact@nexclass.lu. You may lodge a complaint with the Commission nationale pour la protection des données (CNPD), Luxembourg.

8. Contact

For privacy questions or requests: contact@nexclass.lu or +352 621 218 284.