Aptness Logo

Privacy Policy

Last Updated: October 10, 2025

Introduction

This Privacy Policy outlines how Nextcrest ("Nextcrest", "we", "our", or "us") collects, uses, stores, shares, and protects your personal information. We are committed to maintaining the privacy and protection of your data and ensuring transparency in how we handle it.

This policy applies to all users of our website, products, applications, and services, including Aptness.ai.

Note: Aptness is a product offered under Nextcrest. All terms outlined here apply equally to services accessed via or through Aptness.

1. Information We Collect

1.1 Personal Information Collected Directly

Personal Information refers to any data or opinion that identifies an individual. We collect the following types of personal information:

Contact Information:

  • Name
  • Email address
  • Phone number
  • Company name
  • Job title

Account and Profile Information:

  • Username
  • Account preferences and settings
  • Profile information you provide

Payment Information:

  • Billing address
  • Payment card details (processed securely through third-party payment processors)
  • Transaction history

Communications and Interactions:

  • Messages sent through our platform
  • Customer support inquiries and correspondence
  • Feedback and survey responses
  • Content you submit through our services

Professional Information:

  • Business contact details
  • Company information
  • Professional affiliations

1.2 Information from Third-Party Integrations

Google User Data:

When you connect your Google account to our Services, we access and collect specific types of Google user data necessary to provide our automation and productivity features. This includes:

Gmail Data:

  • Email messages and metadata (subject, sender, recipient, timestamps)
  • Labels and categories
  • Attachments (when explicitly authorized by you)
  • Read/unread status

Google Drive Data:

  • File names and metadata
  • File content (when explicitly required for processing)
  • Folder structures
  • Sharing permissions and access logs
  • File modification timestamps

Google Calendar Data:

  • Event details (title, description, time, location)
  • Attendee information
  • Meeting notes and attachments

Google Workspace Data:

  • Document content from Google Docs, Sheets, and Slides
  • User permissions and sharing settings
  • Collaboration history

Other Google Services:

  • Google Contacts information
  • Google Tasks data
  • Any other Google service data you explicitly authorize

Important: We only access Google user data that is strictly necessary to perform the specific automation or task you have requested. We do not access, store, or use your Google data for any purpose outside of providing the service features you have activated.

Other Third-Party Integrations:

  • Data from other connected services (Slack, Zoho, etc.)
  • API credentials and tokens
  • Service-specific metadata

2. How We Use Your Information

2.1 Primary Purposes

We collect and process your personal information for the following purposes:

To Provide and Operate Our Services:

  • Create and manage your account
  • Process your transactions and payments
  • Deliver the features and functionality you request
  • Provide customer support and respond to inquiries
  • Perform automation tasks you configure
  • Sync data across your connected services
  • Send service-related notifications and updates

To Improve and Develop Our Services:

  • Analyze usage patterns and trends
  • Test new features and functionality
  • Debug and fix technical issues
  • Optimize performance and user experience

To Communicate with You:

  • Send account-related information
  • Provide customer support responses
  • Share product updates and announcements
  • Request feedback

To Ensure Security and Integrity:

  • Detect and prevent fraud and abuse
  • Monitor for security threats
  • Enforce our Terms of Service
  • Protect user safety and legal rights
  • Conduct security audits and assessments

For Legal and Compliance:

  • Comply with legal obligations
  • Respond to legal requests and court orders
  • Protect our rights and property
  • Resolve disputes and enforce agreements

2.2 Legal Bases for Processing (for EU/UK Users)

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Services to you
  • Legitimate Interest: Processing necessary for our business operations, fraud prevention, and service improvement
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Where required by law

3. Google API Services - Specific Disclosures

3.1 How We Access and Use Google User Data

Scope of Access:

  • We only request access to the specific Google services and data scopes necessary for the features you use
  • Access is granted on a per-user basis through Google's OAuth 2.0 authorization flow
  • You can review and revoke our access at any time through your Google Account settings

Data Processing:

What We Do:

  • Access Google user data only when you initiate an action requiring it
  • Process Google data to execute the automation or task you've configured
  • Temporarily cache data when necessary for performance (with encryption)
  • Use data solely to provide the specific service features you've requested

What We DON'T Do:

  • We do NOT use Google user data to serve advertisements
  • We do NOT sell, rent, or share your Google user data with third parties for their marketing purposes
  • We do NOT use Google user data to build user profiles for purposes unrelated to our Services
  • We do NOT transfer Google user data to third parties except as necessary to provide our Services (e.g., cloud infrastructure providers under strict confidentiality agreements)
  • We do NOT retain Google user data longer than necessary to fulfill your requests

3.2 Data Retention for Google User Data

  • Active Processing: Data is retained only while actively processing your request
  • Caching: Temporarily cached data is deleted within 24-48 hours or when no longer needed
  • Logs: System logs containing Google data are retained for a maximum of 30 days for security and debugging purposes
  • User-Initiated Storage: If you explicitly save or store data through our Services, it will be retained until you delete it

3.3 Third-Party Access to Google User Data

We do not share your Google user data with third parties except:

  1. Service Providers: Trusted service providers who assist in operating our Services (e.g., cloud hosting, database management) under strict data protection agreements
  2. As Required by Law: When legally obligated to disclose information
  3. With Your Consent: When you explicitly authorize sharing with specific third parties

All third-party service providers are contractually bound to:

  • Use data only for specified purposes
  • Implement appropriate security measures
  • Comply with Google API Services User Data Policy
  • Delete or return data when no longer needed

3.4 Security of Google User Data

We implement industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Monitoring for suspicious activities
  • Incident response procedures

3.5 Your Control Over Google Data

You have complete control over your Google data:

  • Revoke Access: Disconnect our access through Google Account settings at any time
  • Data Deletion: Request deletion of data we've stored at info@aptness.ai
  • Download Data: Request a copy of your data we've stored
  • Selective Permissions: Grant or deny access to specific Google services

3.6 Compliance with Google API Services User Data Policy

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we comply with Google's requirements that applications:

  • Only request access to data necessary for implementing features
  • Not transfer data to others unless necessary to provide or improve user-facing features
  • Not use or transfer data for serving ads
  • Not allow humans to read user data unless explicitly consented to
  • Have a published privacy policy

4. How We Share Your Information

4.1 When We Share Personal Information

We do not sell your personal data. We may share your information in the following circumstances:

With Service Providers:

We engage trusted third-party service providers who perform services on our behalf:

  • Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud Platform)
  • Payment processors
  • Email service providers
  • Analytics and monitoring services
  • Customer support platforms
  • Security and fraud prevention services

These providers are contractually obligated to:

  • Use data only for specified purposes
  • Maintain confidentiality and security
  • Comply with applicable data protection laws

With Connected Services:

When you authorize integrations with third-party services (e.g., Google, Slack, Microsoft), we share data necessary to:

  • Execute the integrations you've configured
  • Sync data between services as you've directed
  • Enable the features you've activated

For Business Transfers:

If we undergo a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change.

For Legal Reasons:

We may disclose information when required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to subpoenas, warrants, or court orders
  • Protect our rights, property, and safety
  • Prevent fraud, abuse, or illegal activities
  • Investigate security incidents

With Your Consent:

We may share information for purposes not described in this policy when we have your explicit consent.

4.2 International Data Transfers

We may transfer your information to countries outside your jurisdiction, including the United States, India, and other countries where our service providers operate.

For EU/UK users, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognized under GDPR
  • Other appropriate safeguards required by law

5. Data Storage and Security

5.1 How We Protect Your Data

We implement comprehensive security measures including:

Technical Safeguards:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security updates and patches
  • Firewalls and intrusion detection systems
  • Automated threat monitoring

Organizational Safeguards:

  • Access controls and role-based permissions
  • Employee training on data protection
  • Background checks for personnel with data access
  • Incident response and breach notification procedures
  • Regular security audits and assessments
  • Third-party security certifications

Account Security:

  • Optional two-factor authentication
  • Session management and timeout controls
  • Login activity monitoring

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security, and you use our Services at your own risk.

5.2 Data Retention

General Retention:

  • We retain personal information for as long as necessary to provide our Services to you
  • Account data is retained while your account is active
  • After account closure, data is deleted within 90 days unless retention is required by law

Specific Retention Periods:

  • Google User Data: Deleted within 24-48 hours after processing, except for user-saved data
  • Transaction Records: Retained for 7 years as required by law
  • Support Communications: Retained for 3 years
  • Marketing Communications: Until you unsubscribe or request deletion

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your information for certain purposes
  • Restriction: Request limitation of how we process your information
  • Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at info@aptness.ai. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Enhance user experience and functionality
  • Remember your preferences and settings
  • Monitor site traffic and performance
  • Analyze usage patterns
  • Customize content and advertisements

You can manage cookie settings through your browser preferences. Note that disabling cookies may affect the functionality of our Services.

8. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at info@aptness.ai.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through our Services for material changes
  • Post the updated policy on our website

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@aptness.ai

We are committed to addressing your concerns and working with you to resolve any privacy-related issues.