Privacy Policy

Nextmotion SAS ("Nextmotion", "we", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform and services.

This policy applies to all users of the Nextmotion platform, including clinic administrators, healthcare practitioners, staff members, and visitors to our website.

The data controller responsible for your personal data is:

Nextmotion SAS
Email: dpo@nextmotion.net
Website: www.nextmotion.net

3.1 Account Information

When you register for the Service, we collect your name, email address, phone number, professional qualifications, clinic name, and billing information.

3.2 Patient Data (processed on your behalf)

As a data processor, we process patient data that you enter into the platform, including patient names, contact details, medical history, consultation notes, photographs, and treatment records. You remain the data controller for this patient data.

3.3 Usage Data

We automatically collect information about how you interact with our Service, including pages visited, features used, device information, IP address, browser type, and referring URLs.

3.4 Cookies and Tracking

We use cookies and similar technologies for authentication, analytics, and improving user experience. You can manage cookie preferences through our cookie consent banner.

We process your personal data for the following purposes:

• Providing and maintaining the Service
• Processing payments and managing Subscriptions
• Communicating with you about updates, support, and service changes
• Improving and developing new features
• Ensuring security and preventing fraud
• Complying with legal obligations
• Sending marketing communications (with your consent only)

We process your data based on the following legal grounds under the GDPR:

• Contract performance: Processing necessary to provide the Service under your Subscription agreement.
• Legitimate interest: Improving our Service, preventing fraud, and ensuring platform security.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: Marketing communications and non-essential cookies.

We do not sell your personal data. We may share data with:

• Service providers: Cloud hosting (data centers located in the EU), payment processors, and analytics providers, under strict data processing agreements.
• Legal authorities: When required by law, court order, or to protect our legal rights.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to users.

Your data is stored on secure servers located within the European Union. We implement industry-standard security measures, including:

• Encryption in transit (TLS) and at rest (AES-256)
• Access controls and role-based permissions
• Regular security audits and penetration testing
• Automatic backups and disaster recovery procedures
• Employee security training and confidentiality agreements

We retain your personal data for as long as your account is active or as needed to provide the Service. After account termination:

• Account data is retained for 30 days to allow data export, then deleted.
• Billing records are retained for the period required by applicable tax and accounting laws.
• Anonymized usage data may be retained for analytics purposes.

Under the GDPR and applicable data protection laws, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at dpo@nextmotion.net. We will respond within 30 days.

Your data is primarily processed within the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-application notice at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

For questions or concerns about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Nextmotion SAS
Email: dpo@nextmotion.net

You also have the right to lodge a complaint with a supervisory authority, in particular the CNIL (Commission Nationale de l'Informatique et des Libertés) in France.