NextName
← All Legal Documents

Privacy Policy

Version 1.0.0 · Effective Date: 2026-05-15 · Last Updated: May 12, 2026

NextName Privacy Policy

Version: 1.0.0 Effective Date: March 1, 2026 Last Updated: March 18, 2026

NextName, Inc. (“NextName,” “we,” “us,” or “our”) is an Illinois corporation that operates the NextName platform, a college sports fan engagement platform connecting fans, athletes, and schools in the Name, Image, and Likeness (NIL) marketplace. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use our website at nextname.io, our mobile applications for iOS and Android, and any related services (collectively, the “Platform”).

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

Table of Contents

  1. Information We Collect
  2. How We Use Information
  3. Information Sharing and Disclosure
  4. Data Retention
  5. User Rights
  6. Children’s Privacy
  7. Cookie and Tracking Technologies
  8. California Privacy Rights (CCPA/CPRA)
  9. Security Measures
  10. Data Breach Notification
  11. International Data Transfers
  12. Changes to This Policy
  13. Contact Information

1. Information We Collect

We collect information in several ways depending on how you interact with the Platform and whether you register as a fan, athlete, or school representative.

1.1 Personally Identifiable Information (PII)

When you create an account or use the Platform, we may collect the following personal information:

  • Account Registration Data: Full name, email address, password (hashed and stored securely), date of birth, and phone number.
  • Profile Information: Display name, profile photograph, biography, school affiliation, sport(s), team membership, and social media handles.
  • Athlete-Specific Information: School name, sport, team, jersey number, position, academic year, NIL compliance status, and school affiliation verification status.
  • School Representative Information: Institution name, title, department, and administrative role.
  • Identity Verification Data: Information provided during identity verification for Stripe Connect onboarding, which may include government-issued identification, Social Security number (last four digits or full, as required by Stripe), and date of birth.
  • Communication Data: Messages sent through in-platform communication features, support requests, and feedback submissions.

1.2 Payment and Financial Data

All payment processing on the Platform is handled exclusively through Stripe, Inc. (“Stripe”). We do not directly collect or store complete credit card numbers, debit card numbers, or bank account numbers on our servers.

  • Transaction Records: We maintain records of transaction amounts, dates, subscription tiers, channel purchases, tips, and payout histories.
  • Stripe Connect Data: Athletes and schools who receive payouts through Stripe Connect provide banking and identity verification information directly to Stripe. NextName receives limited information from Stripe, including: payout status, connected account identifiers, earnings summaries, account balance, and compliance verification status (verified/pending/restricted). NextName does NOT receive: full bank account numbers, full Social Security Numbers, full tax identification numbers, routing numbers, or complete identity documents. Stripe retains and controls access to this sensitive financial information independently.
  • Billing Information: Billing name, billing address, and the last four digits of the payment method, as provided by Stripe for transaction confirmation.
  • Refund and Dispute Records: Records of refund requests, chargebacks, and dispute resolutions.

1.3 Usage Data

We automatically collect information about how you interact with the Platform:

  • Activity Data: Pages visited, features used, channels viewed, content consumed, subscriptions made, posts created, tips sent, search queries, and time spent on the Platform.
  • Feed and Content Interaction Data: Content preferences, followed channels, followed athletes, followed schools, liked posts, and engagement metrics.
  • Gamification Data: Creator level, engagement scores, achievement progress, and revenue-share tier.
  • Referral Data: Referral source, campaign identifiers, and onboarding funnel progression.

1.4 Device and Technical Data

  • Device Information: Device type, model, operating system and version, unique device identifiers (e.g., IDFV for iOS, Android ID), screen resolution, and language settings.
  • Network Information: IP address, internet service provider, mobile carrier, connection type (Wi-Fi, cellular), and general geographic location derived from IP address.
  • Application Data: App version, build number, SDK versions, and crash or error reports.
  • Browser Data (Web): Browser type and version, referring URL, landing pages, and browser plug-in types.
  • Log Data: Server logs that record requests made to our servers, including timestamps, request URLs, response codes, and associated IP addresses.

1.6 Biometric Data

NextName does not use facial recognition, iris scanning, voiceprint analysis, or other biometric identifiers to identify users. If your device uses biometric authentication (such as Face ID, Touch ID, or fingerprint sensors) to access the NextName app, that authentication is processed entirely by your device’s operating system and is not transmitted to or processed by NextName.

1.7 Information from Third Parties

  • Firebase Authentication: When you sign in using email/password or third-party authentication providers configured through Firebase Authentication (such as Google or Apple Sign-In), we receive your name, email address, and profile photograph from those providers.
  • School-Provided Roster Data: Schools may provide athlete roster information, including names, sports, and team assignments, to facilitate platform onboarding.
  • Stripe: We receive transaction confirmations, payout statuses, and limited account information from Stripe in connection with payment processing.

2. How We Use Information

We use the information we collect for the following purposes:

2.1 Platform Operations and Service Delivery

  • Creating and managing user accounts across fan, athlete, and school account types.
  • Processing subscriptions, channel purchases, tips, and premium content transactions through Stripe.
  • Facilitating payouts to athletes and schools via Stripe Connect, including calculating revenue-share percentages based on gamification levels.
  • Delivering personalized content feeds based on followed channels, subscriptions, and content preferences.
  • Managing entitlements and access control for public, subscription, and premium channel tiers.
  • Enabling channel-based content creation, posting, and consumption.
  • Supporting in-platform communication features.

2.2 Personalization and Recommendations

  • Curating content recommendations and discovery features.
  • Personalizing the explore and channel directory experience.
  • Providing AI-powered coaching and content strategy suggestions to creators.

2.3 Analytics and Platform Improvement

  • Analyzing usage patterns to improve Platform features, performance, and user experience.
  • Conducting A/B testing and feature experimentation.
  • Generating aggregated, de-identified analytics for internal reporting and business intelligence.
  • Monitoring Platform health, uptime, and performance metrics.

2.4 Safety, Security, and Compliance

  • Detecting and preventing fraud, abuse, unauthorized access, and other harmful activities.
  • Enforcing our Terms of Service and community guidelines.
  • Conducting content moderation.
  • Complying with applicable laws, regulations, legal processes, and governmental requests.
  • Supporting NIL compliance requirements for athletes and schools.
  • Maintaining audit logs for security and compliance purposes.

2.5 Communications

  • Sending transactional emails related to account activity, purchases, and subscriptions.
  • Delivering platform notifications, including content updates from followed channels.
  • Sending marketing communications, newsletters, and promotional content (with your consent where required).
  • Providing customer support and responding to inquiries.

2.6 Business Operations

  • Processing refunds and handling billing disputes.
  • Generating financial reports and tax documentation as required by law.
  • Supporting school onboarding and athlete roster management.

2.7 AI and Automated Processing

We use artificial intelligence and automated systems (“AI Systems”) to enhance the Platform experience:

  • Content Recommendations. AI Systems analyze your engagement patterns (channels followed, content viewed, subscriptions) to generate personalized content recommendations and discovery features.
  • Creator Analytics. AI Systems process aggregated engagement data to provide creators with content performance insights and strategy suggestions.
  • Content Moderation. Automated tools may be used to detect potential violations of our Community Guidelines, subject to human review before enforcement action.
  • Data Isolation. No personally identifiable information (PII) is transmitted to or processed by AI models. AI Systems operate on anonymized or aggregated data only. There is no human review of AI-generated outputs unless triggered by a content moderation flag.
  • No Profiling for Automated Decisions. We do not use AI Systems to make automated decisions that produce legal effects or similarly significant effects on you (such as account termination or payout modifications) without human review.

3. Information Sharing and Disclosure

We do not sell your personal information to third parties. We share your information only in the following circumstances and with the following categories of service providers:

3.1 Stripe (Payment Processing)

We share necessary transaction and identity information with Stripe, Inc. to process payments, manage subscriptions, facilitate payouts through Stripe Connect, and handle refunds and disputes. Stripe acts as an independent data controller for the payment information it collects. Stripe’s privacy policy is available at https://stripe.com/privacy.

Information shared with Stripe includes: - Name, email address, and billing information for payment processing. - Banking and identity verification information for Stripe Connect onboarding (provided directly by you to Stripe). - Transaction amounts, currency, and metadata for payment records.

3.2 Firebase / Google Cloud Platform (Infrastructure)

Our Platform uses Firebase, a Google Cloud Platform service, for authentication, database (Cloud Firestore), cloud functions, and file storage (Cloud Storage). Your data is stored and processed within Google Cloud’s infrastructure.

Information processed through Firebase/Google Cloud includes: - Authentication credentials and session tokens. - User profile data, content, and platform activity stored in Cloud Firestore. - Uploaded media files (profile photos, channel content) stored in Cloud Storage. - Cloud Function execution logs (which do not contain PII).

Google’s privacy policy is available at https://policies.google.com/privacy. Firebase’s data processing terms are available at https://firebase.google.com/terms/data-processing-terms.

3.3 Directus (Administrative CRM)

We use Directus as our internal customer relationship management (CRM) system for administrative operations, including school onboarding, lead management, and internal workflows. Directus is self-hosted and accessed only by authorized NextName staff.

Information processed through Directus includes: - Contact information for sales and onboarding purposes. - School and institutional data for partnership management. - Administrative notes and workflow statuses.

Access to Directus is restricted to authorized personnel with role-based access controls and multi-factor authentication.

3.4 Sentry (Error Monitoring)

We use Sentry for application error monitoring and crash reporting across our mobile applications and server-side functions. Sentry helps us identify, diagnose, and resolve technical issues.

Information processed through Sentry includes: - Error and crash reports, including stack traces and application state at the time of the error. - Device information, operating system version, and app version. - Anonymized or pseudonymized user identifiers for correlating error reports.

We configure Sentry to minimize the collection of PII. Sentry’s privacy policy is available at https://sentry.io/privacy/.

3.5 PostHog (Product Analytics)

We use PostHog for product analytics to understand how users interact with the Platform and to improve our features and user experience. PostHog is self-hosted on our infrastructure.

Information processed through PostHog includes: - Usage events and feature interactions (anonymized or pseudonymized). - Session recordings (if enabled, with sensitive fields masked). - Device type, browser, operating system, and general location. - Funnel and retention analytics.

Because PostHog is self-hosted, analytics data remains within our infrastructure and is not transmitted to third-party servers.

3.6 Other Disclosures

We may also disclose your information in the following circumstances:

  • Legal Compliance: When required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • With Your Consent: When you have given us explicit consent to share your information for a specific purpose.
  • Aggregated or De-Identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.
  • School Administrators: If you are an athlete affiliated with a school on the Platform, certain profile information and activity summaries may be visible to authorized school administrators for NIL compliance purposes, consistent with the school’s policies and your consent.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

4.1 Active Accounts

While your account remains active, we retain all information associated with your account to provide and improve the Platform services. This includes your profile information, transaction history, content, channel subscriptions, and usage data.

4.2 Account Deletion

When you request deletion of your account:

  • Immediate Actions: Your profile is deactivated and removed from public visibility. Your content is removed from channels and feeds. Your active subscriptions are cancelled.
  • 30-Day Backup Retention: Following account deletion, we retain a backup copy of your account data for thirty (30) calendar days to allow for account recovery in case of accidental deletion and to support our disaster recovery processes. After this 30-day period, your personal data is permanently deleted from our active systems and backups.
  • Deletion Confirmation: You will receive confirmation of your account deletion via email.

4.3 Financial and Tax Records

In accordance with IRS requirements and applicable tax regulations, we retain financial transaction records, payout records, and related tax documentation for a minimum of seven (7) years from the date of the transaction. This includes:

  • Transaction amounts, dates, and types (subscriptions, tips, premium content purchases).
  • Payout records for athletes and schools receiving earnings through Stripe Connect.
  • Tax-related information, including 1099 reporting data where applicable.

This financial data is retained in a secure, access-controlled environment and is used solely for tax compliance, financial auditing, and legal purposes.

We may retain information beyond the standard retention periods when required to do so by law, regulation, legal proceedings, or governmental investigations, or when necessary to establish, exercise, or defend legal claims.

4.5 Anonymized Data

Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytics, research, and Platform improvement purposes.

5. User Rights

We respect your rights regarding your personal information. Depending on your jurisdiction, you may have the following rights:

5.1 Right of Access

You have the right to request a copy of the personal information we hold about you. You can access much of your information directly through your account settings. For a comprehensive data export, contact us at privacy@nextname.io.

5.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most of your profile information directly through the Platform. For corrections to information that cannot be updated through the Platform, contact us at privacy@nextname.io.

5.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as financial record retention requirements described in Section 4.3). You can initiate account deletion through your account settings or by contacting us at privacy@nextname.io.

Account deletion is processed through our GDPR-compliant deletion system, which ensures that your data is removed from all active systems, with backup copies purged after the 30-day retention period described in Section 4.2.

5.4 Right to Data Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format (such as JSON or CSV). To request a data export, contact us at privacy@nextname.io. We will fulfill portability requests within thirty (30) days.

Portable data includes: - Profile information (name, bio, avatar, school affiliation, sport). - Content you have created (posts, comments, messages). - Transaction and subscription history. - Payout records and earnings history. - Activity and engagement logs. - Channel follow and subscription history.

Data export does NOT include: - Internal administrative notes or moderation records. - Anonymized or aggregated analytics data. - Data generated by other users about you (e.g., other users’ comments on your posts).

5.5 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of your data or object to our processing.

5.6 Right to Object

You have the right to object to the processing of your personal information for direct marketing purposes. You can opt out of marketing communications at any time by using the unsubscribe link in our emails or updating your notification preferences in your account settings.

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

5.8 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@nextname.io. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

6. Children’s Privacy

6.1 COPPA Compliance

The Platform is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. In compliance with the Children’s Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information.

6.2 Age Requirements

Users must be at least thirteen (13) years of age to create an account on the Platform. Users under the age of eighteen (18) must have the consent of a parent or legal guardian to use the Platform. Athletes under 18 must have parental or guardian consent, which may also be provided through their school’s participation agreement.

6.3 Reporting Concerns

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@nextname.io. We will investigate and take appropriate action promptly.

7.1 Cookies

Our website and web application use cookies and similar technologies to provide, protect, and improve the Platform. Cookies are small text files placed on your device by your web browser.

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the Platform to function properly. These include session cookies for authentication, security tokens, and load-balancing cookies. These cookies cannot be disabled without impairing Platform functionality.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and display options.
  • Analytics Cookies: Help us understand how users interact with the Platform, which pages are visited most frequently, and how users navigate between pages. We use self-hosted PostHog for analytics, which means analytics data remains within our infrastructure.
  • Marketing Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These cookies may be set by our advertising partners.

7.2 Mobile Tracking Technologies

Our mobile applications may use the following technologies:

  • Device Identifiers: We may collect device-specific identifiers (such as IDFV on iOS) to support analytics and error reporting.
  • Push Notification Tokens: If you enable push notifications, we store a device token to deliver notifications. You can disable push notifications through your device settings at any time.
  • Local Storage: We use local storage on your device to cache data for offline functionality and performance optimization.

7.3 Do Not Track Signals

Our Platform currently does not respond to “Do Not Track” (DNT) browser signals. However, you can manage your cookie preferences through your browser settings or our cookie consent mechanism on the website.

7.4 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. Most browsers allow you to:

  • View what cookies are stored and delete them individually.
  • Block third-party cookies.
  • Block cookies from specific sites.
  • Block all cookies.
  • Delete all cookies when you close your browser.

When you first visit our website, we will present a cookie consent banner that allows you to accept or decline non-essential cookies (analytics and marketing cookies). Strictly necessary cookies cannot be disabled as they are required for the Platform to function. Your cookie preferences will be stored and respected across sessions. You may update your preferences at any time through the cookie settings link in the website footer.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

8.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:

Category Examples Collected
Identifiers Name, email, phone number, IP address, device IDs Yes
Personal Information (Cal. Civ. Code 1798.80(e)) Name, address, phone number, financial information Yes
Protected Classification Characteristics Age (date of birth) Yes
Commercial Information Transaction records, subscription history, purchase history Yes
Internet or Network Activity Browsing history, search history, interaction with Platform Yes
Geolocation Data General location derived from IP address Yes
Professional or Employment Information School affiliation, sport, team (for athletes) Yes
Inferences Content preferences, engagement patterns, recommended content Yes
Sensitive Personal Information Account credentials (used for login purposes only) Yes

8.2 Your CCPA/CPRA Rights

As a California resident, you have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Correct: Request correction of inaccurate personal information.
  • Opt Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Limit Use of Sensitive Personal Information: Request that we limit the use of your sensitive personal information to purposes necessary to provide the Platform services.
  • Non-Discrimination: You will not be discriminated against for exercising your CCPA/CPRA rights.

8.3 Categories of Personal Information: Sources and Purposes

Category Sources Business Purpose
Identifiers Direct from user, Firebase Auth, Stripe Account management, payment processing, communications
Personal Information (Cal. Civ. Code 1798.80(e)) Direct from user, Stripe Payment processing, identity verification, tax reporting
Protected Classification Characteristics Direct from user Age verification, eligibility confirmation
Commercial Information Stripe, platform activity Transaction processing, revenue calculations, analytics
Internet or Network Activity Automatic collection, PostHog Platform improvement, security, analytics
Geolocation Data Automatic collection (IP-derived) Content localization, security, fraud prevention
Professional or Employment Information Direct from user, school rosters Profile display, search, school affiliation
Inferences Derived from usage data Content recommendations, personalization
Sensitive Personal Information Direct from user (credentials only) Authentication and account security

8.4 Sale of Personal Information

NextName does not sell personal information as defined by the CCPA/CPRA. We have not sold personal information in the preceding twelve (12) months.

8.5 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide proof of authorization (such as a signed written authorization or power of attorney). We may still require you to verify your identity directly with us.

8.6 Exercising Your California Rights

To exercise your CCPA/CPRA rights, contact us at: - Email: privacy@nextname.io - Response Time: We will respond to verifiable consumer requests within forty-five (45) days. If we need additional time (up to an additional forty-five days), we will notify you of the extension and the reason for it.

8.7 Financial Incentive Programs

We may offer financial incentives (such as discounts or premium features) for providing certain personal information or opting into marketing communications. Participation in these programs is voluntary, and you may opt out at any time. The value of the incentive is reasonably related to the value of the data provided, calculated based on the expense related to offering the incentive.

9. Security Measures

We implement comprehensive technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Safeguards

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Encryption at Rest: Data stored in our databases (Cloud Firestore) and file storage (Cloud Storage) is encrypted at rest using Google Cloud’s default encryption.
  • Authentication Security: Passwords are hashed using industry-standard algorithms. We support multi-factor authentication for administrative accounts.
  • Access Controls: Role-based access control (RBAC) restricts data access to authorized personnel based on their role and responsibilities. Administrative access requires multi-factor authentication.
  • Session Management: Sessions are managed with secure, HTTP-only cookies with appropriate SameSite attributes. Concurrent session limits are enforced for administrative accounts.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks and other common vulnerabilities.
  • Rate Limiting: Rate limiting is implemented on authentication endpoints and API routes to prevent brute-force attacks and abuse.

9.2 Organizational Safeguards

  • Audit Logging: All administrative actions are logged with timestamps, user identifiers, action descriptions, and outcomes for security monitoring and compliance purposes.
  • Incident Response: We maintain an incident response plan for detecting, responding to, and communicating about security incidents. See our security policies for details.
  • Vendor Risk Assessment: We assess the security practices of our third-party service providers and require appropriate data protection commitments.
  • Employee Access: Access to personal information is limited to employees and contractors who need it to perform their job functions, and all such personnel are bound by confidentiality obligations.
  • Security Monitoring: We use error monitoring (Sentry) and application logging to detect and respond to anomalous activity.

9.3 Payment Security

All payment processing is handled by Stripe, which is PCI DSS Level 1 certified, the highest level of certification in the payment card industry. We do not process, store, or transmit complete credit card numbers on our servers.

9.4 Reporting Security Concerns

If you believe you have discovered a security vulnerability or suspect unauthorized access to your account, please contact us immediately at security@nextname.io.

10. Data Breach Notification

10.1 Notification Commitment

In the event of a data breach that affects your personal information, NextName will:

  1. Notify affected users within seventy-two (72) hours of NextName becoming aware of the breach, or as otherwise required by applicable law if a shorter notification period is mandated;

  2. Provide details of the breach, including: the nature of the security incident, the categories of personal data affected, the approximate number of individuals affected, and the likely consequences of the breach;

  3. Describe the measures taken or proposed to be taken to address the breach and mitigate its potential adverse effects; and

  4. Provide contact information for NextName’s privacy team (privacy@nextname.io) for additional questions.

10.2 Regulatory Notification

Where required by applicable law (including state data breach notification laws), NextName will also notify the relevant data protection authorities and/or state attorneys general within the timeframes mandated by such laws.

10.3 School Notification

For security incidents affecting School data or the data of School-affiliated athletes, NextName will notify the School within twenty-four (24) hours, as further described in the School Agreement.

11. International Data Transfers

11.1 Data Processing Location

NextName is based in the United States. Our primary data infrastructure is hosted on Google Cloud Platform in the United States (us-central1 region). By using the Platform, you acknowledge that your personal information will be transferred to, stored, and processed in the United States.

11.2 Cross-Border Transfers

If you access the Platform from outside the United States, please be aware that your information will be transferred to the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we rely on the following mechanisms for cross-border data transfers:

  • Standard Contractual Clauses (SCCs): Where applicable, we enter into Standard Contractual Clauses approved by the European Commission with our service providers to ensure adequate protection for personal data transferred outside the EEA.
  • Data Processing Agreements: We maintain data processing agreements with our service providers that include appropriate safeguards for personal data.

11.3 EU/UK Residents

If you are a resident of the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the rights described in Section 5. Our legal bases for processing your personal information include:

  • Performance of a Contract: Processing necessary to provide the Platform services you have requested.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and Platform improvement, where those interests are not overridden by your rights.
  • Consent: Processing based on your freely given, specific, informed, and unambiguous consent.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

To exercise your GDPR rights, contact us at privacy@nextname.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

12.1 Notification of Changes

  • Material Changes: For material changes to this Privacy Policy (such as changes to the categories of data we collect, how we use your data, or with whom we share your data), we will provide prominent notice through the Platform (such as an in-app notification or banner) and/or by sending an email to the address associated with your account at least thirty (30) days before the changes take effect.
  • Non-Material Changes: For non-material changes (such as typographical corrections or formatting updates), we will update the “Last Updated” date at the top of this policy.

12.2 Your Continued Use

Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the updated Privacy Policy, you should discontinue your use of the Platform and may request deletion of your account.

12.3 Prior Versions

Prior versions of this Privacy Policy will be archived and made available upon request by contacting privacy@nextname.io.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

NextName, Inc.

  • General Privacy Inquiries: privacy@nextname.io
  • Customer Support: support@nextname.io
  • Legal Department: legal@nextname.io
  • Website: https://nextname.io

Mailing Address: NextName, Inc. An Illinois corporation Attn: Privacy Team [Address to be provided upon incorporation filing]

Response Times: - Privacy rights requests: Within 30 days (45 days for CCPA requests). - General inquiries: Within 5 business days. - Security concerns: Within 24 hours for initial acknowledgment.

If you are not satisfied with our response to your privacy concern, you may have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of March 1, 2026, and applies to all users of the NextName platform worldwide.

© 2026 NextName, Inc. All rights reserved.