NexTrade360 Online Privacy Policy

How NexTrade360 collects, uses, discloses, and protects personal data through nextrade360.com and the NexTrade360 platform.

NexTrade360 is a barter exchange management software platform operated by Red Leaf Software LLC ("Red Leaf Software," "NexTrade360," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, schedule a call, contact us, use NexTrade360 services, access a customer exchange site hosted on or supported by NexTrade360, or use related mobile applications and support services.

This Policy is intended to address applicable privacy laws, including, where applicable, the General Data Protection Regulation and UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, Brazil's Lei Geral de Proteção de Dados, Canada's Personal Information Protection and Electronic Documents Act, Japan's Act on the Protection of Personal Information, and the Australian Privacy Principles.

By using our website or services or providing personal data to us, you acknowledge the practices described in this Policy.

1. Introduction, Scope, and Contact Details

This Policy applies to personal data processed in connection with the NexTrade360 public website, discovery calls, demos, customer onboarding, exchange management software, mobile apps, support, training, migration, billing, reporting, tax compliance tools, communications, and related services.

Many NexTrade360 environments are operated for individual barter exchanges. If you are a member, prospect, broker, administrator, or other user of a barter exchange that uses NexTrade360, that exchange may be the organization that decides how your data is collected and used. You should also review that exchange's privacy policy and contact that exchange for privacy requests relating to your exchange membership or account.

Contact Details

Operator
Red Leaf Software LLC
Mailing address
P.O. Box 201, Colchester, VT 05446, United States
Phone
(802) 735-0730
Website contact
Use the contact, scheduling, or text options available on www.nextrade360.com.
Privacy contact
Use the contact details above and include "NexTrade360 Privacy Request" in your message.

2. Our Privacy Roles

Our role depends on the context in which personal data is processed:

  • Controller/business for direct relationships. We generally act as the controller or business for personal data collected through the NexTrade360 public website, discovery calls, sales communications, direct customer relationships, product administration, support, billing, security, and our own business operations.
  • Processor/service provider for customer exchange data. When a barter exchange customer uses NexTrade360 to manage its members, transactions, listings, billing, communications, onboarding, reporting, and compliance activities, we generally process personal data on that customer's behalf and according to its instructions and our agreement with that customer.
  • Customer responsibility. Our exchange customers are responsible for providing notices, obtaining consents, honoring member preferences, and determining the lawful basis for personal data they collect through their NexTrade360 environment, unless we separately state otherwise.

3. Information We Collect

We collect personal data only as reasonably necessary for the purposes described in this Policy, our agreements, or our customers' instructions.

3.1 Information from Website Visitors, Prospects, and Customers

  • Identifiers and contact information: name, email address, phone number, company or exchange name, job title, mailing address, and similar contact details.
  • Discovery, sales, and onboarding information: meeting scheduling details, messages, business needs, exchange size and operations, migration requirements, marketing source information, and demo or onboarding communications.
  • Account and support information: usernames, roles, preferences, support tickets, training interactions, feedback, error reports, and related communications.
  • Billing and commercial information: invoices, subscription records, purchase history, payment status, service usage, and contract records.

3.2 Platform Data Processed for Exchange Customers

Depending on how a customer configures and uses NexTrade360, the platform may process:

  • Member and prospect records: business name, legal name, entity type, website, contact person, email, phone, mailing address, billing address, notes, lead status, marketing source, and onboarding status.
  • Tax and identity information: EIN, SSN, TIN, taxpayer name, tax classification, tax verification status, 1099-B or similar tax reporting data, and related compliance records.
  • Account credentials and access data: usernames, passwords or password hashes, roles, permissions, login records, authentication logs, and account preferences.
  • Trading and transaction data: offers, requests, sales, purchases, trade credits, statements, invoices, commissions, fees, gift cards, certificates, virtual membership cards, scan-to-pay records, point-of-sale activity, and related balances.
  • Marketplace and inventory content: listings, descriptions, images, inventory, showroom records, directories, order pickup records, and other content submitted by customers or their members.
  • Broker and CRM data: contacts, notes, needs, tasks, follow-ups, service history, and customer relationship details.
  • Communications data: email messages, newsletters, text message records, opt-in and opt-out records, consent records, delivery status, and communication preferences.
  • Electronic signatures and documents: agreements, signed forms, onboarding materials, consents, policies, and audit records.
  • Migration and backup data: member accounts, transactions, statements, inventory, listings, descriptions, pictures, files, exports, logs, and backup records needed to migrate, maintain, restore, or support the platform.

3.3 Usage Data Collected Automatically

  • Device information: IP address, browser type and version, operating system, device type, mobile identifiers, app identifiers, and device settings.
  • Usage patterns: pages viewed, searches, clicks, features used, referral source, timestamps, session duration, error logs, diagnostic data, and performance data.
  • Approximate location: general location inferred from IP address. Mobile app permissions may provide additional information only where enabled by the user or required for a configured feature.
  • Security logs: login events, audit records, access attempts, fraud indicators, and other data used to protect the platform.

3.4 Sensitive Personal Information

NexTrade360 is not designed to collect sensitive categories such as health data, racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric identifiers used for identification, or sexual orientation, unless a customer independently configures or submits such information in violation of our intended use.

The platform may process information that is considered sensitive or protected under some privacy laws, such as tax identifiers, government-issued identifiers, financial account or payment information, precise enough transaction records to reveal personal behavior, electronic signature records, and communication opt-in records. We process this information only as necessary to provide the platform, comply with law, fulfill customer instructions, protect rights and security, or with consent where required.

Payment card information, if collected through the platform, is processed using payment gateways or security controls appropriate to the transaction. Do not provide payment card data except through designated secure payment fields.

4. Tracking Technologies

We and our service providers may use cookies and similar technologies to operate NexTrade360, secure accounts, remember preferences, analyze performance, support mobile apps, and deliver communications. These technologies may include:

  • Cookies: small text files used for sessions, authentication, preferences, security, analytics, and functionality.
  • Local and session storage: browser storage used to remember settings and support platform functionality.
  • Web beacons, pixels, and tracking scripts: tools used to measure whether pages or emails are accessed and to analyze usage.
  • Mobile SDKs and app logs: code and logs used for mobile app operation, crash diagnostics, push notifications, and security.
  • Device identifiers and logs: information used to operate, secure, and improve the service.

You can adjust browser or device settings to limit some tracking technologies. Certain platform features, such as account login, security, payments, shopping carts, member areas, messaging, or preferences, may not work properly without required cookies or storage.

5. How We Use Your Information

We use personal data for the following purposes and, where required, rely on the legal bases listed below:

  • To provide and maintain NexTrade360: to operate accounts, member portals, broker workflows, onboarding, marketplace activity, transactions, billing, reporting, tax compliance tools, mobile apps, backups, and support. Legal basis: performance of a contract, legitimate interests, customer instructions, and legal obligation.
  • To support customer operations: to migrate data, configure customer environments, train staff, troubleshoot issues, provide customer service, and maintain service availability. Legal basis: performance of a contract and legitimate interests.
  • To communicate with you: to respond to inquiries, schedule discovery calls, send administrative notices, provide support, and send product updates. Legal basis: performance of a contract, legitimate interests, and consent where required.
  • For email and text messaging: to send transactional messages, service notices, newsletters, member communications, reminders, alerts, and marketing messages where configured by a customer or where you have opted in. Legal basis: consent, performance of a contract, legitimate interests, and customer instructions, depending on context.
  • For payments, billing, and collections: to process fees, subscriptions, invoices, collections, and payment records. Legal basis: performance of a contract, legitimate interests, and legal obligation.
  • For analytics and improvement: to understand usage, improve performance, develop features, and evaluate product quality. Legal basis: legitimate interests and, where required, consent for non-essential cookies.
  • For security and fraud prevention: to detect, prevent, and investigate abuse, fraud, unauthorized access, technical issues, and illegal activity. Legal basis: legitimate interests and legal obligation.
  • To comply with law: to meet tax, accounting, recordkeeping, subpoena, court order, regulatory, and legal requirements. Legal basis: legal obligation and legitimate interests.

6. How We Share Your Information

We do not sell personal data. We may share personal data in the following circumstances:

  • With the applicable exchange customer: customer administrators, brokers, staff, and authorized users may access data within their NexTrade360 environment according to their roles and permissions.
  • With exchange members and marketplace participants: information such as directory listings, offers, contact details, transactions, gift cards, certificates, and communications may be visible or shared as configured by the exchange customer and necessary for exchange operations.
  • With service providers and subprocessors: vendors may support hosting, cloud infrastructure, backups, payment processing, email and SMS delivery, scheduling, electronic signatures, tax verification, analytics, customer support, security, monitoring, and professional services.
  • With payment processors, financial institutions, and compliance providers: when needed to process payments, verify tax details, support billing, or meet legal obligations.
  • With professional advisers: attorneys, accountants, insurers, auditors, and other advisers when reasonably necessary.
  • For business transfers: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction.
  • For legal requirements and protection: when we believe disclosure is necessary to comply with law, respond to lawful requests, enforce agreements, protect rights or safety, investigate wrongdoing, or protect against legal liability.
  • With consent or customer instructions: for other purposes disclosed to you or directed by the applicable customer.
  • Aggregated or de-identified data: information that cannot reasonably be used to identify you.

Text messaging privacy. We do not share mobile information with third parties or affiliates for their marketing or promotional purposes. Text messaging originator opt-in data and consent records are not shared with third parties except as necessary to provide messaging services, comply with law, protect rights, or fulfill customer instructions.

Where California privacy law applies, we do not knowingly sell personal information. We do not knowingly share personal information for cross-context behavioral advertising unless we provide legally required notice and an opt-out method.

7. International Data Transfers

Red Leaf Software is based in the United States. Your information may be transferred to, stored in, or processed in the United States or other countries where we, our customers, or our service providers operate. These countries may have data protection laws that differ from the laws in your jurisdiction.

Where required for transfers from the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with transfer restrictions, we use appropriate safeguards such as Standard Contractual Clauses, data transfer agreements, vendor due diligence, transfer impact assessments where required, and supplementary security measures.

8. Data Security and Retention

8.1 Security Measures

We use technical and organizational measures designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. These measures may include:

  • HTTPS / TLS encryption for data transmitted through websites and applications;
  • access controls, role-based permissions, and authentication controls;
  • secure storage, backup, monitoring, and incident response procedures;
  • audit logs and administrative controls for customer environments;
  • data minimization, retention controls, and deletion workflows where applicable;
  • staff confidentiality obligations and data protection awareness; and
  • secure development and deployment practices.

No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

8.2 Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, our agreements, customer instructions, or legal requirements. Platform data processed for exchange customers is generally retained according to the customer's contract, configuration, instructions, legal obligations, and backup schedules. We may retain certain records for tax, accounting, security, fraud prevention, dispute resolution, and legal compliance purposes. When personal data is no longer needed, we will delete, anonymize, or securely retain it in accordance with applicable law and our retention practices.

9. Your Data Protection Rights

Depending on your location and applicable law, you may have rights regarding your personal data. These rights may include:

  • Right to be informed: to know what personal data is collected and how it is used.
  • Right of access: to request a copy of personal data held about you.
  • Right to correction: to ask that inaccurate or incomplete data be corrected.
  • Right to deletion: to ask for deletion under certain circumstances.
  • Right to restrict processing: to ask for limited processing in certain situations.
  • Right to data portability: to receive certain personal data in a structured, commonly used, machine-readable format.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, to withdraw consent at any time.
  • Rights related to automated decision-making: where applicable, to avoid certain decisions based solely on automated processing that produce legal or similarly significant effects.

9.1 Requests About Exchange Membership Data

If your request relates to a membership, account, transaction, listing, message, tax record, or other data controlled by a barter exchange that uses NexTrade360, please contact that exchange first. We will assist the exchange in responding to requests when required by our agreement or applicable law.

9.2 Region-Specific Rights

California residents. You may have the right to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and be free from discrimination for exercising privacy rights. The categories of personal information we may collect are described in Section 3, the purposes are described in Section 5, and the categories of recipients are described in Section 6.

EU, EEA, UK, and Swiss residents. You may have rights under GDPR or similar laws, including rights of access, correction, deletion, restriction, objection, portability, and complaint to a supervisory authority.

Brazilian residents. You may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, information about consent, and revocation of consent.

Canadian residents. You may have rights to access personal information, challenge accuracy and completeness, request correction, and challenge compliance.

Japanese residents. You may have rights to disclosure, correction, suspension of use, deletion, and other rights under APPI.

Australian residents. You may have rights to access and correct personal information and to complain about handling of personal information.

9.3 How to Exercise Your Rights

To exercise rights for data we control directly, contact us using the details in Section 1 and include "NexTrade360 Privacy Request" in your message. We may need to verify your identity before fulfilling your request. We will respond within the time required by applicable law, such as 30 days under GDPR or 45 days under CCPA, unless an extension is permitted.

10. Children's Privacy

NexTrade360 is a business-focused platform and is not directed to children under 13, and it is not intended for children under 16 in the EU, EEA, or UK. We do not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe a child has provided personal data through NexTrade360, please contact the applicable exchange customer or us and we will take appropriate steps to address it.

12. Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will post the updated Policy and update the "Last Updated" date. Changes are effective when posted unless a different effective date is stated. If changes are material, we may provide additional notice as required by law or contract.

13. Complaints and Supervisory Authorities

If you have concerns about our privacy practices, please contact us first using the details in Section 1. If your concern relates to data controlled by a barter exchange customer, please contact that exchange directly. You may also have the right to contact a supervisory authority in your jurisdiction, including: