Legal
Privacy Policy
Effective Date: February 7, 2026 · Last Updated: February 7, 2026
1. Introduction
NextBelt LLC ("NextBelt," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website next-belt.com or use our Smart Maintenance Management System ("SMMS") platform.
We process your personal data under one or more of the following legal bases, depending on the context: (a) performance of a contract when you subscribe to or use our Services; (b) our legitimate interests in operating, improving, and securing the Services (balanced against your rights); (c) your consent, where we explicitly request it (e.g., for marketing communications or optional cookies); and (d) compliance with legal obligations. Where we rely on consent, you may withdraw it at any time by contacting privacy@next-belt.com without affecting the lawfulness of processing before withdrawal. For information about managing cookies and tracking preferences, see Section 7.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, phone number, company name, job title
- Billing Information: Payment card details (processed by Stripe; we do not store full card numbers)
- Support Communications: Messages, emails, and files you send to our support team
- User Content: Data you enter into SMMS, including work orders, assets, maintenance records, and related documentation
2.2 Information Collected Automatically
- Log Data: IP address, browser type, operating system, referring URLs, pages visited, access times
- Device Information: Device identifiers, mobile device type, operating system version
- Usage Data: Features accessed, actions taken within SMMS, session duration
- Cookies: Session cookies for authentication and functionality (see Section 7)
2.3 Information from Third Parties
- Authentication Providers: If you sign in via Microsoft Azure AD or other identity providers, we receive your name and email
- Business Partners: Company information from referral partners or resellers
3. How We Use Your Information
We use collected information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain SMMS services | Contract performance |
| Process transactions and send billing notices | Contract performance |
| Respond to support requests | Legitimate interest |
| Send product updates and security notices | Legitimate interest |
| Analyze usage to improve our services | Legitimate interest |
| Comply with legal obligations | Legal compliance |
| Prevent fraud and ensure security | Legitimate interest |
We do not sell your personal data to third parties.
4. Data Sharing and Disclosure
We may share your information with:
4.1 Service Providers (Sub-processors)
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, storage | USA |
| Stripe | Payment processing | USA |
| OpenAI | AI-powered features (ELISA assistant) | USA |
| Microsoft Azure AD | Single sign-on authentication | USA |
| GitHub | Source code management | USA |
| Vanta | Compliance automation | USA |
| Google LLC | Website analytics (Google Analytics 4, Google Tag Manager) | USA |
| Tawk.to Inc. | Live chat widget | USA |
| Cookiebot (Usercentrics) | Cookie consent management | Denmark / EU |
We maintain Data Processing Agreements (DPAs) with each sub-processor. Enterprise customers may request a copy of our DPA or execute a custom DPA by contacting legal@next-belt.com.
4.2 Legal Requirements
We may disclose information if required by law, subpoena, court order, or government request.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
4.4 With Your Consent
We may share data for other purposes with your explicit consent.
5. Data Retention
We retain your data according to the following schedule:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of service + 90 days |
| Audit logs | 7 years (regulatory and compliance readiness) |
| Backup data | 30 days after deletion request |
| Anonymized analytics | Indefinitely |
Upon account termination, we delete or anonymize your data within 90 days, except where retention is required for legal or compliance purposes.
6. Data Security
We implement industry-standard security measures including:
- Encryption: TLS 1.2+ for data in transit; AES-256 for data at rest
- Access Controls: Role-based access control (RBAC), multi-factor authentication
- Infrastructure: AWS cloud infrastructure (AWS maintains its own SOC 2 Type II certification)
- Monitoring: Continuous security monitoring and intrusion detection
- Audits: Annual third-party security assessments
NextBelt is actively pursuing SOC 2 Type II certification through Vanta and has engaged an independent auditor to conduct the examination. Upon completion, our SOC 2 Type II report will be available to customers upon request under NDA. We have implemented our security controls in alignment with the AICPA Trust Services Criteria in preparation for the audit.
6.1 Data Breach Notification
In the event of a confirmed data breach affecting your personal data, NextBelt will:
- Notify affected customers without unreasonable delay, and in any event within 72 hours of confirmation
- Provide a description of the nature of the breach, categories and approximate number of records affected, and the likely consequences
- Describe the measures taken or proposed to address the breach and mitigate its effects
- Notify the relevant supervisory authority where required by applicable law (e.g., GDPR Article 33)
7. Cookies and Tracking
We use the following cookies and tracking technologies:
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
| Session cookie | NextBelt | Authentication, session management | Session |
| Preferences cookie | NextBelt | User preferences, language settings | 1 year |
_ga | Google Analytics | Distinguishes unique users | 2 years |
_ga_<ID> | Google Analytics 4 | Maintains session state | 2 years |
_gid | Google Analytics | Distinguishes users (24-hour window) | 24 hours |
| CookieConsent | Cookiebot | Stores your cookie consent preferences | 1 year |
| Tawk.to cookies | Tawk.to | Live chat functionality and session tracking | Session – 6 months |
You can manage your cookie preferences through our cookie consent banner (powered by Cookiebot) or through your browser settings. You may also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. Disabling essential cookies may affect SMMS functionality.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interest
- Restriction: Request limited processing of your data
To exercise these rights, contact us at privacy@next-belt.com or nextbelt@next-belt.com.
9. International Data Transfers
NextBelt is based in the United States. If you access our services from outside the USA, your data will be transferred to and processed in the United States. We rely on standard contractual clauses and other lawful transfer mechanisms for international transfers.
10. Children's Privacy
SMMS is a business-to-business service and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
11. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"):
- Right to Know: You may request the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, completing a transaction).
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: NextBelt does not sell personal information and does not share personal information for cross-context behavioral advertising as defined by the CCPA.
- Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond what is necessary to provide the Services.
- Non-Discrimination: We will not discriminate against you for exercising any of these rights.
11.1 How to Submit a Request
To submit a verifiable consumer request, email privacy@next-belt.com with "CCPA Request" in the subject line. You may also call (915) 235-5225. We will verify your identity by matching information you provide with information we already maintain. You may make a request up to twice in a 12-month period.
11.2 Authorized Agent
You may designate an authorized agent to submit a request on your behalf by providing a signed written authorization or a power of attorney. We may still require you to verify your identity directly.
11.3 Financial Incentives
NextBelt does not offer financial incentives or price differences in exchange for the retention or sale of personal information.
11.4 California "Shine the Light"
Under California Civil Code Section 1798.83, California residents may request information about disclosures of personal information to third parties for direct marketing. NextBelt does not disclose personal information to third parties for their own direct marketing purposes.
11.5 Metrics
As required by the CCPA, NextBelt will publish annual metrics on the number of requests received, complied with, and denied, once applicable thresholds are met.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification to account administrators
- Displaying a notice within the SMMS application
The "Last Updated" date at the top indicates when the policy was last revised.
13. Contact Us
For questions about this Privacy Policy or our data practices:
For privacy-specific inquiries: privacy@next-belt.com
© 2025–2026 NextBelt LLC. All rights reserved.