Legal

Privacy Policy

Last updated: 28 April 2026

NextScenario takes the privacy of its visitors and customers seriously. This Privacy Policy explains what personal data we collect, how we use it and what rights you have. It applies to nextscenario.com and to the services we provide under the NextScenario brand (the “Service”).

1. Who is the data controller

The data controller for personal data collected through the Service is NextScenario, a company incorporated under the laws of Spain. You can contact us at privacy@nextscenario.com for any privacy-related question.

2. What we collect

We collect three types of data:

3. Why we collect it

We use personal data to: (a) provide and maintain the Service; (b) authenticate you and secure your account; (c) bill you for paid plans; (d) communicate with you about the Service, including security and product updates; (e) improve the Service and develop new features; (f) comply with legal obligations.

4. Legal basis

Under the EU General Data Protection Regulation, we rely on the following legal bases: contractual necessity for providing the Service to you; legitimate interests for security, analytics and product improvement (balanced against your rights); consent for non-essential cookies and marketing emails, which you can withdraw at any time; and legal obligation for tax and accounting records.

5. Cookies

We use a small number of cookies. Strictly necessary cookies (login session, CSRF token) are always set. Analytics cookies are only set after you give consent through the cookie banner. We do not sell cookie data and we do not use third-party advertising cookies.

6. Sharing your data

We share personal data only with: (a) sub-processors who help us run the Service (cloud hosting, email delivery, customer-support tooling, payment processing) under data-processing agreements; (b) third-party integrations you explicitly connect, and only with the data needed for that integration; (c) authorities, when legally required. We never sell your personal data.

7. International transfers

Some of our sub-processors are located outside the European Economic Area, primarily in the United States. We rely on Standard Contractual Clauses approved by the European Commission and on additional safeguards where appropriate to ensure your data receives an equivalent level of protection.

8. Retention

We retain Account data for as long as your account is active and for up to 12 months after closure. Customer data is retained while your account is active and is permanently deleted within 30 days of account closure unless you ask us to keep it longer. Billing records are retained for the period required by Spanish tax law (currently 6 years).

9. Your rights

You have the right to access, rectify, erase, restrict and port your personal data, and to object to processing based on legitimate interests. You can exercise these rights by emailing privacy@nextscenario.com. You also have the right to lodge a complaint with the Spanish data-protection authority (Agencia Española de Protección de Datos, aepd.es).

10. Security

We use industry-standard measures to protect your data: encryption in transit (TLS 1.2+) and at rest, role-based access control, audit logs, regular backups and vulnerability scanning. No system is perfectly secure; if a breach occurs that is likely to affect your rights and freedoms, we will notify you and the relevant authority within 72 hours of becoming aware of it.

11. Children

The Service is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes

We may update this Privacy Policy from time to time. The latest version is always at this URL. Material changes will be notified by email or in-app notice.

13. Contact

For privacy questions, write to privacy@nextscenario.com.

← Back to home