Privacy Policy

Last updated: 5 September 2025

  1. Who we are

Upgrade.amsterdam, trading as “NextMe” (“we”, “us”, “our”).
Address: Geuzenstraat 44-3, 1056KE Amsterdam, The Netherlands.
Email: service@nextme.chat.

  1. What this policy covers

This policy explains what personal data we collect, why we use it, how long we keep it, who we share it with, and your rights. It applies to nextme.chat, our checkout and customer portal, and our support.

  1. Personal data we collect

Contact details: email address, country, IP address.
Transaction data: product purchased, price, currency, payment status, timestamps, order identifiers.
Technical data: device and browser information, basic logs needed to keep the service secure.
Support data: any messages you send to us.

We do not see or store your conversations in ChatGPT. If you use our agent inside your own OpenAI account, OpenAI processes those prompts under its terms and privacy policy.

  1. How we obtain data

You provide it at checkout or when you contact support.
Our systems generate it to operate, secure, and maintain the service.
Payment providers share payment status so we can grant access.

  1. Why we use data and our legal bases (GDPR)

Provide the service you purchased, operate the checkout and portal, grant access, prevent fraud. Legal basis: contract performance and legitimate interests.
Send essential service emails about your order or access. Legal basis: contract performance.
Legal, tax, and compliance obligations. Legal basis: legal obligation.
Improve and secure the service. Legal basis: legitimate interests.
Marketing: we do not currently send marketing emails or build marketing profiles. If we add optional marketing later, we will request your consent first.

  1. Sharing and processors

We use trusted service providers that process data for us:
SureCart for checkout and customer portal
Payment processors such as Mollie, Stripe, and PayPal
WordPress hosting and email delivery (including WP Mail SMTP or a comparable mailer)
Optional email marketing provider such as Mailchimp if you opt in at some future point

We have agreements in place with each provider. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

  1. International transfers

Some providers may process data outside the EEA or the UK. Where required we rely on safeguards such as the EU Standard Contractual Clauses and additional technical and organizational measures. You can email us for a current list of providers and transfer mechanisms.

  1. Retention

Order and payment records: up to 7 years for tax and accounting.
Support messages: up to 24 months.
Technical logs: up to 12 months unless needed longer for security or legal claims.
Marketing data: not collected at this time. If collected later with consent, retained until you unsubscribe or request deletion.

  1. Security

We use appropriate technical and organizational measures such as encryption in transit, access controls, least-privilege administration, and data minimization. No security program can guarantee absolute security.

  1. Children

The service is intended for users aged 16 and over and is not directed to children under 16.

  1. Cookies and analytics

We use a consent banner with Google Consent Mode v2. Only strictly necessary cookies load by default. Analytics only runs after you give consent.

Analytics (Google Analytics 4)
We use Google Analytics 4 to understand how people use NextMe so we can improve the site and our service. GA4 collects usage data in aggregate and does not store IP addresses.

What we collect via GA4
Page views, clicks, scroll depth, outbound link clicks, file downloads, video plays, referring site, approximate location (city or country), device, browser, language, and session duration.

Legal basis
Consent. You can give or withdraw consent at any time via Cookie Settings.

Retention
Analytics event data is kept for 14 months.

Sharing and transfers
Analytics data is processed by Google Ireland Limited and, where needed, Google LLC. Data may be processed outside the EEA or UK. Transfers rely on the EU–US Data Privacy Framework and Standard Contractual Clauses where required. We do not enable Google Signals and we do not use analytics data for ads personalisation.

Cookies used for analytics
Provider: Google Analytics 4
Cookies: _ga, ga*, _gid
Purpose: website usage statistics
Duration: up to 2 years (_ga), 24 hours (_gid)
These cookies are set only after consent. Manage your choice via Cookie Settings.

  1. Your rights

EU and UK users have the right to request access, rectification, deletion, restriction, portability, and to object to processing. Where processing is based on consent you can withdraw that consent at any time. You also have the right to lodge a complaint with your local authority. In the Netherlands: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

  1. Data Subject Requests (how to exercise your rights)

You can exercise your privacy rights at any time by emailing service@nextme.chat with the subject line “Privacy request”. Include:
• The email address you used with NextMe
• Your country of residence
• The right you want to exercise (access, rectification, deletion, restriction, portability, objection, withdraw consent)

Verification. We may ask you to confirm your email or provide limited information to verify your identity before acting on a request.

Response times.
EU and UK: we respond within 1 month of receipt. We may extend by up to 2 additional months where requests are complex or numerous. We will tell you if we need more time.

Scope and limits. We cannot disclose information that would adversely affect the rights and freedoms of others. If a request is manifestly unfounded or excessive we may refuse it or charge a reasonable fee as permitted by law.

  1. Changes to this policy

We may update this policy from time to time. We will post changes here and update the “Last updated” date. If the changes are material we will provide an additional notice where appropriate.

  1. Contact

Questions or requests: service@nextme.chat.
Postal address: Geuzenstraat 44-3, 1056KE Amsterdam, The Netherlands.

  1. Geographic scope, governing law, and non-US focus

We operate and market our service to users in the EEA and the UK only. We do not target or direct our service to residents of the United States or other non-EEA/UK jurisdictions. This policy is designed to meet GDPR and UK GDPR requirements. Dutch law governs, and Dutch courts have jurisdiction, unless mandatory law of your country of residence provides otherwise.

For visitors outside the EEA/UK, including the United States: any rights information you may see on our site is provided for transparency only and does not indicate we are subject to those laws. We do not sell or share personal information as defined by US state privacy laws and we do not meet their applicability thresholds. If a US resident contacts us, we will handle the request under GDPR principles and our timelines in section 13. We do not process “authorized agent” requests under US laws. Use of our site from outside the EEA/UK is at your own initiative.