1. Introduction

This Privacy Policy (“Policy”) describes how [NEMSA LLC] (“we,” “us,” “our,” or “Company”) collects, uses, discloses, and otherwise processes personal information in connection with our website, mobile applications, and related services (collectively, the “Platform”).
The Platform is a crowdsourcing marketplace that connects entrepreneurs with solution providers to collaboratively develop and implement business solutions in exchange for equity and royalty arrangements.
We are committed to protecting your privacy and ensuring transparency about how we handle your information. Please read this Policy carefully. If you do not agree with our practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

Registration and Account Information:

• Full name, email address, phone number

• Username and password credentials

• Professional title, company name, and industry

• Work experience, educational background, and skills

• Profile photo and biographical information

• Payment and billing information (for transactions)

• Identification documents (for verification purposes)

• Tax information (for royalty and equity distributions)

Problem and Solution Submissions:

• Problem statements, project descriptions, and challenges

• Solution proposals and technical documentation

• Prototypes, files, images, and attachments

• Communication records and messages

• Feedback, ratings, and reviews

Communication Data:

• Messages sent through the Platform’s messaging system

• Support requests and customer service inquiries

• Comments and discussion posts

• Dispute resolution communications

Payment Information:

• Bank account details, credit card information, or payment processor data

• Transaction history and financial records

• Invoice and receipt information

Legal and Contractual Information:

• Intellectual property agreements

• Equity and royalty arrangement agreements

• Contract signatures and acceptance records

2.2 Information Collected Automatically

Technical Information:

• IP address and device identifiers

• Browser type, operating system, and version

• Pages visited, links clicked, and time spent on the Platform

• Referral source and navigation patterns

• Device type, hardware model, and unique device identifiers

• Mobile device identifiers (IDFA, Android Advertising ID)

Cookies and Tracking Technologies:

• Session cookies and persistent cookies

• Web beacons, pixels, and similar tracking technologies

• Analytics data from Google Analytics, Mixpanel, or similar services

• Remarketing and interest-based advertising cookies

Location Information:

• Approximate location based on IP address

• Precise location data (if you grant permission)

• GPS, Bluetooth, and similar location signals

Usage Analytics:

• Search queries and filter preferences

• Features accessed and actions performed

• Time and duration of usage patterns

• Error and crash reports

• Performance metrics

2.3 Information from Third Parties

Third-Party Service Providers:

• Data from payment processors (Stripe, PayPal, etc.)

• Information from identity verification services (Cognito, Onfido, etc.)

• Data from marketing and analytics providers

• Information from social media platforms (if you link your account)

Business Partners:

• Information from accelerators, incubators, and ecosystem partners

• Data from referral partners

Public Sources:

• Publicly available information from LinkedIn, GitHub, or other professional networks

• Information from public registries or business databases

Other Users:

• Information provided in reviews, ratings, or comments about you

• Data shared in disputes or complaints

3. How We Use Your Information

3.1 Core Platform Functions

• Creating and maintaining your account

• Processing problem submissions and solution proposals

• Facilitating communication between entrepreneurs and solution providers

• Managing the voting, rating, and selection process

• Executing and managing equity and royalty agreements

• Processing payments and distributing royalties

• Providing customer support and technical assistance

• Storing and sharing documents, files, and intellectual property

3.2 Communications

• Sending transactional emails (confirmations, updates, reminders)

• Notifying you of new problems, solutions, or messages

• Providing customer service responses

• Announcing platform updates and policy changes

• Sending newsletters and promotional materials (with your consent)

3.3 Analytics and Improvement

• Analyzing usage patterns and user behavior

• Conducting A/B testing and feature optimization

• Improving platform functionality and user experience

• Conducting research and developing new features

• Generating aggregated, anonymized insights and statistics

3.4 Legal and Compliance

• Complying with applicable laws and regulations

• Enforcing our Terms of Service and other agreements

• Protecting against fraud, security threats, and abuse

• Resolving disputes and litigation support

• Tax and financial reporting obligations

• Legal and compliance investigations

3.5 Marketing and Advertising

• Creating targeted advertising campaigns

• Sending marketing communications (with consent)

• Measuring campaign effectiveness

• Displaying your profile or solutions in our marketing materials (with consent)

• Social media marketing and remarketing

• Affiliate and referral program administration

4. Legal Bases for Processing (GDPR/CCPA)

We process your information based on the following legal bases:

• Contractual Necessity: Processing required to provide Platform services and execute agreements

• Legitimate Interests: Analytics, fraud prevention, security, marketing, and Platform improvement

• Legal Obligation: Compliance with tax, financial, and regulatory requirements

• Consent: For optional communications and marketing

• Vital Interests: Protection of your health and safety

• Performance of Public Tasks: Any regulatory or public interest obligations

5. Information Sharing and Disclosure

5.1 With Other Users

• Your public profile information (name, skills, experience, ratings)

• Problem statements and solutions you submit

• Ratings, reviews, and feedback you provide

• Communication within the Platform’s messaging system

• Your selected agreements (equity/royalty arrangements)

5.2 With Third-Party Service Providers

We share information with vendors and service providers who assist us:

• Payment processors (Stripe, PayPal, Square)

• Cloud hosting providers (AWS, Google Cloud, Azure)

• Identity verification and KYC providers

• Customer support and ticketing platforms

• Email and communication service providers

• Analytics and monitoring services

• Legal and accounting professionals

All service providers are bound by confidentiality obligations and data processing agreements.

5.3 Legal and Regulatory Disclosures

We may disclose information when required by law:

• Government agencies and law enforcement (with valid legal process)

• Tax authorities for royalty and payment reporting

• Regulatory bodies conducting investigations

• Courts during litigation or dispute resolution

• Required disclosures under securities laws (for equity transactions)

5.4 Business Transitions

If we are acquired, merge with another company, or undergo bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.5 Public Disclosures

With your consent, we may:

• Feature your profile or solutions in marketing materials

• Highlight success stories and case studies

• Showcase your achievements in press releases or media

• List you in community directories or recognition programs

6. Data Retention

6.1 Retention Periods

• Account Information: Retained for the duration of your account plus 2-3 years after termination

• Transaction Records: Retained for 7 years (for tax and financial compliance)

• Intellectual Property Records: Retained for the life of the agreement plus 7 years

• Communications: Retained for 3 years or as required by law

• Cookies: Typically 1-2 years (varies by type)

• Support Records: Retained for 2 years

• Marketing Data: Retained until you unsubscribe

6.2 Deletion Requests

You may request deletion of your information subject to:

• Legal and regulatory retention obligations

• Ongoing dispute resolution or investigations

• Active agreements or transactions

• Tax and financial record-keeping requirements
  We will delete or anonymize information when no longer necessary for the stated purposes.

7. Data Security

7.1 Security Measures

We implement comprehensive security measures:

• Encryption: End-to-end encryption for sensitive communications, AES-256 for data at rest, TLS/SSL for data in transit

• Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), principle of least privilege

• Firewalls and Intrusion Detection: Network firewalls, DDoS protection, intrusion detection systems

• Regular Audits: Third-party security audits, penetration testing, vulnerability assessments

• Compliance Standards: Compliance with SOC 2 Type II, ISO 27001, or equivalent security certifications

• Employee Training: Regular security training and confidentiality agreements

• Incident Response: Documented incident response procedures

7.2 Limitations

While we implement robust security measures, no method is 100% secure. You use the Platform at your own risk. We are not responsible for unauthorized access to your account if due to your negligence or misuse of credentials.

7.3 Breach Notification

If a security breach occurs, we will notify affected users without unreasonable delay (as required by law) and provide:

• Details of the breach

• Information compromised

• Steps you should take

• Contact information for inquiries

• Credit monitoring services (if applicable)

8. Your Privacy Rights

For detailed privacy rights, such as access, deletion, objection, correction, etc., please refer to the “Your Privacy Rights” section in the full document.

9. International Data Transfers

For more details on international data transfers, please refer to the “International Data Transfers” section.

10. Third-Party Links and Services

The Platform may contain links to third-party websites. Please review the privacy policies of any third-party services before providing your information.

11. Children’s Privacy

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13.

12. Cookies and Tracking Technologies

Please refer to the “Cookies and Tracking Technologies” section for cookie management.

13. California Privacy Rights (CCPA)

California residents have the right to access, delete, and opt-out of the sale of their personal information. Refer to the “California Privacy Rights” section for further details.

14. Virginia, Colorado, Connecticut, and Utah Privacy Rights

Residents of these states have rights to access, delete, and correct their personal information. Please refer to the relevant section for more information.

15. European Union GDPR Rights

EU/EEA residents have additional rights under GDPR, such as access, correction, erasure, and portability. Please refer to the “European Union GDPR Rights” section for more details.

16. Special Information for Entrepreneurs and Solution Providers

Please refer to the section for specific information on intellectual property, financial and royalty data, and identification verification.

17. Policy Changes

We may update this Privacy Policy from time to time. Changes will be effective upon posting to the Platform with an updated “Last Updated” date.

18. Contact Us

For privacy-related questions, requests, or complaints, please contact us using the information below:

Email: privacy@nemsa.com

Mailing Address:
NEMSA LLC
1513 E 72nd St N
Tulsa, Oklahoma 74126
United States of America

Data Protection Officer (EU/GDPR):
dpo@nemsa.com

Privacy Policy Form:
Click here

Response Time:
We aim to respond to all inquiries within 30 days.

Complaints:
If you believe we have violated your privacy rights, you may lodge a complaint with your local data protection authority.

19. Additional Notices by Jurisdiction

19.1 Nevada Residents

Nevada law allows residents to opt out of the sale of certain personal information. While we do not sell personal information as defined by Nevada law, Nevada residents may still submit an opt-out request.

19.2 New Hampshire Residents

New Hampshire law does not recognize a formal “right to be forgotten.” However, you may still request deletion of personal information, subject to legitimate business and legal requirements.

19.3 Illinois BIPA (Biometric Information Privacy Act)

If we collect biometric information (such as facial recognition or fingerprints), we will:

• Provide written notice before collection

• Obtain written consent prior to processing

• Provide clear information on data retention and deletion timelines

• Not sell, lease, trade, or disclose biometric information without prior informed written consent

Serious violations of biometric privacy rights may result in statutory damages under Illinois law.

20. Definitions

Personal Information
Any information that identifies or could reasonably identify an individual.

Processing
Any operation performed on personal information, including collection, use, storage, transmission, or deletion.

Data Subject
The individual whose personal information is being processed.

Controller
The entity that determines the purposes and means of processing personal data.

Processor
An entity that processes personal data on behalf of a controller.

Legitimate Interests
Business or operational interests pursued by the company or third parties that are balanced against the individual’s privacy rights.

Consent
A freely given, specific, informed, and unambiguous indication of agreement by the data subject to the processing of personal information.