Legal

Privacy Policy

How Nextcore Technology Inc. collects, uses, and protects your personal information.

Effective date: 10 May 2026 · Last updated: 10 May 2026

1. Introduction

Nextcore Technology Inc. ("Nextcore", "we", "us", or "our") is a Philippine corporation that builds cloud software for businesses. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit nextcoretechnology.com, use our products (QuickDesk, GrootHR, NextPOS, Next-EMR), or otherwise interact with us.

This policy is designed to comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations. For users located in the European Economic Area, United Kingdom, or Switzerland, it also reflects principles of the EU General Data Protection Regulation (GDPR).

Plain English summary: We collect the information you give us (when you sign up, contact us, or use our products) and a small amount of information about how you use our website. We use it to operate our services, communicate with you, and improve what we offer. We don't sell your data. You have rights — including access, correction, and deletion — and we make it easy to exercise them.

2. Information we collect

2.1 Information you provide

  • Contact and account information: name, work email, company name, phone number, role, and any message you submit through our website forms.
  • Product data: when you use a Nextcore product, you and your end users may provide information such as customer support tickets (QuickDesk), employee records (GrootHR), sales transactions (NextPOS), or patient records (Next-EMR). This data is governed by the per-product Data Processing Agreement and our role is that of a processor on your behalf.
  • Billing information: if you become a paying customer, we collect billing details through our payment processor (Stripe). We do not store full credit card numbers on our servers.

2.2 Information collected automatically

  • Device and connection: IP address, browser type and version, operating system, referring URL, and pages visited.
  • Usage information: aggregated and de-identified information about how visitors interact with our website (page views, click patterns, time on page).
  • Cookies and similar technologies: see Section 6.

2.3 Information from third parties

We may receive information about you from publicly available sources, integration partners, or service providers we use to deliver our services (for example, identity verification or fraud prevention).

3. How we use your information

We use personal information for the following purposes:

  • To provide, operate, maintain, and improve our products and website.
  • To communicate with you — including to respond to inquiries, send transactional notices, and (with your consent) send marketing communications.
  • To process payments and fulfill subscription obligations.
  • To detect, investigate, and prevent fraud, abuse, or security incidents.
  • To comply with legal obligations and respond to lawful requests from authorities.
  • To analyze and improve our products, with information aggregated and de-identified wherever possible.

For users in the Philippines, we process personal information under the lawful criteria described in Section 12 of the Data Privacy Act, including your consent, the necessity of a contract, compliance with a legal obligation, and our legitimate interests where appropriate.

For users protected by the GDPR (EEA, UK, Switzerland), we rely on the following legal bases:

  • Contract (Article 6(1)(b)): processing necessary to provide a service you've requested.
  • Legitimate interests (Article 6(1)(f)): for example, improving our services and securing our infrastructure, balanced against your rights and freedoms.
  • Consent (Article 6(1)(a)): for marketing communications and non-essential cookies.
  • Legal obligation (Article 6(1)(c)): when required by law.

5. Sharing and disclosure

We do not sell personal information. We share personal information only in the following limited circumstances:

  • Affiliated companies (see Section 5.1 below): Nextcore shares operational systems with a corporate affiliate, OneCore Consultancy Inc., including accounting, human resources, and customer relationship management infrastructure.
  • Subprocessors: service providers who help us operate (cloud hosting, payment processing, email delivery, analytics, customer support tools). All subprocessors are bound by data protection obligations consistent with this policy.
  • Compliance with law: when required by valid legal process or to protect the rights, property, or safety of Nextcore, our users, or others.
  • Business transfers: if Nextcore is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
  • With your consent: for any other purpose disclosed at the time we collect the information.

5.1 Affiliated companies

Nextcore Technology Inc. and OneCore Consultancy Inc. are separate legal entities under shared ownership. The two companies operate as part of the OneCore family of companies and share certain operational infrastructure, including:

  • Accounting and finance systems — billing, invoicing, and bookkeeping records may be processed across both entities.
  • Human resources systems — employee records, payroll, and HR administration may be administered jointly, including by personnel who hold roles at both companies.
  • Customer relationship management (CRM) systems — contact information, leads, and customer correspondence may be visible to authorized personnel of both companies.

OneCore Consultancy Inc. also refers customers to Nextcore products as part of its consulting practice. Where OneCore Consultancy Inc. acts on Nextcore's behalf in connection with the personal information described in this Privacy Policy, it does so under a formal data sharing arrangement, and is bound by data protection obligations consistent with this policy and applicable law (including the Philippine Data Privacy Act and, where relevant, the GDPR).

If you have questions about how data flows between Nextcore and OneCore Consultancy Inc., or wish to exercise your rights as a data subject in connection with this arrangement, please contact our Data Protection Officer at sales@nextcoretechnology.com.

6. Cookies and tracking technologies

We use cookies and similar technologies to operate our website, remember your preferences (such as theme and cookie consent), and (with your consent) measure how the site is used.

You can manage your cookie preferences at any time using the Cookie preferences link in our footer. Strictly necessary cookies cannot be disabled because the site cannot function without them.

7. Your rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Right to be informed about how your data is processed.
  • Right of access to a copy of the personal information we hold about you.
  • Right to rectification of inaccurate or incomplete information.
  • Right to erasure ("right to be forgotten") of your personal information, subject to legal limits.
  • Right to object to certain processing, including direct marketing.
  • Right to restrict processing in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format.
  • Right to lodge a complaint with the Philippine National Privacy Commission (NPC) or, for EU users, your local supervisory authority.
  • Right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at sales@nextcoretechnology.com. We will respond within the time limits set by applicable law.

8. International data transfers

Nextcore is headquartered in the Philippines. Some of our subprocessors may process personal information in countries other than yours. When we transfer personal information internationally, we use appropriate safeguards — including Standard Contractual Clauses (SCCs) for transfers from the EEA and equivalent contractual measures for transfers under the Philippine Data Privacy Act.

Customers using QuickDesk in the EU may request data residency in EU regions; please contact us to discuss your requirements.

9. Data retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of data and the product or service involved; details are available in each product's Data Processing Agreement.

When personal information is no longer needed, we securely delete or anonymize it.

10. Security

We implement organizational and technical measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256);
  • Role-based access control and least-privilege principles;
  • Tamper-evident audit logging;
  • Field-level encryption for sensitive PHI in Next-EMR;
  • Regular security reviews and penetration testing;
  • Incident response procedures and breach notification consistent with applicable law.

No system is perfectly secure. If you become aware of a vulnerability or incident, please report it to sales@nextcoretechnology.com.

11. Children's privacy

Our products and website are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us so we can take appropriate action.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll post the revised version here, update the "Last updated" date at the top, and — for material changes — notify you by email or a prominent notice on our website before the changes take effect.

13. Contact us

If you have questions about this Privacy Policy or how Nextcore handles your personal information, please contact our Data Protection Officer:

You also have the right to file a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph) or, if you are in the EEA, with your local data protection supervisory authority.