Nekta Logo

nekta

Privacy Policy

Version 2026-06-13 · Effective 13 June 2026

We keep this policy under review and may update it from time to time.

This Privacy Policy explains how Nekta collects, uses, shares, and protects your personal data when you use the Nekta platform. It also sets out your rights over your data and how to exercise them. We have written it to reflect how the service actually works rather than in generic terms.

Nekta is a direct artist-to-fan and music-industry social network. Using the service is voluntary, and most of the data we hold is data you choose to give us by creating an account and using the platform's features.

1. Who we are

Nekta is operated by Nekta Lab Ltd, a company incorporated in the United Kingdom. Nekta Lab Ltd is the data controller responsible for your personal data.

Our application servers and primary database are hosted in Melbourne, Australia, and our media files (such as images and audio) are stored in London, United Kingdom. This means your data is processed across borders — see International transfers below.

For any privacy question, or to exercise a right described in this policy, contact us at info@nekta.vip.

2. What we collect

We collect the following categories of personal data:

  • Account & identity — your email address, username, password (stored only as a secure hash, never in plain text), display name, optional bio, optional location, avatar image, and your date of birth (used to confirm you meet the minimum age — see Children & age).
  • Authentication & security — login sessions, device information, and IP address (used to keep your account secure and detect abuse); email-verification and password-reset tokens.
  • Content you create — posts, comments, reactions, follows, brands you own, event RSVPs, and any media you upload.
  • Direct messages — the chat messages you send and receive, stored encrypted at rest (see Chat encryption).
  • Preferences & discovery data — genre preferences, location/region for discovery, appearance settings, and onboarding progress.
  • Consent & compliance records — a timestamped, versioned record of the policies and cookie choices you have accepted.
  • Connected accounts — where you connect a third-party service (such as Google sign-in or a Dropbox brand integration), the access tokens and profile metadata needed to operate that connection.
  • Email delivery logs — records of the transactional and mailout emails we send you, for deliverability and troubleshooting.

We do not intentionally collect special-category data (such as health, biometric, racial, political, religious, or sexual-orientation data). Free-text fields such as your bio, posts, or messages could contain such information if you choose to share it — please do not share sensitive information you do not want stored.

3. How and why we use your data

We process your personal data for the following purposes, on the following legal bases under the UK GDPR / EU GDPR.

PurposeLawful basis
Creating and running your account; delivering the core platform featuresPerformance of a contract
Keeping accounts and the platform secure; preventing abuse and fraudLegitimate interests
Sending transactional email (verification, password reset, notifications)Performance of a contract
Analytics to understand and improve the serviceConsent (you opt in via the cookie banner)
Marketing communications, where offeredConsent
Confirming you meet the minimum age; complying with legal obligationsLegal obligation / legitimate interests

Where we rely on consent, you can withdraw it at any time — for cookies and analytics, from the cookie preferences in your settings; the withdrawal does not affect processing already carried out.

4. Who processes your data for us

We use a small number of carefully chosen service providers ("processors") to run the service. They process personal data only on our instructions and under a data-processing agreement.

ProviderPurposeLocation
Akamai / LinodeApplication & database hosting (Melbourne); media object storage (London)Australia & United Kingdom
Twilio SendGridEmail deliveryUnited States
GoogleSign-in (OAuth) and Google Analytics (analytics only after you opt in)United States
CloudflareTurnstile CAPTCHA — bot & abuse protection at signupUnited States
DropboxOptional brand integration (release-file detection)United States
Redis (self-hosted)Session & cache storeAustralia (our own infrastructure)

Each of our US providers (SendGrid, Google, Cloudflare, Dropbox) is certified under the EU-US Data Privacy Framework (and its UK Extension), with Standard Contractual Clauses as a contractual fallback. We do not sell your personal data, and we do not share it with third parties for their own marketing.

5. International transfers

Nekta Lab Ltd is a UK controller, but your data is processed in more than one country:

  • EU/UK → Australia (our app server & database). Australia does not have an EU/UK adequacy decision, so these transfers are protected by our hosting provider's data- processing agreement, which incorporates the 2021 EU Standard Contractual Clauses, together with our own transfer impact and risk assessments and supplementary safeguards (encryption in transit, encrypted chat at rest, and strict access controls).
  • EU → United Kingdom (our media object store). The UK benefits from an EU adequacy decision (renewed to 27 December 2031), so no additional transfer mechanism is required for media stored in London.
  • EU/UK → United States (email, analytics, sign-in, CAPTCHA, integrations). These providers are certified under the EU-US Data Privacy Framework and its UK Extension, with Standard Contractual Clauses as a fallback.

You can ask us for more detail about the safeguards in place for any transfer by contacting info@nekta.vip.

6. How long we keep your data

We keep most account data for as long as your account is active. The following data is kept for a shorter, code-enforced period and is automatically removed when it is no longer needed:

  • IP addresses recorded against login sessions are erased (nulled) after 30 days.
  • Stale login sessions are deleted 7 days after they expire.
  • Email-verification and password-reset tokens are deleted 1 day after they expire or are used.
  • Email delivery logs are pruned after 90 days.

When you delete your account, we erase or irreversibly anonymise your personal data (see Your rights). A limited set of records is kept after deletion because the law requires or permits it:

  • Email-suppression (unsubscribe) records — kept so we continue to honour your choice not to be emailed.
  • Security records of banned IP addresses — kept for abuse prevention.
  • A non-identifying audit record that an erasure took place — this contains no personal data, only confirmation of what was done.

7. Your rights

Under the UK GDPR / EU GDPR you have the right to access, rectify, erase, restrict, and object to the processing of your personal data, and the right to data portability. We have built these into the product where we can:

  • Access & portability. You can download a machine-readable copy of your data (JSON and CSV) yourself from Settings → Privacy & Data.
  • Erasure. You can delete your account from Settings → Privacy & Data. We erase your personal data and irreversibly anonymise the content you have shared, replacing your identity with an anonymous "Deleted user", so the conversations and posts others relied on remain intact without identifying you.
  • Rectification. You can correct most of your profile data directly in your settings.
  • Other requests. For any right you cannot exercise in-app, or to object to or restrict processing, contact info@nekta.vip.

We respond to data-subject requests within one month. Where a request is especially complex or you make several requests, we may extend this by up to a further two months and will tell you within the first month if we need to.

You also have the right to complain to a data-protection supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EU, your local supervisory authority.

8. Cookies & tracking

We use a small number of essential cookies that are strictly necessary to run the site and are exempt from the consent requirement:

  • Authentication and refresh tokens — to keep you signed in.
  • nekta_theme and nekta_accent — to remember your appearance preferences.
  • nekta_cookie_consent — to remember the cookie choice you made.

Analytics (Google Analytics) is only loaded after you opt in via the cookie banner or the cookie preference centre. Until you accept analytics cookies, no analytics scripts are loaded and no analytics requests are made. You can change your choice at any time from your settings, and you can reject optional cookies as easily as you accept them.

9. Chat encryption

Direct messages (chat) are stored encrypted at rest. Message content is held as an encrypted envelope in our database rather than as plain text. When you download your data, your own messages are decrypted for you so the export is readable.

10. Children & age

Nekta is not intended for children. A minimum age applies depending on your region — 16 by default and across the EU, in line with the GDPR. We collect your date of birth at signup to confirm you meet the applicable minimum age, and signups below the threshold are refused. If you believe a child has created an account, contact us and we will remove it.

11. Security & data breaches

We protect your data with encryption in transit, encryption at rest for the most sensitive data (chat), least-privilege access controls, and secure password hashing. No system is perfectly secure, but we take reasonable steps to keep your data safe.

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours, and we will tell affected users where the breach is likely to result in a high risk to them.

12. Changes to this policy

We may update this policy as the service evolves or as the law changes. Each version carries a version number and effective date at the top. When we make a material change, we will ask you to review and re-accept the updated policy the next time you use Nekta.

13. Contact us

For any question about this policy or your personal data, or to exercise any of your rights, contact us at info@nekta.vip. Our Terms and Conditions are available at /legal/terms.

Privacy Policy — Nekta