NexJob, LLC — Effective May 1, 2026
This Data Processing Agreement ("DPA") is incorporated into and forms part of the NexJob Terms of Service. It governs NexJob's processing of personal data on behalf of its business customers.
"Customer" means the business entity that subscribes to the NexJob Service. "Customer Data" means any personal data that Customer uploads, submits, or otherwise provides to NexJob through the Service, including personal data of Customer's end customers. "Data Protection Laws" means all applicable data protection and privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and, where applicable, the EU General Data Protection Regulation (GDPR). "Personal Data," "Processing," "Data Controller," and "Data Processor" have the meanings given to them under applicable Data Protection Laws. "Sub-processor" means any third party engaged by NexJob to process Customer Data on NexJob's behalf. "Service" means the NexJob field service management platform.
This Data Processing Agreement ("DPA") applies to NexJob's processing of Customer Data in connection with the Service. Customer is the Data Controller. NexJob is the Data Processor. NexJob will process Customer Data only as necessary to provide the Service and as instructed by Customer, except where required by applicable law. NexJob will not sell, rent, or otherwise make Customer Data available to third parties except as described in this DPA.
NexJob processes the following categories of Customer Data: (a) Customer contact information — names, addresses, phone numbers, email addresses; (b) Job and service records — descriptions, locations, schedules, notes, photos; (c) Financial data — quotes, invoices, payment records (processed via Stripe); (d) Communication data — SMS messages, voice recordings, email content sent through the platform; (e) Technician data — names, assignments, location data (when tracking is enabled), time records; (f) AI processing data — voice recordings, photos, and text submitted for AI-powered features (processed by Anthropic and Google, not retained beyond the session). Data subjects include Customer's employees, technicians, and Customer's end customers.
Customer authorizes NexJob to engage the sub-processors listed at www.nex-job.com/sub-processors. NexJob will provide at least 14 days' prior written notice (via email to the account owner) before engaging a new sub-processor that processes Customer Data. If Customer objects to a new sub-processor, Customer may notify NexJob within 14 days of the notice. If NexJob cannot reasonably accommodate the objection, Customer may terminate the affected Service with a pro-rata refund of prepaid fees. NexJob will impose data protection obligations on each sub-processor that are materially consistent with those in this DPA.
NexJob will implement and maintain appropriate technical and organizational measures to protect Customer Data against unauthorized access, alteration, disclosure, or destruction. These measures include: HTTPS/TLS encryption for all data in transit; encrypted database backups at rest; role-based access controls limiting employee access to Customer Data on a need-to-know basis; rate limiting and brute-force protection on all authentication endpoints; API keys and secrets stored in environment-isolated configuration; error monitoring (Sentry) with personally identifiable information collection disabled; regular security reviews and updates. NexJob will not materially decrease the overall security of the Service during the term of the agreement.
NexJob will notify Customer without undue delay, and in any event within 72 hours of confirming a personal data breach affecting Customer Data. The notification will include: (a) the nature of the breach, including the categories and approximate number of data subjects and records affected; (b) the name and contact details of NexJob's contact point; (c) the likely consequences of the breach; (d) the measures taken or proposed to address the breach and mitigate its effects. NexJob will cooperate with Customer and provide reasonable assistance in Customer's fulfillment of its own breach notification obligations to data subjects, regulators, or other authorities.
NexJob will provide reasonable assistance to Customer in responding to requests from data subjects exercising their rights under Data Protection Laws (including rights of access, correction, deletion, portability, and objection). NexJob provides self-service data export and deletion tools within the Service. For requests that cannot be fulfilled through the Service, Customer may contact privacy@nex-job.com. NexJob will respond within 10 business days.
NexJob retains Customer Data for the duration of the subscription and for 30 days following termination to allow for data export. Upon written request after the 30-day window, NexJob will delete Customer Data from all active systems within 30 days and confirm deletion in writing. Backup copies may persist for up to an additional 30 days before automated purge. Certain data may be retained as required by applicable law (e.g., payment records for tax compliance — typically 7 years). See the NexJob Privacy Policy for the full data retention schedule.
Upon Customer's written request (no more than once per 12-month period), NexJob will make available information reasonably necessary to demonstrate compliance with this DPA. NexJob may satisfy this obligation by providing: (a) a current SOC 2 Type II report or equivalent third-party audit report, if available; or (b) written responses to Customer's reasonable security questionnaire. If neither option is sufficient to address a specific, documented concern, Customer may request an on-site audit with at least 30 days' written notice, to be conducted during normal business hours and at Customer's expense. NexJob may require execution of a confidentiality agreement before disclosing security information.
Customer Data is primarily stored and processed in the United States on servers operated by Render. Some sub-processors may process data in other countries (see www.nex-job.com/sub-processors for details). Where Customer Data is transferred to a country that does not provide an adequate level of data protection, NexJob relies on: (a) Customer's explicit consent to the transfer; and (b) contractual protections with sub-processors, including Standard Contractual Clauses where required. Contact privacy@nex-job.com for copies of relevant transfer mechanism documentation.
To the extent NexJob processes Customer Data that constitutes "personal information" under the California Consumer Privacy Act (as amended by the CPRA), NexJob is a "service provider" as defined under the CCPA. NexJob will not: (a) sell or share Customer Data; (b) retain, use, or disclose Customer Data for any purpose other than performing the Service or as permitted by the CCPA; (c) combine Customer Data with personal information received from other sources, except as permitted by the CCPA. NexJob certifies that it understands and will comply with these restrictions.
This DPA is effective for the duration of Customer's subscription to the Service and terminates automatically when the subscription ends. Sections 6 (Breach Notification), 8 (Data Retention and Deletion), and 9 (Audit Rights) survive termination.
In the event of a conflict between this DPA and the NexJob Terms of Service regarding the processing of Customer Data, this DPA shall control.
For questions about this DPA or to exercise any rights described herein, contact: NexJob, LLC — privacy@nex-job.com — Delaware County, State of Ohio.