How we protect your data

Accounts are protected with email and password sign-in. Each customer can only see and manage their own contacts, campaigns, templates, and message logs. Access to customer data is enforced at the database level on every request.

Sensitive admin operations (user management, plan changes, payment approvals) require an elevated admin role that is granted manually and verified server-side.

We store the information you provide to run your campaigns: profile details, contacts you upload, message templates, campaign settings, message delivery logs, and billing records. Message content is stored so you can review delivery history and troubleshoot failures.

Authentication and database services are operated on our managed backend platform. Outbound messages are dispatched through your connected WhatsApp/SMS providers.

You can view, export, and delete your contacts, templates, and campaigns from inside the app at any time. To request account deletion or a full data export, contact support and we will action it within a reasonable timeframe.

NextCore BD relies on a small number of trusted services to operate: a managed Postgres backend for storage and authentication, and the messaging providers you connect (such as Evolution API, WaSender, or Meta WhatsApp). Each provider receives only the data needed to deliver the messages you schedule.

Authentication emails (signup verification, password reset, magic links, email-change confirmation) and app notifications are sent from our branded sender domain notify.fmwsb.nextcorebd.com with the visible address no-reply@notify.fmwsb.nextcorebd.com. Replies should go to support@nextcorebd.com.

The sender domain is authenticated with SPF, DKIM and DMARC so mailbox providers (Gmail, Outlook, Yahoo) can verify each message. Emails are queued and retried up to 5 times, with delivery status logged for every send.

We maintain a suppression list: addresses that bounce, mark our email as spam, or unsubscribe are automatically blocked from future sends. You can request removal from the suppression list by contacting support.

We never sell or share your email address. We do not send marketing / promotional campaigns from this domain — only account-related and product notifications you have opted into by signing up.

If you believe you have found a security vulnerability, please email support@nextcorebd.com with details and steps to reproduce. We appreciate responsible disclosure and will respond as quickly as we can.