Nexus 366
Enterprise Trust

Security & Compliance

Built for jewellers who handle deeply personal customer data. GDPR · CCPA · DPDP compliant with anonymization, consent management, OTP fraud protection, and enterprise-grade cloud infrastructure.

Get Started

Schedule a Demo

See Nexus 366 in action with a personalized walkthrough for your use case.

Architecture

The Galaxy & Planets Architecture

Inherit core data structures globally while retaining total autonomy to manage local operational nuances across your showrooms.

NBRAND HQMUMBAIShowroom 1DELHIShowroom 2BENGALURUShowroom 3SURATShowroom 4JAIPURShowroom 5CHENNAIShowroom 6

One Brand, Every Showroom

Your Brand HQ is the gravitational centre. Product catalogues, loyalty tiers, and customer segments flow outward to every showroom automatically.

Local Autonomy Retained

Each showroom node operates independently within its timezone, staff roster, and stock. Store-specific settings never bleed into other locations.

Encrypted Data Flows

Every data pulse between the hub and showroom nodes is encrypted in transit. Role-based access ensures staff see only what they need to act.

No Rip-and-Replace

Nexus366 sits elegantly on top of your existing ERP, acting as an intelligent clienteling layer that reads your data without disrupting your core workflows.

Security & Compliance Standards

GDPR · CCPA

Data Privacy Compliant

DPDP Compliant

India Data Protection Act

OTP Security

2-Factor Point Redemption

Right to Forget

Anonymization Pipeline

Cloud Infrastructure

PostgreSQL + Replicated

Role-Based Access

3-Level RBAC

Timezone Aware

Multi-Showroom, Multi-TZ

How We Comply

GDPR · CCPA · DPDP Compliance

Nexus366 is built to satisfy the world's leading data protection regulations. Here's how our platform features map to each framework.

GDPR

European Union, 2018

Protects EU residents' personal data with rights to erasure, access, and consent.

  • Right to Erasure: "Right to be Forgotten" anonymizes all PII on request while retaining financial records for accounting compliance.
  • Consent Management: Per-category consent booleans (analytics, marketing, personalization, functional); withdrawal triggers instant data-erase pipeline.
  • Data Minimization: IP addresses are HMAC-SHA256 hashed at capture. Raw IPs never stored.
  • Lawful Basis: Consent recorded per customer and device with full audit trail.

CCPA

California, USA

Gives California consumers rights to know, delete, and opt out of sale of personal information.

  • Right to Know: Customers can view all data held on them via the self-service Customer Portal.
  • Right to Delete: Same anonymization pipeline as GDPR erasure. PII removed, financials retained legally.
  • Right to Opt-Out: Consent withdrawal instantly stops all marketing processing.
  • Non-Discrimination: No degraded service for customers exercising privacy rights.

DPDP

India, 2023

India's Digital Personal Data Protection Act. Consent-based processing and Data Fiduciary obligations.

  • Right to Information: Customer Portal exposes all stored data on OTP-verified request.
  • Right to Correction & Erasure: Data Fiduciary obligations met via the anonymization pipeline.
  • Consent-Based Processing: Explicit consent captured before any personal data processing. Grievance redressal via contact channel.
  • Data Fiduciary Duties: Audit trail on all data access. Role-scoped access (RBAC) limits exposure.

Enterprise-Grade Security

Every feature engineered for jewelers handling sensitive client and financial data.

OTP Secure Redemption

Fraud Prevention

Stop internal points fraud at its root. Every loyalty point redemption requires a real-time OTP handshake with the customer, mandating 2-factor consent that eliminates staff misuse or back-office manipulation.

Right to be Forgotten

Data Privacy

Enforce GDPR/CCPA/DPDP by anonymizing all PII (name, email, phone, KYC) on deletion request, while legally retaining transaction and ledger history for accounting compliance. Every anonymization is timestamped in the audit trail.

Granular Consent Management

Compliance

GDPR, CCPA, DPDP, and LGPD consent recorded per customer and device with per-category booleans (analytics, marketing, personalization, functional). Consent withdrawal instantly triggers a data-erase pipeline.

IP Address Privacy

Privacy

Raw IP addresses are never stored. All IPs are HMAC-SHA256 hashed at capture time, enabling privacy-safe analytics without exposing any personal location data.

Role-Based Access Control

Access Control

Three scoped roles: Brand Admin, Store Manager, Sales Staff. Module-level permission control. Each role sees only the data it needs. Dashboards and data are automatically scoped.

2FA on All User Accounts

Authentication

Two-factor authentication is available for every platform user. Protect your team's access with hardware-ready TOTP or SMS-based second factors, configurable per role.

For Jewellers Worldwide

Ready to discuss your security requirements?

Schedule a personalized demo with our enterprise team. We'll walk you through GDPR · CCPA · DPDP compliance, OTP setup, and multi-showroom architecture.

Get Started

Schedule a Demo

See Nexus 366 in action with a personalized walkthrough for your use case.

WhatsAppShopifyRazorpayStripeERP / POSInstagram