Privacy Policy

Last updated: 2026-04-20

This Privacy Policy explains what personal information Nexxtool (“we”, “us”) collects when you use the Nexxtool platform, website, and related services (the “Service”), how we use it, who we share it with, and what rights you have. It applies to all users worldwide.

1. Information we collect

We collect only what we need to operate the Service.

• Account information. Your email address, a password hash (handled by our identity provider, never stored in plaintext), display name if provided, and an optional phone number if you enable SMS notifications.
• Usage data. Timestamps and counts of tasks you submit, feature flags exercised (e.g. streaming, workflows), tier and entitlement state, and aggregated IP/user-agent metadata used for abuse prevention and rate limiting.
• Content you submit. Prompts, uploaded knowledge files, workflow definitions, and artifacts produced on your behalf. Content is stored under your account and is logically isolated from other users.
• Billing data. If you subscribe, our payment processor (Stripe) holds your card data; we receive only a customer identifier, plan tier, and subscription status. We never see or store full card numbers.
• Communications. Emails and SMS we send at your request (via our providers) and support conversations you initiate with us.

2. How we use it

We use your information to: operate the Service; authenticate your session; process payments; enforce usage limits and prevent abuse; send transactional emails and SMS you have opted into; respond to support requests; comply with legal obligations; and improve the Service in aggregate (e.g. fixing errors, tuning performance).

We do not sell your personal information. We do not use your content to train third-party models beyond what is strictly necessary to produce your requested output.

3. Third-party processors

We share information with the following sub-processors strictly to provide the Service. Each has its own privacy terms governing how they handle data we hand them:

• Stripe — payment processing, subscription management, invoices.
• Supabase — managed Postgres, authentication, and storage for your account and content.
• Google AI (Gemini) — model inference for text, image, audio, video, and structured-output tasks you dispatch.
• MiniMax — additional multimodal model inference when selected.
• Resend — transactional email delivery (account confirmations, receipts, notifications).
• Twilio — SMS delivery for notifications and alerts you opt into.
• Vercel — frontend hosting and edge delivery.
• Railway — backend application hosting.

4. Cookies & similar technologies

We use first-party cookies and equivalent browser storage to keep you signed in, remember your UI preferences (e.g. sidebar state), and maintain CSRF / rate-limit protection. We do not use third-party advertising or tracking cookies. You can clear or block cookies in your browser, but doing so will sign you out of the Service.

5. Data retention

We retain account and usage data for as long as your account is active. Billing records are retained for seven (7) years to comply with tax and accounting requirements. Content you submit is retained until you delete it, until your account is deleted, or for up to thirty (30) days after account closure to allow for recovery. Server logs and audit records are retained for ninety (90) days unless longer retention is required to investigate abuse or comply with law.

6. Your rights

Depending on your jurisdiction (including under GDPR, UK GDPR, and CCPA/CPRA), you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or outdated information;
• Delete your account and associated content;
• Export a portable copy of your content;
• Object to or restrict certain processing;
• Withdraw consent where processing is consent-based.

To exercise any of these rights, email privacy@nexxtool.ai from the address on your account. We respond within thirty (30) days.

7. Security

We use TLS in transit, encryption at rest for managed databases, least-privilege service credentials, rate limiting, and an audit log for privileged operations. No system is perfectly secure; if we become aware of a breach that affects your personal information, we will notify you as required by applicable law.

8. International transfers

Our sub-processors are located in the United States and other regions. By using the Service you consent to the transfer of your information to countries that may not provide the same level of protection as your country of residence. Where required, we rely on standard contractual clauses.

9. Children’s privacy

The Service is not directed to children under 13 (or 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact privacy@nexxtool.ai and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-app notice before taking effect. The “Last updated” date above reflects the most recent revision.

11. Contact

Privacy questions or data requests? privacy@nexxtool.ai.