Nexus AINEXUS AI
Back to homeLegal

Privacy Policy

Last updated:

This Privacy Policy explains how NEXUS AI Ltd ("we", "us", "our") collects, uses and protects your personal data when you use the NEXUS AI service. We are the data controller for the personal data described below and are committed to handling it in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection law.

1. Who is responsible for your data

The data controller is NEXUS AI Ltd, registered in Malta (company number [COMPANY REGISTRATION NUMBER]), [REGISTERED OFFICE ADDRESS], Malta. For any privacy question or to exercise your rights, contact us at privacy@nexus-ai.app.

2. Data we collect

We collect and process the following categories of personal data:

  • Account data — your name, email address, password (stored only as a secure hash) and two-factor authentication settings.
  • Payment data — the tier you purchased, amounts, currency, invoice details and, for bank transfers, the reference you provide. Card details are handled by our payment processor and are not stored by us.
  • Content data — the messages, prompts and documents you upload to your AI assistant and store in your Vault. This content is encrypted and is treated as confidential.
  • Certificate data — Technology Certificate identifiers and verification records held in our Certificate Registry.
  • Technical data — IP address, device and browser information, and logs generated when you use the Service, used for security and to keep the Service running.

3. How we use your data

PurposeLegal basis
Creating and managing your account, and providing the ServicePerformance of a contract
Processing payments and issuing invoicesPerformance of a contract; legal obligation
Generating AI responses from your contentPerformance of a contract
Securing the Service and preventing abuse or fraudLegitimate interests
Responding to support requests and sending service emailsPerformance of a contract; legitimate interests
Complying with accounting, tax and other legal obligationsLegal obligation

4. AI processing and your content

To generate responses, the messages and documents you submit are sent to third-party AI providers acting as our processors. We only share the content necessary to provide the feature you are using. We do not sell your content, and we do not use the private content of your Vault to train our own or third parties' models except where you have explicitly opted in.

5. Sharing your data

We share personal data only with:

  • Service providers acting on our behalf (hosting, database, email delivery, payment processing and AI inference), bound by contracts that protect your data;
  • Authorities or third parties where required by law, regulation or valid legal process;
  • A successor entity in the event of a merger, acquisition or reorganisation, subject to this Policy.

6. International transfers

Some of our providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision to protect your data.

7. How long we keep your data

We keep your account and content data for as long as your account is active. When you delete your account or content, we delete or anonymise the associated personal data within a reasonable period, except where we must retain certain records (for example invoices) to meet legal, accounting or tax obligations.

8. Security

We use technical and organisational measures to protect your data, including encryption of stored content, hashed passwords and optional two-factor authentication. No system is completely secure, but we work to protect your data and will notify you and the relevant authority of a personal data breach where the law requires.

9. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@nexus-ai.app. You also have the right to lodge a complaint with your local data protection authority; in Malta this is the Office of the Information and Data Protection Commissioner (idpc.org.mt).

10. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

11. Children

The Service is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here and, where changes are material, take reasonable steps to notify you.

13. Contact

For any privacy matter, contact privacy@nexus-ai.app or write to NEXUS AI Ltd, [REGISTERED OFFICE ADDRESS], Malta.

Privacy Policy — NEXUS AI · NEXUS AI