Privacy Policy
Your privacy matters to us. Here's exactly what data we collect, why we collect it, and how we protect it.
TL;DR β In Plain English
We use a session cookie only to keep you logged in. We collect minimal data to run the service β your email, name, usage stats, and monthly request counts. We never sell your data to anyone. You can delete everything anytime.
1. What Data We Collect
We collect only what's necessary to provide you with a secure, functional AI assistant.
| Data Type | What We Collect | Why |
|---|---|---|
| Account Info | Email, Name, Profile Picture (from Google) | To identify you and personalize your experience |
| Session Data | Device info, IP address, location (city), login time | To keep you logged in and show your active sessions |
| API Keys | Nexus API keys, Groq API key (encrypted) | To power the AI assistant and secure your credentials |
| Usage Analytics | Number of requests, tokens used, models called | To monitor performance and improve the service |
| Monthly Usage | Request count per month (for limit enforcement) | To enforce freeβtier limits and manage upgrades |
| Cookies | Session cookie (HttpOnly, Secure, SameSite=Strict) | To authenticate you across requests |
We DO NOT collect: Browsing history, search queries, messages you send to the AI, or any content from your website.
2. Why We Collect This Data
Every piece of data serves a clear purpose β no hidden agendas.
Your email and session cookie keep your account secure and accessible only to you.
Usage stats help us understand how the AI is performing and where to improve.
IP and device info help us detect unusual activity and keep your account safe.
Your API keys are stored encrypted so you can securely integrate AI into your websites.
Monthly request counts ensure fair usage of the free tier and enable future upgrades.
3. How We Protect Your Data
Security is baked into everything we do.
Your Groq API key is encrypted in Firestore. Session cookies are signed and secure.
Your session cookie is invisible to JavaScript β preventing XSS attacks.
Cookies are only sent over HTTPS and only for same-site requests β blocking CSRF attacks.
Only core team members have access to production systems. Third parties never see your data.
4. Third-Party Services We Use
We rely on trusted partners to run the service. Each one is committed to data privacy.
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Firebase | Authentication, Database, Hosting | Email, Name, Profile Photo, UID, Session Data, Monthly Usage | View β |
| Groq | AI Model Inference | Your messages (only when you use the AI) | View β |
| Vercel | Deployment & Serverless Functions | IP address, Request logs (anonymous) | View β |
| Cloudflare Turnstile | Bot Protection (CAPTCHA) | No personal data β only verification tokens | View β |
Important: Your Groq key is stored encrypted in Firestore and never shared with anyone β including us.
5. Your Privacy Rights
Under GDPR, CCPA, and similar laws, you have full control over your data.
You can see all your data in the Dashboard at any time.
Update your profile info anytime through Google or the Dashboard.
Delete your Groq key, API keys, and revoke all sessions from the Dashboard.
Request a copy of your data by emailing us (see contact below).
6. Cookie Policy
We use minimal cookies β just what's needed to keep you logged in.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
nexus_session |
Keeps you logged in | 7 days (renewed on each request) | Strictly Necessary |
__Secure-next-auth |
Vercel session management | Session | Strictly Necessary |
No tracking cookies. We do not use Google Analytics, Facebook Pixel, or any marketing cookies. You are not being tracked.
7. How Long We Keep Your Data
We keep data only as long as needed to provide the service.
8. Children's Privacy
Nexus is not intended for children under 13. We do not knowingly collect personal information from children. If you are a parent and believe your child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this policy occasionally. The latest version will always be posted here with the effective date at the top. Significant changes will be notified through the Dashboard or via email.
Last updated: July 2, 2026
10. Contact Us
Have questions about privacy? Concerns about your data? We're here to help.
We respond to privacy-related inquiries within 48 hours.