Privacy Policy

1. Overview

Nexus Suite ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information when you use NexusCore CLI, NexusIDE, the Nexus Suite Portal, and related services.

2. Data We Collect

Account information

When you create an account, we collect your email address, display name, and hashed password. If you sign in via Google or GitHub OAuth, we receive your email and profile information from the provider.

Billing information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription details but do not store credit card numbers or full payment details on our servers.

Usage data

We collect basic usage metrics such as API request counts, feature usage patterns, and error rates for service improvement and monitoring. We do not log the content of your code, chat messages, or AI model interactions.

Sync data

If you use the encrypted sync feature (Pro and Studio tiers), your data is encrypted on your device before transmission. We store encrypted blobs and cannot access the plaintext content (zero-knowledge architecture).

3. How Data Is Stored

All data is encrypted at rest using AES-256 encryption. Passwords are hashed using Argon2id with secure parameters. Database connections use TLS encryption. Backups are encrypted and stored in geographically redundant locations.

4. Data Retention

• Account data is retained for the lifetime of your account
• Sync data is retained while your subscription is active, plus 30 days after cancellation
• Audit logs are retained for a minimum of 1 year for Studio tier organizations
• Session data is retained for 30 days after the session expires
• After account deletion, all personal data is permanently removed within 30 days

5. Third-Party Processors

We use the following third-party services to operate Nexus Suite:

• Stripe — Payment processing and subscription management
• Resend — Transactional email delivery (verification, password reset, notifications)
• Cloud infrastructure provider — Server hosting and data storage
• Sentry — Error tracking and monitoring (no personal data is sent)

We do not sell your personal data to third parties. Data shared with processors is limited to what is necessary for their service.

6. Your Rights

You have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Update or correct inaccurate personal data
• Deletion — Delete your account and all associated data from the account settings page
• Export — Export your data in a machine-readable format (available via the API)
• Restriction — Request that we limit processing of your data in certain circumstances

To exercise these rights, contact us at privacy@nexus-suite.dev or use the account settings page at nexus-suite.dev/account.

7. Cookies

The Nexus Suite Portal uses essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Authentication tokens are stored in browser local storage.

8. Children's Privacy

Nexus Suite is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the services. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact

For privacy-related questions or requests, contact us at privacy@nexus-suite.dev.