Nexora

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Nexora ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI agent platform ("Service").

2. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored as a secure hash). If you use social login (Google, GitHub), we receive your name, email, and profile picture from the provider.

Workspace and Agent Data

We store the content you upload to train your AI agents, including documents, URLs, Q&A pairs, and agent configurations. This data is used solely to provide the Service.

Conversation Data

When end users interact with your AI agents, we store conversation messages (user messages and AI responses) for analytics, debugging, and quality improvement purposes.

Usage Data

We collect information about how you use the Service, including pages visited, features used, API calls made, and error logs. This helps us improve the platform.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe's privacy policy governs the handling of payment information.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your AI agent training data and generate responses
  • Process payments and manage subscriptions
  • Send account-related notifications (password resets, billing)
  • Provide customer support
  • Monitor and prevent abuse of the platform
  • Generate anonymized analytics to improve our product

4. Data Storage and Security

Your data is encrypted in transit (TLS/HTTPS) and at rest. We use industry-standard security measures including:

  • Secure password hashing (bcrypt)
  • JWT token-based authentication with token blacklisting
  • Rate limiting and Web Application Firewall (WAF)
  • Role-based access control (RBAC) for workspace members
  • Scoped API keys with granular permissions

5. Data Sharing

We do not sell your personal information. We may share data with:

  • AI Model Providers: Your agent's conversations are processed by third-party AI models (e.g., OpenAI) to generate responses. Only the necessary context is sent.
  • Stripe: For payment processing.
  • Legal Requirements: When required by law or to protect our rights.

6. Your Rights (GDPR)

Under GDPR and similar regulations, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Data Portability: Export your data in a machine-readable format
  • Restriction: Restrict processing of your data
  • Objection: Object to processing based on legitimate interests

You can exercise these rights through your workspace settings (data export, account deletion) or by contacting us at privacy@nexora.app.

7. Data Retention

We retain your data for as long as your account is active. When you delete your workspace or account, we remove all associated data within 30 days. Conversation logs for deleted agents are removed immediately. Billing records are retained as required by law.

8. Cookies

We use essential cookies for authentication (JWT tokens stored in localStorage) and theme preference. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "last updated" date at the top indicates the most recent revision.

11. Contact Us

For privacy-related inquiries, contact us at privacy@nexora.app.