Privacy Policy
Last updated: March 21, 2026
1. Information We Collect
Account Information
When you register, we collect your name, email address, and password (stored as a bcrypt hash — we never store plaintext passwords).
Usage Data
We collect data about how you use the Platform: pages visited, features used, automations created, and API calls made. This helps us improve the product.
Connected Service Data
When you connect third-party services (Slack, Gmail, Stripe, etc.), we access only the data necessary to provide the features you've enabled. We store OAuth tokens encrypted with AES-256-GCM in our credential vault.
Financial Data
If you use Financial Autopilot, we process transaction data you provide or connect via integrations. All financial data is encrypted at rest and in transit.
Health Data
If you use Health Intelligence, we process health data from connected sources. Health data receives the highest level of protection and is never shared with third parties.
2. How We Use Your Data
- To provide, maintain, and improve the Platform
- To execute automations and AI agent actions you've configured
- To generate insights and recommendations
- To send you important service notifications
- To detect and prevent fraud, abuse, and security threats
- To comply with legal obligations
3. How We Protect Your Data
- Encryption at rest: All sensitive data is encrypted using AES-256-GCM with unique keys per user
- Encryption in transit: All connections use TLS 1.3
- Key derivation: scrypt with high memory parameters for all password and key operations
- Access control: Role-based access with principle of least privilege
- Audit logging: All data access is logged and monitored
- Credential storage: Third-party tokens stored in encrypted vault, never in plaintext
4. Data Sharing
We do not sell your data. Period.
We share data only in these cases:
- With your connected services: Only the data needed to execute your automations
- With AI providers: Queries sent to AI models for processing (Claude by Anthropic). We do not send personal identifiers — only the content needed for the task.
- Legal compliance: If required by law, court order, or government request
5. Your Rights
- Access: Request a copy of all data we hold about you
- Correction: Update or correct your personal information
- Deletion: Delete your account and all associated data
- Export: Export your data in a machine-readable format
- Opt-out: Disable specific data collection features
Exercise these rights in your account settings or by emailing privacy@nexadron.com.
6. Data Retention
We retain your data for as long as your account is active. After account deletion, all data is permanently removed within 30 days. Backups are purged within 90 days. Anonymized, aggregated analytics data may be retained indefinitely.
7. Cookies
We use only essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
8. Children's Privacy
The Platform is not intended for users under 16. We do not knowingly collect data from children.
9. Changes to This Policy
We will notify you of material changes via email or in-app notification at least 30 days before they take effect.
10. Contact
Questions? Email privacy@nexadron.com.