Privacy Policy

Effective Date: February 11, 2026
Last Updated: February 11, 2026

NexaroAI LLC (“Company,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (nexaroai.com) and use our AI automation services.

NexaroAI LLC is a Wyoming Limited Liability Company located at:
30 N Gould St, STE R, Sheridan, WY 82801, United States

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Name and contact details (email, phone number)
  • Company name and business information
  • Username and password
  • Communication preferences

Billing Information:

  • Payment card details (processed securely by Stripe)
  • Billing address
  • Transaction history

Service Configuration:

  • Workflow configurations and settings
  • Integration credentials (API keys, OAuth tokens)
  • Business process information shared during onboarding

Communications:

  • Support tickets and correspondence
  • Feedback and survey responses
  • Chat and call recordings (with consent)

1.2 Information Collected Automatically

Technical Data:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring website
  • Pages visited and time spent
  • Click patterns and navigation paths

Service Usage Data:

  • Workflow execution logs
  • AI feature usage and credit consumption
  • Error logs and performance metrics
  • Login times and session duration

Cookies and Tracking:

  • Essential cookies for site functionality
  • Analytics cookies (with consent)
  • Preference cookies

See Section 8 (Cookie Policy) for details.

1.3 Information from Third Parties

  • Payment verification data from Stripe
  • OAuth profile data when you connect third-party accounts
  • Publicly available business information

1.4 Customer Data

When you use our Services, you may input, upload, or transmit data through our platform (“Customer Data”). This may include your business data, customer information, or other content processed by our workflows.

Important: You are the data controller for Customer Data. We process Customer Data solely on your behalf as a data processor, in accordance with your instructions and this Privacy Policy.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

  • Provide, operate, and maintain our Services
  • Process transactions and send billing notifications
  • Create and manage your account
  • Execute and monitor your automated workflows
  • Provide customer support and respond to inquiries

2.2 Service Improvement

  • Analyze usage patterns to improve our platform
  • Develop new features and services
  • Conduct research and analytics
  • Debug and fix technical issues

2.3 Communications

  • Send service-related announcements
  • Respond to your comments, questions, and requests
  • Send marketing communications (with your consent)
  • Notify you of updates to our Terms or Privacy Policy

2.4 Security and Compliance

  • Detect, prevent, and address fraud or abuse
  • Monitor for security threats
  • Comply with legal obligations
  • Enforce our Terms of Service

2.5 Legal Basis for Processing (GDPR)

Purpose Legal Basis
Service delivery Contract performance
Billing and payments Contract performance
Security monitoring Legitimate interest
Service improvement Legitimate interest
Marketing (with consent) Consent
Legal compliance Legal obligation

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers (Subprocessors)

We use trusted third-party services to operate our platform:

Provider Purpose Data Shared Location
Stripe Payment processing Billing info, transactions USA
Supabase Database & authentication Account data, service data USA
OpenAI AI text generation Workflow prompts, content USA
Anthropic AI text generation (Claude) Workflow prompts, content USA
Vapi Voice AI services Voice data, call recordings USA
Cloudflare CDN, security, DNS IP address, traffic data Global
Resend Email delivery Email address, content USA
Vercel Website hosting Technical data USA

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.2 With Your Consent

We may share information when you explicitly consent to a specific sharing.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

3.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Respond to claims of illegal activity

3.5 Aggregated or De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you.

4. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Data Type Retention Period
Account data Duration of account + 3 years
Billing records 7 years (legal requirement)
Workflow execution logs 90 days
Support communications 3 years
Marketing preferences Until withdrawn
Technical logs 30 days

After Account Termination:

  • Your data is retained for 30 days to allow export
  • After 30 days, data is scheduled for deletion
  • Some data may be retained longer for legal compliance

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

  • Encryption in Transit: TLS 1.3 for all data transmission
  • Encryption at Rest: AES-256 encryption for stored data
  • Credential Security: OAuth tokens and API keys encrypted with AES-256-GCM before storage
  • Access Controls: Role-based access, multi-factor authentication
  • Infrastructure: Secure cloud hosting with SOC 2 compliant providers

5.2 Organizational Safeguards

  • Limited employee access on a need-to-know basis
  • Regular security training
  • Vendor security assessments
  • Incident response procedures

5.3 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Notify relevant supervisory authorities as required by law
  • Provide information about the breach and remediation steps

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Privacy Rights

6.1 All Users

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt-out of marketing communications

6.2 European Economic Area (GDPR)

If you are in the EEA, you additionally have the right to:

  • Restrict processing of your data
  • Object to processing based on legitimate interest
  • Data portability in machine-readable format
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

6.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it’s used
  • Delete your personal information
  • Opt-out of sale – We do NOT sell personal information
  • Non-discrimination for exercising your rights

To exercise your rights, contact us at: [email protected]

We will respond to verified requests within:

  • GDPR: 30 days
  • CCPA: 45 days

7. International Data Transfers

NexaroAI is based in the United States. If you access our Services from outside the US, your information will be transferred to and processed in the United States.

For EEA/UK Users:
We rely on the following transfer mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our subprocessors

By using our Services, you consent to the transfer of your information to the United States.

8. Cookie Policy

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website.

8.2 Types of Cookies We Use

Category Purpose Examples
Essential Site functionality, security Session cookies, CSRF tokens
Functional Remember preferences Language, display settings
Analytics Understand site usage Page views, navigation paths
Marketing (Only with consent) Ad tracking, remarketing

8.3 Cookie Management

You can manage cookie preferences through:

  • Our cookie consent banner
  • Your browser settings
  • “Do Not Track” browser signals (which we honor)

8.4 Third-Party Cookies

Some cookies are placed by third-party services (analytics, embedded content). These are governed by the respective third-party privacy policies.

9. AI and Automated Processing

9.1 How We Use AI

Our Services utilize artificial intelligence for:

  • Workflow automation and execution
  • Voice agents and chatbots
  • Content generation and data processing
  • Analytics and recommendations

9.2 AI Data Processing

When you use AI features:

  • Your prompts and inputs are sent to third-party AI providers
  • AI providers may use data to improve their models (subject to their policies)
  • We do not use Customer Data to train our own AI models
  • AI outputs should be reviewed for accuracy

9.3 Automated Decision-Making

We do not make solely automated decisions that produce legal or similarly significant effects on you without human oversight.

10. Children’s Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected].

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Do Not Track Signals

We honor “Do Not Track” (DNT) and Global Privacy Control (GPC) signals. When detected, we:

  • Disable non-essential cookies
  • Limit analytics tracking
  • Do not display the cookie consent banner

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

For material changes, we will notify you via:

  • Email to your registered address
  • Prominent notice on our website

Your continued use of the Services after changes become effective constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

NexaroAI LLC
30 N Gould St, STE R
Sheridan, WY 82801
United States

Email: [email protected]
Phone: +1 254 323 5272

For GDPR-related inquiries, you may also contact your local supervisory authority.

This Privacy Policy is governed by the laws of the State of Wyoming, United States.