Skip to content

Privacy Policy

Effective date: March 21, 2026

1. Introduction

NexonTech ("we," "us," or "our") operates the platform at nexontech.org. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • Google account ID (if you sign in with Google)

2.2 Content You Provide

When you use the platform, we store:

  • AI agent configurations (name, instructions, welcome message)
  • Documents you upload to agent knowledge bases
  • Conversation logs between your AI agents and end users

2.3 Usage Data

We automatically collect:

  • Pages visited and features used
  • Browser type, device type, and operating system
  • Referring URL and session duration
  • IP address (for rate limiting and security)
  • Anonymous visitor identifier (stored in your browser's local storage)

2.4 Contact and Communication Data

When you contact us or subscribe to our newsletter, we collect:

  • Email address
  • Message content and topic
  • Preferred language

2.5 Demo Data

When you use our interactive demo, we store your chatbot configuration and conversation messages for the duration of the demo session.

3. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service, including account management and authentication
  • Process and store your AI agent configurations and knowledge bases
  • Enable conversations between your AI agents and end users
  • Send transactional emails (welcome emails, password resets)
  • Respond to your inquiries and support requests
  • Analyze usage patterns to improve the Service
  • Detect, prevent, and address security issues and abuse
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your uploaded documents or conversation data to train AI models.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you signed up for (account management, agent hosting, conversation processing)
  • Legitimate interest: Analytics, security monitoring, and service improvement
  • Consent: Newsletter subscriptions and optional cookies
  • Legal obligation: Where required by applicable law

5. Cookies and Tracking

We use the following cookies and similar technologies:

  • Session cookie (session) — HTTP-only, secure cookie containing your authentication token. Essential for staying logged in. Expires after 7 days.
  • OAuth state cookie (oauth_state) — Temporary cookie used during Google sign-in to prevent cross-site request forgery. Expires after 10 minutes.
  • Language preference — Stored in your browser's local storage to remember your selected language.
  • Visitor identifier — A random anonymous ID stored in local storage for analytics. Not linked to your account or personal identity.

We use Umami for privacy-focused web analytics. Umami does not use cookies, does not track users across websites, and does not collect personally identifiable information. Analytics data is self-hosted on our own servers.

6. Third-Party Services

We share data with the following third-party services as necessary to operate the platform:

  • Google OAuth (Google LLC) — When you sign in with Google, we receive your name, email, and Google account ID. See Google's Privacy Policy.
  • Sentry (Functional Software Inc.) — Error tracking and performance monitoring. May receive anonymized error reports including browser type and page URL. See Sentry's Privacy Policy.
  • Resend or SendGrid — Email delivery for transactional messages (welcome emails, password resets). Your email address is shared with the active email provider.
  • Hetzner (Hetzner Online GmbH) — Cloud infrastructure provider. All data is stored on servers located in the European Union. See Hetzner's Privacy Policy.

7. Data Storage and Security

Your data is stored on servers in the European Union (Hetzner, Germany/Finland). We implement appropriate security measures including:

  • Encryption in transit (HTTPS/TLS for all connections)
  • Secure password hashing (bcrypt with salt rounds)
  • HTTP-only, secure session cookies
  • Rate limiting on authentication endpoints
  • CSRF protection for OAuth flows
  • Role-based access controls for data isolation between customers

8. Data Retention

  • Account data: Retained as long as your account is active. Deleted upon account deletion, subject to any legal retention requirements.
  • Agent data and conversations: Retained as long as your account is active. Deleted when you delete an agent or your account.
  • Demo sessions: Automatically expire and are deleted after 24 hours.
  • Analytics data: Aggregated and anonymized. Retained indefinitely in anonymized form.
  • Password reset tokens: Expire after 1 hour and are marked as used.

9. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Data portability — Request your data in a structured, machine-readable format
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@nexontech.org. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.

11. International Data Transfers

Your data is primarily stored within the European Union. Some third-party services (Google, Sentry) may process data in the United States. Where data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. We encourage you to review this page periodically.

13. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at support@nexontech.org or through our contact page.