Privacy Policy
This Privacy Policy describes how NexusProof.ai ("we," "us," or "our") collects, uses, and protects your information when you use our API and website.
TL;DR: We collect minimal data, we don't sell it, and we use it only to run the Service. You can request deletion at any time.
1. Information We Collect
| Data Type | What We Collect | Why |
|---|
| Account data | Email address | To send your API key and account notifications |
| Usage data | API requests, timestamps, IP addresses | Rate limiting, abuse prevention, analytics |
| Receipt data | agent_id, action data, GPS coordinates, image hashes you submit | Core service — to create and store your receipts |
| Payment data | Handled entirely by Stripe — we never see your card details | Billing |
2. How We Use Your Information
- To provide, operate, and improve the Service
- To send you your API key and important account notifications
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To analyze usage patterns to improve the Service (aggregated, anonymized)
3. What We Don't Do
- We do not sell your personal data to third parties
- We do not use your data for advertising
- We do not share your data with third parties except as described below
- We do not read the content of your receipt data beyond what's required to store and serve it
4. Third-Party Services
We use the following third-party services to operate NexusProof.ai:
- Supabase — database hosting (US-based). Privacy Policy
- Railway — application hosting (US-based). Privacy Policy
- Stripe — payment processing. They collect payment data directly. Privacy Policy
- Resend — transactional email delivery
5. Data Retention
- Receipt data: Retained indefinitely to support verification — this is core to our service (receipts are immutable records)
- Account data: Retained while your account is active, deleted within 30 days of account deletion request
- Usage logs: Retained for 90 days for abuse prevention
6. Security
We implement industry-standard security measures including:
- Row-level security (RLS) on all database tables
- HTTPS/TLS encryption in transit
- Encryption at rest via Supabase
- API keys stored as SHA-256 hashes (we never store raw keys)
- Regular security audits
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Deletion: Request deletion of your personal data (note: receipt records may be retained as part of our immutable record system)
- Correction: Request correction of inaccurate personal data
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
EU and UK users have additional rights under GDPR and UK GDPR. To exercise any of these rights, contact us at hello@nexusproof.ai.
8. Cookies
We use essential session cookies only. We do not use tracking, advertising, or analytics cookies.
9. Children's Privacy
Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated Policy.
11. Contact
For privacy questions, data requests, or concerns: hello@nexusproof.ai
NexusProof.ai
Built by ChainsawBuilds