Privacy Policy

1. What we collect

Account data: your email, a hashed password, and an optional display name.

Usage metadata: per-request timestamp, model name, token counts, response status, and client IP.

Billing events: redemption code redemptions and the resulting balance changes.

2. What we do not collect

We do not run ad-network trackers, third-party analytics, or behavioral profiling. We do not sell data.

3. How we use it

To operate the Service (authentication, request routing, quota accounting, billing), to investigate abuse or suspected fraud, and to debug service issues.

4. Upstream AI providers

Your request content — prompts, messages, and any attachments — is forwarded to the upstream provider you select. Each provider handles data under its own privacy policy and retention practices. Nexo does not persistently store request or response bodies, but we cannot guarantee what upstream providers retain on their side.

5. Retention

Usage metadata: 90 days.

Account data: kept until you delete your account, or until twelve months after last sign-in, whichever comes first.

Billing records: as required for internal bookkeeping.

6. Security

Passwords are salted and hashed (bcrypt, via the underlying gateway). All public traffic is TLS-encrypted. Databases are self-hosted; operator access is restricted.

7. Cookies

We set only the session cookies required for login (nexo-session and the upstream session cookie). No tracking cookies.

8. Your rights

Access: email support@nexoapi.com to request a copy of your data.

Deletion: use Settings → Delete account, or email us.

Correction: edit display name and notification email in Settings.

9. Contact

Privacy questions: support@nexoapi.com.