Privacy Policy

Last updated: October 26, 2025

Last Updated: October 27, 2025

1. Introduction

Nexus Content ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content management service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (via Clerk authentication)
  • Name and profile information (optional)
  • Authentication credentials (managed by Clerk)

2.2 Content Data

We store content you create including:

  • Document titles, content, and metadata
  • Site configurations and API keys (hashed)
  • Upload history and edit timestamps

2.3 Usage Data

We automatically collect:

  • API request logs (endpoint, timestamp, response status)
  • Rate limiting data (requests per minute)
  • Error logs for debugging

2.4 Information We Do NOT Collect

  • Tracking cookies or analytics pixels
  • Third-party advertising data
  • User behavior tracking
  • IP addresses (beyond temporary rate limiting)

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Authenticate users and prevent unauthorized access
  • Process API requests and deliver content
  • Monitor service performance and uptime
  • Debug errors and improve functionality
  • Communicate service updates and changes

4. Data Storage and Security

4.1 Storage Location

Your data is stored on:

  • Database: Neon PostgreSQL (AWS infrastructure)
  • Application: Vercel (serverless functions)
  • Authentication: Clerk (SOC 2 Type II certified)

4.2 Security Measures

  • TLS encryption for all data in transit
  • Bcrypt hashing for API keys (bcrypt rounds: 10)
  • Row-Level Security (RLS) in database
  • Regular security updates and patches
  • Restricted database access (admin only)

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

5.2 Service Providers

We share data with trusted service providers:

  • Clerk: Authentication and user management
  • Neon: Database hosting
  • Vercel: Application hosting

5.3 Legal Requirements

We may disclose information if required by law or to:

  • Comply with legal processes
  • Protect rights, property, or safety
  • Investigate fraud or security issues

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correct: Update inaccurate information
  • Delete: Request permanent deletion (soft delete available in dashboard)
  • Export: Download your content in multiple formats
  • Revoke: Regenerate or delete API keys at any time

7. Data Retention

  • Active data: Retained while account is active
  • Soft-deleted documents: Retained for 30 days (recovery period)
  • API logs: Retained for 7 days
  • Deleted accounts: Permanently removed within 30 days

8. Cookies and Tracking

We use minimal cookies:

  • Authentication cookies: Required for login (via Clerk)
  • Session cookies: Maintain logged-in state
  • No analytics cookies: We do not track user behavior

9. Children's Privacy

The Service is not intended for users under 13 years old. We do not knowingly collect information from children. If we discover such collection, we will delete it immediately.

10. International Users

Data is processed in the United States. By using the Service, you consent to data transfer to the US. We comply with GDPR for EU users.

11. Changes to Privacy Policy

We may update this policy periodically. We will notify users of significant changes via email or service notifications. The "Last Updated" date indicates the latest revision.

12. Contact Us

For privacy-related questions or requests:

Email: privacy@nexus-content.com
Data Protection Officer: legal@nexus-content.com
GitHub: github.com/DanielSanJP/nexus-content