Privacy Policy

We collect three kinds of information:

• Account information — your email, business name, password hash, and the project IDs you have access to. Required to sign you in and scope what you can edit.
• Project content — anything you put into the dashboard: hero copy, gallery images, testimonials, FAQs, brand kit, edit-request tickets. You own this; we store it on your behalf.
• Activity from your website's visitors — pageviews, scroll depth, referrer, device type, and form submissions captured by the Nexra loader on sites you connect. We never collect raw IP addresses or set third-party cookies.

Everything we collect is used to operate the Service. That means:

• Render your website and dashboard
• Show you analytics, leads, and chat sessions captured from your visitors
• Send you transactional email — invitations, lead notifications, password resets, billing receipts
• Detect abuse (rate-limit form spam, block account enumeration)
• Improve the product over time

We don't use your data for advertising, we don't profile you, and we don't share any of it with data brokers.

A handful of vendors process data on our behalf. We only use providers under written data-processing agreements that prohibit them from using your data for their own purposes.

• Supabase — our primary database. All dashboard content, user accounts, and captured leads live here. Data is encrypted at rest and in transit.
• Vercel — hosts the Nexra site and dashboard + your published website. Standard server logs are retained for ~30 days for debugging.
• Resend — sends transactional email (invitations, notifications). Recipient addresses are visible to Resend by necessity.
• Google Gemini — when you click "rewrite with AI" in the editor, the specific snippet you're editing is sent to Google's API. Snippets are not retained for training by Google.

Different data has different retention windows. As a rule, we keep what we need for as long as you have an active account and delete it within 30 days of you closing the account.

• Account + project content — for the life of your account; deleted within 30 days of closure
• Captured leads + chat sessions — kept until you delete them or close the account
• Analytics events — kept for 13 months (rolling), then automatically purged
• Server logs — ~30 days
• Billing records — retained for 7 years to comply with tax law

Regardless of where you live, you can do any of the following at any time:

• Access — request a copy of everything we have on you
• Correct — fix anything inaccurate via the dashboard or by email
• Export — download your project content as JSON
• Delete — close your account and we'll erase your data within 30 days, except where law requires us to retain it (billing records)
• Object — opt out of analytics from the cookie banner; opt out of marketing email from the footer of any message we send

We use a small number of first-party cookies to keep you signed in and (with your consent) to understand which pages convert. Full list, types, and lifetimes are in our Cookie Policy.

Data is encrypted in transit (TLS) and at rest (Supabase column-level encryption). Passwords are hashed with bcrypt. Access to production systems is limited to the team running the Service.

If we discover a breach affecting your data, we'll notify you within 72 hours of confirming it, along with what was exposed and what we're doing about it.

Nexra is a business product. The Service is not intended for anyone under 18 and we don't knowingly collect data from minors. If we learn we have, we delete it.

We'll update this page from time to time. Material changes (anything that expands what we collect or how we share it) are announced via email and an in-dashboard notice at least 14 days before they take effect.

Questions, requests, or just curious? Email isaiahgnason@gmail.com and we'll get back to you within one business day.