← Back to Nexus OS

PRIVACY POLICY

IdeaValidator LLC DBA Nexus OS — Version 2026.03.2

1. DATA WE COLLECT

This Privacy Policy applies to NexusOS.ai (also referred to as "Nexus OS"), operated by IdeaValidator LLC at nexus-os.ai. NexusOS.ai collects and processes data as described below when you use our platform and connected services including TikTok, Instagram, Facebook, YouTube, and other social platform integrations.

• Account Data: Email address, hashed password or FIDO2/Passkey credential, account role, registration date.
• Voice DNA: Writing samples you upload for voice cloning, and the extracted voice profile (tone, vocabulary, rhythm patterns).
• Content Data: AI-generated text, images, video, audio, funnels, knowledge base entries, and scheduled posts.
• Social Account Tokens: OAuth access tokens for connected platforms (X, LinkedIn, Reddit). These are stored encrypted (AES-256-GCM) on our servers to enable autonomous posting.
• Usage Data: Content generation counts, API usage metrics, feature interactions, and queue history.
• Payment Data: Processed by Stripe. We store your Stripe customer ID and subscription ID. We never store credit card numbers, CVVs, or full payment details on our servers. See Stripe's Privacy Policy: https://stripe.com/privacy.
• Client Management Data (Agency Plan): If you manage client sub-accounts, we store each client's account data, content, and usage metrics separately. Sub-account data is isolated.
• Marketplace Data: If you list assets on the Yield Portal, we store listing details, transaction history, and sales analytics.
• Credits Data: NEX Credit balances, transaction history, and resource usage are stored for account management.

2. HOW WE STORE YOUR DATA

• Server-Side Storage: Your data is stored in a PostgreSQL database on a Google Cloud Platform (GCP) Confidential VM with AMD SEV-SNP hardware encryption.
• Encryption at Rest: Sensitive data (Voice DNA, Digital Soul profiles, OAuth tokens) is encrypted using AES-256-GCM with per-user encryption keys.
• Row-Level Security: Database access is enforced through PostgreSQL Row-Level Security (RLS) policies — each user can only access their own data.
• Browser Storage: We store authentication tokens (nexus_token, nexus_vault_token), basic user info (nexus_user), a local cache of your Digital Soul profile (nexus_digital_soul), and WebAuthn/Passkey credentials (nexus_hardware_id, nexus_webauthn_cred, nexus_webauthn_email) in your browser's localStorage for session persistence and biometric authentication.
• HttpOnly Cookie: A secure, HttpOnly, SameSite=Strict cookie (nexus_auth) is used for API authentication and cannot be accessed by JavaScript.

3. HOW WE USE YOUR DATA

• To provide the service: content generation, voice cloning, social media posting, funnel hosting, and agent automation.
• To process payments via Stripe.
• To send transactional emails: welcome messages, payment confirmations, subscription changes, and security alerts.
• To enforce rate limits and plan-based usage caps.
• We do NOT use your data to train public AI models. Your Voice DNA and content are used exclusively for your account.
• We do NOT sell, rent, or share your personal data with third parties for advertising.

4. THIRD-PARTY SERVICES

• Google Gemini / Google AI: Text generation, image generation (Imagen 3.0), video generation (Veo 3.1), text-to-speech, and embeddings. Subject to Google's Privacy Policy: https://policies.google.com/privacy.
• Stripe: Payment processing. Subject to Stripe's Privacy Policy: https://stripe.com/privacy.
• Google Cloud Platform: Server infrastructure and hosting.
• Social Platforms (X, LinkedIn, Reddit): Content distribution via OAuth. Subject to each platform's privacy policy.

5. DATA RETENTION

• Account data is retained for the lifetime of your account.
• Generated content (posts, images, video) is retained until you delete it or delete your account.
• Voice DNA profiles are retained until you delete them or delete your account.
• Usage metrics are retained for 12 months for billing and analytics purposes.
• Security audit logs are retained for 90 days.

6. YOUR RIGHTS

• Access: You may request a copy of all data associated with your account.
• Deletion: You may request complete deletion of your account and all associated data by emailing [email protected]. Deletion is processed within 30 days.
• Portability: You may export your content, knowledge base entries, and Voice DNA profile.
• Correction: You may update your account information at any time through Settings.

7. SECURITY MEASURES

• FIDO2/Passkey biometric authentication.
• Five AI security agents monitoring for threats in real-time (CERBERUS, REAPER, WRAITH, HOUND, ORACLE).
• AES-256-GCM encryption for sensitive data at rest.
• AMD SEV-SNP Confidential Computing hardware isolation.
• CSRF protection via double-submit cookie pattern.
• Rate limiting and brute force protection.

8. CHILDREN

Nexus OS is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors.

9. CHANGES

We may update this Privacy Policy at any time. Material changes will be communicated via email or in-app notification. The version number and date at the top of this document reflect the most recent revision.

10. CONTACT

For privacy inquiries, data requests, or concerns: [email protected]