Privacy Policy

1. Introduction

Nexus Sales Agent ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sales intelligence platform and related services.

By accessing or using Nexus Sales Agent, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Full name and email address
• Account credentials (hashed and encrypted)
• Profile information you choose to provide
• Billing information (processed by our payment processor)

2.2 Email Data

With your explicit authorization via OAuth 2.0, we access your email account to provide sales intelligence features. This includes:

• Email metadata (sender, subject, date)
• Email body content for AI analysis
• Contact information extracted from communications
• Attachment metadata (not file contents unless explicitly configured)

2.3 Usage Data

We automatically collect certain information when you use our platform:

• Log data (IP address, browser type, pages visited)
• Device information (operating system, device type)
• Usage patterns and feature interactions
• Performance metrics and error reports

3. How We Use Your Information

We use the collected information for:

• Providing Services: AI-powered email analysis, sales opportunity detection, CRM management, and activity tracking
• Improving AI: Training and refining our machine learning models to enhance accuracy (anonymized and aggregated)
• Security: Detecting and preventing fraud, abuse, and unauthorized access
• Communication: Sending service updates, security alerts, and support responses
• Compliance: Meeting legal and regulatory obligations

4. AI Processing & Data Handling

Our multi-agent AI system processes email content to extract sales insights. Key points:

• Email analysis is performed via third-party AI providers (OpenRouter, Qubrid, Google Gemini)
• AI providers do not use your data for their own model training
• You can disable AI processing for specific emails or accounts at any time
• Processed data is stored encrypted at rest using AES-256
• Raw email content is retained only as long as necessary for service delivery

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• AI Service Providers: OpenRouter, Qubrid, and Google (only for processing your requests)
• Infrastructure Providers: Cloud hosting (Railway, Vercel), database services
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement industry-standard security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• OAuth 2.0 tokens encrypted using Fernet (symmetric encryption)
• Passwords hashed with argon2id (memory-hard, GPU-resistant)
• Regular security audits and penetration testing
• Access controls and least-privilege principles
• Session management with JWT expiration and refresh tokens

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Email data and AI analysis results are permanently deleted within 30 days
• CRM data (contacts, opportunities, activities) is deleted immediately
• Anonymized usage statistics may be retained for product improvement
• Backup copies are purged within 90 days

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing of your data
• Data portability (receive your data in a structured format)
• Withdraw consent at any time (without affecting lawfulness of prior processing)
• Lodge a complaint with a data protection authority

To exercise these rights, contact us at privacy@nexussalesagent.com. We will respond within 30 days.

9. Third-Party Services

Our platform integrates with the following third-party services:

• Google (Gmail): Email sync via OAuth 2.0 — subject to Google's Privacy Policy
• Microsoft (Outlook): Email sync via Microsoft Graph API
• OpenRouter: AI model inference provider
• Qubrid: Alternative AI inference provider
• Google Gemini: Legacy AI processing fallback

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our platform. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, please contact: