#Privacy Policy
Information We Collect
Our application does not directly collect or store personal information. Users log in to our platform using their Gmail accounts, and any billing information is handled securely by Stripe. We do not have access to or store any personal data on our end. We may, however, receive limited information from your Gmail login, such as your name, email address, and profile picture, solely to enable account access.
Third-Party Services
We may use third-party services such as Facebook Pixel, LinkedIn Pixel, Google Ads, Google Analytics, and other similar services for retargeting and advertising purposes. These services may collect certain information about your interactions with our website and services, such as your IP address, browser type, pages visited, and actions taken. Please note that these third-party services may also use cookies and similar technologies to track your browsing behavior across websites.
Data Usage by Third-Party Services
The information collected by third-party services is used to analyze and optimize our advertising campaigns, improve our website and services, and provide targeted advertisements that may be of interest to you. We do not have control over the data collected by these third-party services or how they use it. We encourage you to review the privacy policies of these third-party services for more information about their data practices.
Opting Out
You may choose to opt out of the collection and use of your information by third-party services for advertising purposes. Most web browsers and mobile devices allow you to control or disable the use of cookies and similar technologies through their settings. Additionally, many third-party services offer opt-out mechanisms that allow you to manage your preferences for targeted advertising.
Data Security
While we do not directly collect or store personal information, we take reasonable measures to ensure the security of our users' data transmitted through our platform. Our third-party service providers also have their own security measures in place to protect users' personal information. We retain any metadata or login-related data only for as long as necessary to provide our services, comply with legal obligations, or resolve disputes.
Integration & Technical Data
This section describes how NXIS authenticates your integration and handles technical data when you embed our service on your website or application.
Authentication Methods
We offer two integration methods, each with different technical and security characteristics.
Client-side integration (script tag)
When you use our client-side script tag, the script URL contains an encoded token (JWT) with your subscription, site, and organization identifiers.
What the token contains:
- Subscription identifier
- Site identifier
- Organization identifier
Technical characteristics:
- The token is visible in your website’s page source
- The token is cryptographically signed to prevent tampering
- The token is validated against your authorized domains
- The token contains only opaque business identifiers — not personal information about you or your end users
Token rotation: You may enable automatic token rotation (90 days, 180 days, or annually) or manually regenerate your token at any time through your dashboard.
Server-side integration (OAuth 2.0)
When you use our server-side library, authentication uses the OAuth 2.0 client credentials flow.
What credentials are used:
- Client ID — a public identifier for your integration
- Client secret — a private credential stored in your server environment
Technical characteristics:
- Your client secret never leaves your server
- Access tokens are short-lived (24 hours) and refresh automatically
- No credentials are exposed to end users or transmitted to browsers
Credential management: You may rotate your client secret at any time through Organization Settings. A 7-day grace period allows both old and new secrets to work during transitions.
Integration Data We Collect
From your end users
When end users visit your website with our script installed, we may collect:
- Page view and interaction data
- Browser type and version
- Device type and screen dimensions
- Referring URL
- Anonymous usage analytics
We do not collect personally identifiable information from your end users unless you have explicitly configured our service to do so and have obtained appropriate consent.
From your integration
We log the following for security and debugging purposes:
- Token validation requests (timestamp, origin domain, success/failure)
- OAuth token issuance events (timestamp, client ID)
- Authentication failures (timestamp, error type, origin)
These logs are retained for 90 days.
Integration Security
All authentication tokens and credentials are:
- Encrypted in transit using TLS 1.2 or higher
- Cryptographically signed using ES256 (ECDSA with P-256 and SHA-256)
- Validated on each request
- Domain-restricted (client-side) or server-authenticated (SSR)
Client secrets are hashed using Argon2id before storage. We cannot retrieve your original secret — if lost, you must rotate to a new one.
Recommendation: We recommend server-side integration for applications with strict security or compliance requirements, as credentials are never exposed to end users.
Managing Your Integration
You control your integration credentials through your dashboard:
| Action | Location |
|---|---|
| Regenerate script token | Site Settings → Installation |
| Enable/disable token rotation | Site Settings → Installation |
| Manage OAuth clients | Integrations → Organization Integrations → NXIS API |
| Rotate OAuth secret | Integrations → Organization Integrations → NXIS API |
| Assign/remove site access | Integrations → Organization Integrations → NXIS API |
Revoking Integrations
When you remove a third-party integration (such as Google, Shopify, or Discord):
- All access tokens associated with that integration are immediately revoked
- Integration data stored by NXIS is permanently deleted
- The third-party service can no longer access your NXIS data
When you delete an OAuth client:
- All access tokens issued to that client are immediately revoked
- Sites assigned to that client lose server-side API access
- Client credentials are permanently deleted and cannot be recovered
These actions are immediate and irreversible. Data already transmitted to third-party services prior to revocation is subject to those services’ privacy policies.
Children's Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it.
Changes to This Privacy Policy
We reserve the right to update or change our Privacy Policy at any time. Any changes will be posted on this page, and the effective date will be updated accordingly. Your continued use of our website and services after any changes constitute your acceptance of such changes.
Contact Information
If you have questions about this Privacy Policy, please contact us at: support@nxis.ai.
#Subscriber Agreement & Terms of Use
This Subscriber Agreement and Terms of Use govern your use of Nxis, and unless otherwise stated, any other electronic services provided by NxisAI LLC from time to time (each referred to as a "Service"). By subscribing to any part of Nxis and creating an account, you agree to abide by the terms of this Agreement. If you do not agree to these terms, refrain from subscribing or creating an account on Nxis. Your continued use of any Service constitutes acceptance of these terms.
Changes to Subscriber Agreement
NxisAI LLC reserves the right to update this Agreement at any time by notifying you in writing or electronically (including, but not limited to, email or a notice posted on the Service indicating "updated" terms). Your usage of a Service after such changes signifies your agreement to be bound by them.
Privacy and Security
Our privacy and security policies are available online and are subject to reasonable modification at NxisAI LLC's discretion. Users may receive marketing and non-critical Service-related communications via email, with the option to opt out. Due to the online nature of the Service, occasional notifications regarding operational matters may be necessary for all users.
Third Party Data
If access to a Service is facilitated through a third party, NxisAI LLC may receive information to provide access and distinguish users. We do not store any data directly.
Password Protection
Users are solely responsible for maintaining password confidentiality. Sharing passwords grants access to account information and control over Service settings.
Notification
Promptly notify us of any changes to your contact information to ensure receipt of important communications.
Your Responsibilities
Adhere to all applicable laws and regulations in connection with Service usage. Report any unauthorized account activity or security breaches promptly. Provide accurate business identification for pricing and Service delivery purposes.
Fees and Payments
Subscription fees and other charges incurred are billed at prevailing rates and are non-refundable unless stated otherwise in writing. Users are responsible for any associated fees incurred through third-party services. We may issue partial refunds or credits at our sole discretion.
Renewal
Subscriptions automatically renew unless cancelled through the My Account section or notification of termination is provided to us.
Limitations on Use
Only one individual may access a Service at a time with the same user name or password, unless otherwise agreed. Content available through the Services is protected by copyright and other intellectual property laws. Services must not be used for unlawful purposes.
Intellectual Property Rights
All rights, title, and interest in and to the Service (including software, code, and content) remain with NxisAI LLC. We grant you a limited, non-transferable, revocable license to use the Service solely for your business or personal use as intended.
Community; User Generated Content
User Content, including submissions, is subject to the terms set forth in this Agreement. Users grant NxisAI LLC rights to use User Content as outlined in this Agreement.
Third Party Web Sites, Services, and Software
NxisAI LLC may link to or promote third-party websites, services, or software, but does not control or endorse them.
Disclaimers of Warranties and Limitations on Liability
NxisAI LLC makes no representations or warranties regarding the Service's reliability, timeliness, or completeness.
Indemnification
You agree to indemnify, defend, and hold harmless NxisAI LLC and its affiliates, officers, employees, and agents from any claims, damages, or expenses arising from your use of the Services or violation of this Agreement.
Local Laws and Export Control
Users are responsible for complying with applicable laws and regulations, including export controls.
Application Downtime
NxisAI LLC endeavors to maintain the availability and functionality of the Nxis platform to the best of its abilities. However, you acknowledge and agree that Nxis may experience periods of downtime for various reasons, including but not limited to maintenance, system updates, and unforeseen technical issues.
No Liability for Downtime
In no event shall NxisAI LLC be liable for any damages, losses, or inconvenience caused by the temporary unavailability or interruption of the NxisAI platform. You agree that NxisAI LLC shall not be held responsible for any direct, indirect, incidental, consequential, or punitive damages arising from or related to application downtime, regardless of the cause.
Termination and Suspension
We may suspend or terminate your account immediately if you fail to pay fees, violate this Agreement, or engage in unlawful or abusive behavior. Upon termination, your right to use the Services ceases immediately, but sections relating to intellectual property, liability, indemnification, and governing law shall survive.
Governing Law and Jurisdiction
This Agreement shall be governed by and construed under the laws of the State of Michigan. Any disputes shall be resolved exclusively in the state or federal courts located in Michigan.
Force Majeure
NxisAI LLC shall not be liable for delays or failures caused by events outside its reasonable control, including natural disasters, acts of government, internet outages, or hosting provider failures.
Assignment
We may assign or transfer this Agreement in connection with a merger, acquisition, or sale of assets. You may not assign your rights without our prior written consent.
General
This Agreement constitutes the entire agreement between users and NxisAI LLC regarding Service usage, superseding all previous agreements.