Privacy Policy
Exactly what we collect, why we collect it, and how it's protected. No fine-print games.
1. What we collect
Account info: your name, email, and password (stored only as a salted hash).
Scan data: when you scan a site we look at publicly available information only: DNS records, domain registration (RDAP/WHOIS), certificate transparency logs, and your site's public pages. We never probe, log into, or attack anything during a scan.
Credentials you choose to give us: logins you paste into the secure intake (hosting, registrar, and similar) are encrypted immediately with envelope encryption (AES-256-GCM) and stored as references. They are decrypted only to perform work you have explicitly authorized, and every access is written to an audit log.
Your website content: if we migrate and host your site, we store its files and database, plus backups and version snapshots so you can roll back changes.
Billing: payments run through Stripe. We never see or store your card number; we keep only your plan, Stripe customer id, and subscription status.
2. How we use it
To run the service you asked for: producing your reports, answering your questions in the chat, migrating and hosting your site, making the AI edits you request, sending you transactional email (welcome, password reset, migration updates), and billing. We don't sell your data, run ads, or use your website content to train AI models.
3. Who touches your data
We use a small set of processors to run NexusBuild:
Amazon Web Services (servers, database, encrypted storage, email delivery), Stripe (payments), and Anthropic (the AI that writes your reports, answers chat, and plans your edits; it sees your site's public info and the page content needed for an edit, never your stored passwords).
We share data with no one else, unless the law requires it.
4. How long we keep it
Account and site data: as long as your account is open. Nightly site backups: 30 days. Version snapshots: the most recent 25 per site. Audit logs: kept while your account exists, because they're your record of every credential access. Close your account and we delete stored credentials and site data within 30 days (backups age out on their own schedule).
5. Security
Passwords are hashed (scrypt). Credentials use envelope encryption with per-secret data keys. Access to customer credentials is consent-gated and audited. Hosted sites get automatic HTTPS. Our infrastructure runs in a private network with least-privilege access between systems.
6. Your rights
You can export your website (files and database) anytime, free. You can ask us for a copy of the data we hold about you, ask us to correct it, or ask us to delete it. Email privacy@nexusbuild.ai and we'll handle it within 30 days.
7. Changes and contact
If this policy changes in a way that matters, we'll email you before it takes effect. Questions? privacy@nexusbuild.ai.