Privacy Policy

1. Information We Collect

We collect the following categories of personal information:

• Account information: your name, email address, and hashed password when you register.
• Payment information: billing details are collected and stored directly by Stripe. Card numbers and payment credentials never touch our servers.
• Chat conversations: messages sent by you or your end-users to AI agents you create or interact with on the platform.
• Knowledge base content: documents, text, or URLs you upload to train your AI agents.
• Usage metrics: message counts, credit usage, and other activity data associated with your account.
• Technical data: IP addresses, browser type, session identifiers, and cookies necessary for authentication and security.

2. How We Use Your Information

• To create and manage your account and provide the ChatNexus service.
• To process subscription payments and enforce plan limits via Stripe.
• To generate AI responses by forwarding chat messages to third-party LLM providers (see Section 3).
• To send transactional emails such as password resets and billing receipts via Resend.
• To monitor usage, enforce quotas, and improve the platform.
• To comply with legal obligations.

3. Third-Party Data Sharing

We share data with the following third-party service providers only to the extent necessary to operate the platform:

We do not sell your personal information to any third party.

4. Data Storage & Location

Your data is stored on servers located in the United States, operated by Render (application) and Neon (database). By using ChatNexus, you consent to your information being transferred to and processed in the United States. We take reasonable measures to ensure your data is handled securely in accordance with this Privacy Policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service. You may request deletion of your account at any time by contacting us at support@chatnexus.cloud. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records required for tax purposes may be retained for up to 7 years). Anonymised or aggregated data may be retained indefinitely.

6. Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or out-of-date information.
• Request deletion of your personal data (subject to legal retention requirements).
• Opt out of marketing or non-transactional emails at any time via the unsubscribe link or by contacting us.

To exercise any of these rights, contact us at support@chatnexus.cloud. We will respond within 30 days.

7. Cookies

We use session cookies solely to authenticate your login session and maintain application state. We do not use third-party advertising or tracking cookies. Disabling cookies in your browser will prevent you from logging in to the platform.

8. Children's Privacy

ChatNexus is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

9. Embedded Chat Widget Disclosure

ChatNexus allows customers to embed AI chat widgets on their own websites and applications. When an end-user (a visitor to a third-party website) interacts with an embedded ChatNexus widget, their messages are processed by our platform and transmitted to the relevant AI provider to generate a response.

The website owner (ChatNexus customer) who embeds the widget is responsible for informing their own users that their chat messages will be processed by ChatNexus and the configured AI provider, and for obtaining any necessary consents required under applicable law.

10. Prohibited Sensitive Data

ChatNexus public templates are designed for non‑sensitive business use only. Customers must not submit sensitive personal information - including health records, tenant histories, passport scans, bank credentials or privileged legal communications - through public templates. Regulated or sensitive processing requires a Data Processing Agreement.

11. Widget Embed - Integrator Obligations

Customers who embed the ChatNexus widget on their websites must (a) disclose ChatNexus and the applicable language model provider as data processors in their privacy policy, and (b) obtain end‑user consent for data collection through the widget.

12. Cross‑Border Transfer Safeguards

Personal data may be transferred to and processed in the United States by our hosting and AI model subprocessors. These transfers are subject to contractual safeguards (standard contractual clauses or equivalent measures) with each subprocessor.

13. Deletion and Data Subject Requests

To request deletion of your data, contact support@chatnexus.cloud. Primary account data will be deleted within 30 days of a verified request. Knowledge base content and chat logs are deleted when the associated agent is deleted. Backups containing deleted data are purged within 90 days.

14. Security Measures

ChatNexus implements encryption in transit (TLS 1.2+), encryption at rest for stored data, role‑based access controls, audit logging of compliance events, and an incident response process. LLM provider API keys are encrypted using application‑level encryption (AES‑256‑CBC via Laravel's Crypt facade).

For a full overview of our security practices, encryption standards, and compliance roadmap, see our Safety & Compliance page.

15. Breach Notification

In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify impacted account holders by email within 72 hours of becoming aware of the breach. The notification will include:

• A description of the breach and the categories of data involved.
• The likely consequences of the breach.
• The measures taken or proposed to address the breach and mitigate its effects.
• Contact details for further information.

Where the breach involves data processed on behalf of a customer (e.g. end-user chat messages through an embedded widget), we will also notify the affected customer to support their own notification obligations under applicable law.

16. Data Processing Agreement

A Data Processing Agreement is required for any use involving regulated or sensitive personal data. Contact support@chatnexus.cloud to request a DPA.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify registered users by email. Continued use of the platform after such notice constitutes acceptance of the updated policy. The "Last updated" date at the top of this page indicates when the policy was last revised.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: