Privacy Policy
Nuvex ("we," "us," or "our") operates the website nuvex.design and the Nuvex platform (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding your data.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account information: Email address, name, and password when you create an account or join the waitlist.
- Payment information: Billing name, billing address, and payment card details. Payment processing is handled by Stripe; we do not store your full card number on our servers.
- App content: App screenshots, app names, and descriptions you upload to generate designs.
- Communications: Any messages, feedback, or support requests you send to us.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, generation counts, timestamps, and interaction patterns.
- Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
- Cookies and similar technologies: We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. See Section 7 for details.
- Log data: Server logs that record requests to our Service, including IP address, request URL, timestamp, and response status.
1.3 Information from Third Parties
We may receive information from third-party services you connect to your account (e.g., OAuth login providers). We only receive the data those services are configured to share, typically limited to your email address and profile name.
2. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service | Performance of contract |
| Process payments and manage subscriptions | Performance of contract |
| Send transactional emails (confirmations, receipts, account alerts) | Performance of contract |
| Respond to support requests and communications | Legitimate interest |
| Improve and optimize the Service (including AI model improvement using anonymized data) | Legitimate interest |
| Detect fraud, abuse, and security incidents | Legitimate interest |
| Send product updates and launch announcements (waitlist only) | Consent |
| Comply with legal obligations | Legal obligation |
We do not sell your personal data. We do not use your uploaded app screenshots for marketing, advertising, or any purpose other than generating your designs and improving our AI models using anonymized and aggregated data.
3. How We Share Your Information
We share your personal data only with the following categories of recipients:
- Payment processor (Stripe): To process payments securely. Stripe's privacy policy governs their handling of your payment data.
- Hosting and infrastructure providers: Including Vercel, Supabase, and cloud storage providers, to operate and deliver the Service.
- Email service provider (ZeptoMail): To deliver transactional emails.
- Analytics providers: To understand usage patterns (anonymized where possible).
- Legal and regulatory authorities: When required by law, regulation, legal process, or governmental request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
We require all third-party service providers to process your data only on our instructions and in compliance with applicable data protection laws.
4. Data Retention
- Account data: Retained for as long as your account is active, plus 30 days after deletion to allow for recovery.
- Uploaded app screenshots: Retained for up to 90 days after generation to allow re-downloads, then permanently deleted.
- Generated outputs: Retained for up to 90 days after generation, then permanently deleted.
- Payment records: Retained for 7 years to comply with tax and accounting obligations.
- Log data: Retained for up to 12 months, then deleted or anonymized.
- Waitlist data: Retained until the Service launches and you create an account, or until you request removal.
5. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise any of these rights, contact us at privacy@nuvex.design. We will respond within 30 days.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest.
- Access controls limiting data access to authorized personnel.
- Regular security reviews of our infrastructure and code.
- Secure payment processing through PCI DSS-compliant Stripe.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
- Preference cookies: Store your settings such as theme preference (light/dark mode).
- Analytics cookies: Help us understand how users interact with the Service. These are anonymized where possible.
We do not use advertising or tracking cookies. You can manage cookies through your browser settings.
8. International Data Transfers
Your data may be processed in countries outside your jurisdiction. Where we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms approved by applicable data protection authorities.
9. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at privacy@nuvex.design.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: privacy@nuvex.design
- Website: nuvex.design