Privacy Policy

Last Updated: January 23, 2026

NexarilyAI
Operated by: Clodwick Prince Jossurin (sole proprietor)
Fort Lauderdale, FL
Email: princejossurin@nexarilyai.com
Phone: (954) 667-8695

1. Information We Collect

1.1 Information You Provide Directly

Account Registration:

• Name and email address
• Company name and business information
• Password (encrypted and never stored in plain text)
• Phone number (optional)
• Job title and role

Payment Information:

• Billing address
• Payment method details (processed securely through Stripe; we do not store full credit card numbers)

Business Data for AI Training:

• Documents, files, and content you upload to train your AI agents
• Customer service scripts and business processes
• Product information and brand guidelines
• Integration credentials for third-party services (encrypted)

Communications:

• Messages you send us (support requests, feedback, inquiries)
• Newsletter subscriptions (opt-in only)

1.2 Information Collected Automatically

Usage Data:

• Pages visited, features used, and time spent on our platform
• Device information (browser type, operating system, device identifiers)
• IP address and approximate geographic location
• Referral source and navigation patterns

Cookies and Tracking Technologies:

• Essential cookies (required for login and security)
• Analytics cookies (Google Analytics 4) - with your consent
• Session cookies for maintaining your login state
• Preference cookies to remember your settings

AI Agent Interaction Logs:

• Conversations between your AI agents and end-users
• Performance metrics and analytics
• Error logs and debugging information

Integration Data:

• Data accessed from third-party platforms you connect (CRMs, social media, email platforms, messaging services)
• API usage and authentication tokens

1.3 Information from Third-Party Services

Social Media Integrations:

When you connect social media accounts to our Services, we may collect:

• Your social media profile information (name, profile picture, user ID)
• Page or account access permissions
• Posting and engagement data
• Comments, messages, and mentions
• Analytics and performance metrics

Messaging Platform Integrations:

When you connect messaging platforms (such as WhatsApp Business), we may collect:

• Business account information
• Message content and metadata for automation purposes
• Contact information for your customers (with appropriate consent)

Other Platform Integrations:

• CRM data (contacts, leads, sales information)
• Email platform data (contact lists, email performance)
• Calendar and scheduling information

---

2. How We Use Your Information

2.1 To Provide and Improve Our Services

• Creating and managing your account
• Processing payments and billing
• Delivering the AI automation services you subscribed to
• Training and customizing your AI agents
• Integrating with third-party platforms you authorize
• Providing customer support
• Monitoring platform performance and fixing technical issues

2.2 To Communicate with You

• Sending transactional emails (password resets, receipts, service updates)
• Sending marketing emails and newsletters (only if you opt in)
• Responding to your inquiries and support requests
• Notifying you of important changes to our Services

2.3 For Analytics and Improvement

• Understanding how users interact with our platform
• Identifying and fixing bugs and errors
• Improving existing features and developing new ones
• Conducting research and analysis to enhance user experience

2.4 For AI Model Training and Development

• Anonymized data only: We may use de-identified, anonymized conversation data to improve our AI models
• What we remove: All personally identifiable information (names, emails, company names, sensitive business data) is stripped before any training
• Your control: You can opt out of contributing to AI model improvements in your account settings
• Never sold: We never sell your data to third parties for AI training

2.5 For Legal and Security Purposes

• Complying with legal obligations and responding to legal requests
• Detecting and preventing fraud, security incidents, and abuse
• Enforcing our Terms of Service
• Protecting our rights, property, and safety, and that of our users

---

3. How We Share Your Information

3.1 With Your Consent

• When you authorize integrations with third-party platforms (CRMs, social media, email services, messaging platforms)
• When you explicitly request us to share information

3.2 With Service Providers

We work with trusted third-party service providers who help us operate our platform:

• Cloud Hosting: Amazon Web Services (AWS), Railway, Render - for secure data storage and processing
• Database Services: Supabase, Qdrant - for data storage and vector search
• Payment Processing: Stripe - for secure payment transactions
• AI Services: OpenAI, Anthropic Claude - for AI model capabilities
• Email Services: SendGrid - for transactional and marketing emails
• Analytics: Google Analytics - for website and app usage analytics (with your consent)
• Error Tracking: Sentry - for monitoring and debugging
• Logging: Logtail - for system logs and performance monitoring
• Workflow Automation: n8n.io - for AI agent workflow execution
• Social Media API Services: Late (getlate.dev) - for multi-platform social media posting and management (see Section 4.3 for details)
• Caching Services: Upstash Redis - for performance optimization

These providers:

• Are contractually obligated to protect your data
• May only use your data to provide services to us
• Are prohibited from using your data for their own purposes

3.3 For Legal Reasons

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect against fraud or security threats
• Protect the rights, property, or safety of NexarilyAI, our users, or the public

3.4 Business Transfers

If NexarilyAI is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as:

• Industry trends and benchmarks
• Platform usage statistics
• Performance metrics

---

4. Social Media Platform Integrations

4.1 Meta Platforms (Facebook and Instagram)

Facebook and Instagram Integration

When you connect your Facebook Pages or Instagram Business Accounts to NexarilyAI, we access and use the following data:

What We Access:

• Your Facebook Page or Instagram Business Account information
• Posts, comments, and messages
• Page/account insights and analytics
• Follower and engagement data
• Ad account information (if using PPC automation features)

How We Use Facebook/Instagram Data:

• To post content on your behalf
• To respond to comments and messages automatically
• To analyze performance and engagement
• To manage and optimize ad campaigns (if using PPC features)
• To generate content recommendations

Your Control:

• You can disconnect Facebook/Instagram at any time in your account settings
• You control what permissions you grant to NexarilyAI
• We only access data you explicitly authorize

Meta's Policies:

• We comply with Meta's Platform Terms and Developer Policies
• We do not use your Facebook/Instagram data for purposes outside of providing our Services
• We protect your Meta data with the same security measures as other user data

Facebook Login

If you use Facebook Login to create your NexarilyAI account:

• We receive your name, email address, and profile picture from Facebook
• We use this information solely to create and manage your account
• You can disconnect Facebook Login and set a password at any time

4.2 WhatsApp Business Integration

When you connect WhatsApp Business to our Services:

What We Access:

• Your WhatsApp Business Account information
• Message content for automation purposes
• Customer contact information (phone numbers)
• Message delivery and read status

How We Use WhatsApp Data:

• To send automated responses and notifications on your behalf
• To manage customer conversations
• To provide AI-powered customer service automation

Important Notes:

• We comply with Meta's WhatsApp Business Platform Terms
• Message content is processed to provide automation services and is not used for advertising
• You are responsible for obtaining appropriate consent from your customers for automated messaging

4.3 Other Social Media Platforms

We support integration with additional social media platforms including TikTok, Twitter/X, LinkedIn, YouTube, Pinterest, Reddit, Threads, and Bluesky. For some of these platforms, we use a third-party service provider (Late/getlate.dev) to facilitate API access.

Platforms Accessed via Third-Party Service (Late API)

For the following platforms, your data flows through our authorized third-party provider:

• TikTok - Video posting and account management
• Twitter/X - Tweet posting and engagement
• LinkedIn - Company page and profile posting
• Pinterest - Pin creation and board management
• Reddit - Community posting
• Threads - Post creation
• Bluesky - Post creation

What This Means for Your Data:

• Your social media account credentials are securely stored by our third-party provider
• Content you create through our platform is transmitted through the third-party service to the destination platform
• The third-party provider is contractually obligated to protect your data and use it only for providing the integration service
• You can disconnect any platform at any time through your account settings

Platforms Accessed via Direct API

For the following platforms, we connect directly using the platform's official API:

• Facebook/Instagram - Via Meta Graph API (see Section 4.1)
• YouTube - Via YouTube Data API for video uploads and management
• WordPress/Blogs - Via REST API for blog post publishing

Data We Collect from All Social Platforms

Regardless of the integration method, when you connect a social media account, we may collect:

• Account profile information (name, username, profile picture)
• Account identifiers and access tokens (encrypted)
• Content you create, post, or schedule through our platform
• Engagement metrics (likes, comments, shares, views)
• Follower/audience data where available

How We Use Social Platform Data

• To post and schedule content on your behalf
• To monitor and respond to engagement
• To provide analytics and performance insights
• To optimize posting times and content strategy
• To provide AI-powered content recommendations

Platform-Specific Compliance

We comply with each platform's terms of service and developer policies:

• TikTok: We comply with TikTok's Developer Terms of Service
• Twitter/X: We comply with Twitter's Developer Agreement and Policy
• LinkedIn: We comply with LinkedIn's API Terms of Use
• YouTube: We comply with YouTube's API Services Terms of Service
• All Platforms: We do not use platform data for purposes beyond providing our Services to you

---

5. Data Retention

5.1 Active Accounts

We retain your account data and business information for as long as your account is active and you continue using our Services.

5.2 Deleted Accounts

When you delete your account:

• 30-day grace period: Your data is retained for 30 days in case you change your mind
• After 30 days: All personal data is permanently deleted from our systems
• Exception: We may retain certain information if required by law (e.g., payment records for tax purposes)

5.3 Inactive Accounts

• After 1 year of inactivity: We will send you an email warning
• After 2 years of inactivity: We may delete your account and associated data

5.4 Specific Data Types

• Conversation logs: Retained for 90 days for troubleshooting, then anonymized
• Anonymized training data: Retained indefinitely (no personal information)
• Payment records: Retained for 7 years (IRS requirement)
• Analytics data: Google Analytics data retained for 14 months; aggregated metrics retained indefinitely
• Error logs (Sentry): Retained for 90 days
• Social media access tokens: Retained while your account is active; deleted upon account deletion or platform disconnection

---

6. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

6.1 Security Measures

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access controls: Role-based access with principle of least privilege
• Authentication: Secure password hashing (bcrypt), JWT tokens, OAuth 2.0
• Monitoring: 24/7 monitoring for security incidents and anomalies
• Regular audits: Security assessments and vulnerability scanning
• Secure infrastructure: Cloud infrastructure with multiple redundancy

6.2 Third-Party Security

• Stripe: PCI-DSS Level 1 certified for payment processing
• AWS: SOC 2, ISO 27001 certified infrastructure
• All service providers: Required to maintain appropriate security standards

6.3 Your Responsibility

• Choose a strong, unique password
• Enable two-factor authentication (2FA) when available
• Keep your login credentials confidential
• Report any suspected security incidents immediately

---

7. Your Privacy Rights

7.1 All Users

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data
• Data Portability: Request your data in a structured, machine-readable format
• Opt-Out:
  • Unsubscribe from marketing emails (link in every email)
  • Opt out of analytics cookies (cookie banner settings)
  • Opt out of AI training data contribution (account settings)
• Withdraw Consent: Revoke permissions for third-party integrations at any time

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information (with certain exceptions)
• Right to opt out of the "sale" of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

7.3 European Union Residents (GDPR)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data based on:
  • Your consent (for optional features)
  • Contract performance (to provide our Services)
  • Legitimate interests (for analytics and improvements)
  • Legal obligations (for compliance)
• Data controller: NexarilyAI is the data controller for your information
• Data transfers: We transfer data to the United States where our servers are located. We use Standard Contractual Clauses and other approved mechanisms.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority

7.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: princejossurin@nexarilyai.com
• Subject line: "Privacy Rights Request"
• Include: Your name, email, and specific request

We will respond within 30 days (or as required by applicable law).

---

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies (Always Active):

• Session cookies for login and authentication
• Security cookies (CSRF protection)
• User preference cookies

Analytics Cookies (Requires Consent):

• Google Analytics 4 for usage analytics
• Performance monitoring cookies

How to Manage Cookies:

• Use our cookie consent banner when you first visit
• Adjust settings in your browser preferences
• Note: Disabling essential cookies may limit functionality

8.2 Do Not Track

Some browsers have "Do Not Track" features. Currently, there is no industry standard for responding to these signals. We do not track users across third-party websites.

---

9. Children's Privacy

Our Services are intended for users 18 years of age and older. We do not knowingly collect information from anyone under 18.

If you believe a child under 18 has provided us with personal information, please contact us immediately at princejossurin@nexarilyai.com, and we will delete that information.

---

10. International Data Transfers

NexarilyAI is based in the United States. If you access our Services from outside the US:

• Your data will be transferred to and processed in the United States
• The US may not have the same data protection laws as your country
• We use appropriate safeguards (Standard Contractual Clauses, encryption) to protect your data

By using our Services, you consent to this transfer.

---

11. Third-Party Links and Services

Our Services may contain links to third-party websites or services (e.g., social media platforms, integrated tools).

We are not responsible for:

• The privacy practices of these third parties
• The content on external websites
• How these services handle your data

We encourage you to review the privacy policies of any third-party services you use.

---

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• New features, products, or services
• Legal or regulatory requirements
• New platform integrations

When we make changes:

• We will update the "Last Updated" date at the top
• For material changes, we will notify you via email or prominent notice
• Continued use of our Services after changes constitutes acceptance

We encourage you to review this policy periodically.

---

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Response time: We aim to respond within 48 hours for general inquiries, and within 30 days for formal privacy rights requests.

---

14. Platform-Specific Disclosures

14.1 Meta Platform Compliance (Facebook, Instagram, WhatsApp)

For Meta Platform Compliance:

This privacy policy covers our use of Facebook, Instagram, and WhatsApp APIs and complies with Meta's Platform Terms. Specifically:

• We clearly explain what Facebook/Instagram/WhatsApp data we collect (Section 4)
• We describe how we use that data (Section 4.1 and 4.2)
• We obtain your explicit consent before accessing your Meta platform data
• We provide controls for you to disconnect Meta platform integrations
• We do not use your Meta data for purposes beyond providing our Services
• We comply with all Meta data deletion requirements when you delete your account
• We implement appropriate security measures to protect your Meta data (Section 6)

Data Deletion Instructions:

Users can request deletion of their data at any time by:

1. Logging into their NexarilyAI account
2. Going to Settings → Account → Delete Account
3. Or emailing princejossurin@nexarilyai.com with subject "Data Deletion Request"

All data, including Facebook/Instagram/WhatsApp integration data, will be deleted within 30 days.

14.2 TikTok Compliance

When using TikTok integration through our Services:

• We access TikTok through authorized third-party API services
• Video content you create is uploaded to TikTok according to TikTok's Terms of Service
• We do not access private TikTok user data beyond what is necessary for posting
• You can disconnect TikTok at any time through your account settings

14.3 Twitter/X Compliance

When using Twitter/X integration through our Services:

• We comply with Twitter's Developer Agreement and Policy
• Tweet content and engagement data is used solely for providing our Services
• We do not use Twitter data for surveillance or to determine eligibility for employment, housing, insurance, or credit

14.4 LinkedIn Compliance

When using LinkedIn integration through our Services:

• We comply with LinkedIn's API Terms of Use
• We access only the data necessary to provide posting and analytics features
• We do not scrape, crawl, or use automated means beyond official API access

14.5 YouTube Compliance

When using YouTube integration through our Services:

• We comply with YouTube's API Services Terms of Service
• By using YouTube features, you are also agreeing to be bound by the Google Privacy Policy
• Video uploads and management are performed through official YouTube Data API

---