Skip to main content
NexusDeploy

DRAFT — This document is a template and has not been reviewed by legal counsel. Do not rely on this as a binding legal agreement until reviewed and approved by a qualified attorney.

Privacy Policy

Last updated: March 22, 2026

NexusDeploy ("we," "us," or "our") operates the platform at nexus-deploy.io. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our platform and services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, password (hashed), profile information, professional qualifications, and business details (for enterprises). Engineers may also provide portfolio links, skills, certifications, and work history.

Project Data

We collect and store project descriptions, proposals, milestones, deliverables, reviews, and related communications between enterprises and engineers on the platform.

Payment Information

Payment processing is handled by Stripe. We do not store full credit card numbers, bank account numbers, or other sensitive payment credentials on our servers. Stripe collects and processes payment information in accordance with their own privacy policy. We receive and store transaction records, payout amounts, and billing history.

Usage Data

We collect information about how you interact with the platform, including pages visited, features used, timestamps, IP addresses, browser type, device information, and referring URLs.

Communications

We store messages, files, and other content exchanged between users through the platform's messaging system. Messages in NDA-protected project rooms are encrypted.

2. How We Use Information

We use the information we collect to:

  • Provide services: Operate and maintain the platform, match enterprises with engineers, facilitate project workflows and communications.
  • Process payments: Manage escrow, milestone payments, platform fees, refunds, and payouts through Stripe.
  • Send notifications: Deliver transactional emails (project updates, payment confirmations, account alerts) via Resend.
  • Improve the platform: Analyze usage patterns to improve features, performance, and user experience.
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access. Monitor for policy violations.
  • Comply with law: Fulfill legal obligations, respond to lawful requests, and enforce our Terms of Service.

3. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

With Other Platform Users

When you participate in a project, certain profile information and project-related communications are shared with the other party (enterprise or engineer) as necessary to facilitate the engagement.

With Service Providers

  • Stripe — Payment processing, escrow management, and payouts.
  • Resend — Transactional email delivery (notifications, account alerts).
  • Sentry — Error monitoring and crash reporting. Sentry may receive technical data including request URLs, error stack traces, and limited user context for debugging purposes.
  • Neon (PostgreSQL) — Database hosting. Application data is stored in Neon-hosted PostgreSQL databases.

With Law Enforcement

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4. Data Retention

  • Active account data is retained for as long as your account is active and you continue to use the platform.
  • Soft-deleted data (e.g., deleted projects, removed messages) is retained for 30 days before permanent deletion, to allow for recovery in case of accidental deletion.
  • Audit logs (account activity, payment records, access logs) are retained for 2 years for security, compliance, and dispute resolution purposes.
  • After account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., tax records, dispute resolution).

5. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption at rest: Sensitive data is encrypted using AES-256-GCM encryption.
  • Encryption in transit: All data transmitted between your browser and our servers is protected by TLS (HTTPS) encryption.
  • Rate limiting: API endpoints are rate-limited to prevent abuse and brute-force attacks.
  • Access controls: Role-based access controls ensure users can only access data they are authorized to view.
  • Password hashing: Passwords are hashed using industry-standard algorithms and are never stored in plaintext.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any marketing email or by contacting us.

To exercise any of these rights, contact us at support@nexus-deploy.io. We will respond within 30 days.

7. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to opt-out of sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.

To submit a CCPA request, contact support@nexus-deploy.io with the subject line "CCPA Request."

8. GDPR Rights (EU Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: We process your data based on contractual necessity (to provide our services), legitimate interests (to improve and secure the platform), and consent (where applicable, such as marketing communications).
  • Right to restriction: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to object: You may object to the processing of your personal data based on legitimate interests.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

NexusDeploy is based in the United States and currently does not have an EU representative. If we expand services to the EU, we will appoint a representative as required by GDPR Article 27.

9. Cookies

NexusDeploy uses cookies as follows:

  • Session cookies: Essential cookies used for authentication and maintaining your session. These are strictly necessary for the platform to function and cannot be disabled.
  • No third-party tracking cookies: We do not currently use any third-party analytics, advertising, or tracking cookies.

If we introduce additional cookies in the future (e.g., for analytics), we will update this policy and provide appropriate notice and consent mechanisms.

10. Children's Privacy

NexusDeploy is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@nexus-deploy.io.

11. International Data Transfers

NexusDeploy is operated from the United States. If you access the platform from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the platform, you consent to the transfer of your information to the United States. We will take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least 30 days' notice of material changes by posting the updated policy on the platform and sending a notification via email. Your continued use of the platform after the effective date of the updated policy constitutes acceptance. We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: