NexonGo

1. Who We Are

NexonGo is the data controller for the personal data collected through this website and platform (nexongo.com). If you have any questions about how we handle your data, contact us at support@nexongo.com.

This policy applies to all users of nexongo.com and the NexonGo platform. It explains what data we collect, why, how long we keep it, who we share it with, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable law.

2. Data We Collect

Account data

When you register, we collect your name, email address, and (if provided) organisation name. This is necessary to create and manage your account.

Payment data

Payments are processed by Stripe. We receive a payment confirmation, your billing plan, and a Stripe customer reference. We never see or store your full card number, CVV, or bank account details — those remain with Stripe.

Content you submit

When you use our tools, we process the files, URLs, and text you submit ("Your Content"). This may include documents, web pages, audio and video recordings, and any personal data contained within them. We process Your Content solely to deliver the Service to you.

Usage and technical data

We collect logs of tool runs (type, status, credits consumed, timestamps), your IP address, browser type, and session identifiers. This data is used to operate the platform, debug issues, and prevent abuse.

Analytics data (with consent)

If you consent to analytics cookies, we collect aggregated product usage data through PostHog. See our Cookie Policy for details and to manage your preferences.

3. Legal Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Processing activity	Legal basis
Creating and managing your account	Performance of contract (Art. 6(1)(b))
Processing tool runs and delivering results	Performance of contract (Art. 6(1)(b))
Billing and subscription management	Performance of contract (Art. 6(1)(b))
Keeping financial records	Legal obligation (Art. 6(1)(c))
Rate limiting and fraud prevention	Legitimate interests (Art. 6(1)(f)) — protecting the platform and other users
Sending service-related communications	Performance of contract / Legitimate interests (Art. 6(1)(b)(f))
Analytics and product improvement	Consent (Art. 6(1)(a)) — only with your cookie consent
Marketing communications	Consent (Art. 6(1)(a)) — only where you have opted in

4. Who We Share Your Data With

We do not sell your personal data. We share data only with the sub-processors listed below, each engaged under a data processing agreement:

Sub-processor	Purpose	Location
Supabase Inc.	Database, authentication, file storage	EU (Frankfurt)
Stripe Inc.	Payment processing	US / EU
Upstash Inc.	Rate limiting and quota management (Redis)	EU
Anthropic PBC	AI document and content processing	US
OpenAI LLC	AI document and content processing	US
DigitalOcean LLC	Server infrastructure and hosting	EU (Frankfurt)
PostHog Inc.	Product analytics (consent-only)	EU
Sentry Inc.	Error monitoring	US

We may also disclose your data to law enforcement or regulatory bodies when required by law, or to protect the rights, property, or safety of NexonGo, our users, or the public.

5. International Data Transfers

Some of our sub-processors are located outside the European Economic Area (EEA), including the United States. Where we transfer personal data to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer safeguard. You can request copies of the relevant SCCs by contacting us at support@nexongo.com.

6. How Long We Keep Your Data

We retain different categories of data for different periods:

Account data: kept for the duration of your account plus 30 days after closure, then deleted.
Tool results and signals: kept for the duration of your account. Deleted within 30 days of account closure.
Billing records and invoices: kept for 7 years to meet legal and tax obligations.
Usage logs: kept for up to 90 days for security and debugging purposes.
Files you upload: deleted immediately after processing is complete, unless stored as part of a tool result you explicitly save.
Analytics data: retained in aggregated form; individual event data kept for up to 12 months.

7. Your Rights

Under the GDPR (and equivalent laws where applicable), you have the following rights:

Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Erasure: ask us to delete your personal data, subject to our legal retention obligations.
Restriction: ask us to pause processing your data in certain circumstances.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests. We will comply unless we have compelling legitimate grounds that override your interests.
Withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Automated decision-making: we do not make solely automated decisions that produce significant legal effects about you.

To exercise any of these rights, email us at support@nexongo.com. We will respond within one month. If your request is complex, we may extend this by a further two months and will let you know.

You also have the right to lodge a complaint with your local data protection authority. In the EU, you can find the relevant authority at edpb.europa.eu.

8. Security

We apply appropriate technical and organisational measures to protect your personal data, including:

All data transmitted over HTTPS with TLS encryption
Database row-level security so each user can only access their own records
Authentication via secure, short-lived JWT tokens stored in HttpOnly cookies
Rate limiting on all API endpoints to prevent brute-force and abuse
Payment data handled exclusively by Stripe — we never store card details

If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

9. Cookies

We use cookies for authentication and, with your consent, for analytics. Full details and preference controls are in our Cookie Policy.

10. Children

NexonGo is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact support@nexongo.com and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

For any questions about this Privacy Policy or to exercise your rights, contact us at support@nexongo.com. For business customers, contact the same address to request a Data Processing Agreement (DPA).