Nexus Engine

Privacy Policy

Last updated: May 11, 2026

1. Introduction

Nexus Engine is an AI-powered autonomous marketing and commerce platform (multi-tenant SaaS). This Privacy Policy describes how we collect, use, store, and protect your information when you use our services at nexusengine.nexus.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, business name, and tenant configuration preferences (niche, brand voice, display name).

2.2 Product and Media Data

We process media you upload (images, videos, audio) and product information you provide for the purpose of generating and scheduling social media content across multiple product verticals.

2.3 Social Media Credentials

When you connect social media accounts (TikTok, X/Twitter), we store OAuth tokens to publish content on your behalf. We do NOT store your social media passwords. See Section 6 for details.

2.4 Payment Information

Payment processing is handled by Stripe. We do not directly store credit card numbers or bank account details. Stripe Connect account information is associated with your tenant.

2.5 Analytics Data

We collect click tracking data including timestamps, geographic location (derived from IP addresses via MaxMind GeoLite2), user agent strings, and referral sources. IP addresses are resolved to approximate geographic location and are not stored in raw form.

2.6 Inquiry and Communication Data

If customers submit inquiries through your product pages, we collect their name, email address, and message content.

3. How We Use Information

We use collected information to:

• Generate AI-powered marketing content (copy, narrations, videos) tailored to your brand voice
• Process and optimize media for social media publishing
• Publish approved content to your authorized social media accounts on schedule
• Process payments and manage commerce transactions via Stripe Connect
• Track marketing attribution — linking content performance to revenue
• Run autonomous recovery workflows (re-engagement, payment retry, content optimization)
• Provide analytics and reporting on content and commerce performance
• Perform sentiment analysis on inquiries and social media comments

4. AI Processing Disclosure

Your data is processed by the following AI and machine learning services:

• Google Gemini AI — generates marketing copy, captions, product descriptions, and video prompts
• Amazon Polly — produces neural text-to-speech audio narrations (default provider)
• ElevenLabs — premium text-to-speech narrations (opt-in per tenant)
• Veo, Runway ML, and Luma AI — AI video generation from images and text prompts
• Amazon Rekognition — auto-tags uploaded images with visual labels for content matching
• Amazon Translate — translates content to Spanish for bilingual publishing
• Amazon Comprehend — sentiment analysis on inquiries and social media comments

Your media and product data are sent to these services for processing. We do not use your data to train third-party AI models.

5. Third-Party Services

We rely on the following third-party services to operate the platform:

• Amazon Web Services (infrastructure, storage, compute, AI services)
• Google Gemini (AI content generation)
• Stripe and Stripe Connect (payment processing and marketplace)
• TikTok Content Posting API (video publishing via OAuth 2.0)
• X/Twitter API (social publishing)
• ElevenLabs (premium text-to-speech)
• Runway ML and Luma AI (AI video generation)
• MaxMind GeoLite2 (IP geolocation for analytics)

Each third-party service is governed by its own privacy policy. We share only the minimum data necessary for each service to function.

6. Social Media Data Handling

6.1 TikTok

Nexus Engine connects to TikTok via the Content Posting API using OAuth 2.0. When you authorize access:

• We do NOT store your TikTok password
• We retain only the Access Token and Refresh Token provided by TikTok through the OAuth 2.0 authorization flow
• Tokens are used solely to publish content to your TikTok account as you direct
• We do not access your followers, direct messages, or personal TikTok data beyond what is required for content publishing
• Tokens are stored encrypted using AWS Systems Manager Parameter Store
• You may revoke access at any time through your TikTok account settings

6.2 X/Twitter

Similar to TikTok, we store only OAuth tokens for X/Twitter. We use these tokens exclusively to publish content you have approved.

7. Data Storage and Security

All data is stored on Amazon Web Services infrastructure in the US East (N. Virginia / us-east-1) region. Security measures include:

• Sensitive credentials (API keys, OAuth tokens) are stored encrypted via AWS Systems Manager Parameter Store
• Media files are stored in Amazon S3 with server-side encryption
• Data at rest in DynamoDB is encrypted by default
• API access is secured via Amazon Cognito JWT-based authentication
• Tenant data is isolated — each business operates in its own logical partition

8. Data Retention

• Content cache items expire after 24 hours (configurable per tenant)
• Customer inquiries are retained for one year
• Analytics data (click events, attribution) is retained indefinitely for reporting
• Media files in S3 are retained until you remove them or terminate your account
• Recovery event logs are retained with a configurable TTL
• Social media OAuth tokens are retained until you revoke access or terminate your account

9. Cookies and Local Storage

Nexus Engine does not use cookies. We use browser sessionStorage for temporary client-side state management in the operator dashboard. sessionStorage data is automatically cleared when the browser tab is closed and is never transmitted to our servers.

10. Your Rights

10.1 General Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Revoke social media access at any time
• Export your data in a portable format
• Terminate your account and request removal of your tenant data

10.2 CCPA — California Residents

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information to third parties.

10.3 GDPR — European Residents

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our lawful basis for processing is contractual necessity (to provide the services you requested) and legitimate interest (analytics and platform improvement).

11. Children's Privacy

Nexus Engine is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will make reasonable efforts to notify active tenants of material changes. Continued use of the platform after changes constitutes acceptance of the revised policy.

13. Contact

For privacy-related questions, data requests, or to exercise your rights, contact us at legal@nexusengine.nexus.