Last updated: 22 April 2026
This Privacy Policy explains how Nexus collects, uses, and shares your personal data when you use our platform, websites, and related services (the "Services"), and the rights you have over that data. For details on our security posture, sub-processors, and GDPR position, see our Trust page.
The Services are operated by Nexus Core Inc., registered at 701 Brazos St, Austin, TX 78701, USA ("Nexus", "we", "us"). For privacy questions or to exercise your rights, contact privacy@nexus.app.
For personal data about community members that a community operator (our customer) uploads or generates inside Nexus, the operator is the data controller and Nexus acts as the data processor under their instructions. For personal data we collect and use for our own purposes — account holders, billing, marketing, platform-level activity — Nexus is the data controller.
This Privacy Policy describes what we do as controller. Where we act as processor, the relevant community operator's privacy notice governs the data they have entrusted to us.
Name, email address, password (hashed), profile photo, role or title, and any other profile information you provide.
Information you publish inside a community, such as bio, interests, expertise, preferences, and links to external profiles.
Calendar bookings and, where you have explicitly enabled it, video session transcripts.
IP address, device and browser information, pages and features you interact with, referring URLs, timestamps, and similar telemetry used to operate, secure, and improve the Services.
Where you are a paying customer, billing contact details, payment method (handled by our payment processor), and invoice history.
Where we act as data controller, we rely on the following lawful bases under Article 6 of the GDPR:
We do not sell, rent, or trade your personal data. We share it only with:
Some of our sub-processors are located in the United States. Where personal data is transferred outside the EU, UK, or EEA to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as the transfer mechanism. We have executed data processing agreements incorporating these safeguards with each sub-processor listed on our Trust page.
We retain personal data only for as long as we need it for the purpose it was collected. Specific retention windows:
Nexus uses algorithmic matching and recommendation to surface relevant connections, content, and meetings. These outputs support your decisions; they do not produce legal or similarly significant effects on you, and you make the final choice whether to act on them. You can object to this processing at any time by contacting privacy@nexus.app.
We do not send marketing emails. The only emails we send are transactional and service-related (for example, account notifications and community updates you have access to as a member). Session transcription, where available, is off by default; it can be enabled per session, all participants are notified before recording begins, and the consent event is logged.
We use only strictly necessary cookies to operate the Services (for example, authentication and session continuity). Strictly necessary cookies do not require consent under the GDPR or the UK Privacy and Electronic Communications Regulations. We do not use marketing, advertising, analytics, or cross-site tracking cookies.
We use technical and organizational measures appropriate to the risk. These include encryption in transit (TLS 1.2 or higher), encryption at rest (AES-256) for our primary database and file storage, role-based access controls with single sign-on and multi-factor authentication for administrative access, and continuous monitoring. See our Trust page for more detail.
If we discover a personal-data breach that affects your data, we will notify the relevant supervisory authority within 72 hours of becoming aware where required, and notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Subject to applicable law, you have the right to:
You can exercise most of these rights from your account settings. For anything you cannot do in-app, email privacy@nexus.app from the verified email address associated with your account. This is how we verify your identity before acting on a request — if you email from a different address, we will ask you to resend from the account email, or to confirm additional account details we already hold, before we proceed. We will respond within 30 days (extendable by up to a further 60 days for complex requests, in which case we will tell you within the first 30).
Where Nexus is acting as processor on behalf of a community operator, please direct your request to that operator first; we will assist them in fulfilling it.
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the rights described in this section in addition to those listed above. The categories of information we collect, the purposes for which we use it, and the categories of recipients we share it with are described in the relevant sections of this policy and on our Trust page.
In the past 12 months, we have collected the following CCPA categories:
We do not intentionally collect sensitive personal information as defined by the CPRA. Meeting transcripts may incidentally contain sensitive information that participants choose to share during a session. We do not use sensitive personal information to infer characteristics about you, so the right to limit its use does not apply.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA and CPRA. We have not sold or shared personal information in the preceding 12 months and do not knowingly sell or share the personal information of consumers under 16.
We collect personal information directly from you, automatically through your use of the Services, and (where Nexus acts as processor) from the community operator that invited you. We use it for the business and commercial purposes described in the "Lawful basis" and "How we share data" sections above.
Email privacy@nexus.app with the subject line "California privacy request". We will verify your identity using the account information we already hold, acknowledge your request within 10 business days, and respond substantively within 45 days (extendable by a further 45 days if needed, in which case we will tell you within the first 45). You may designate an authorized agent to make a request on your behalf; we will require written authorization signed by you and will verify both the agent and you before acting on the request.
California residents may also request information about our disclosure of personal information to third parties for those parties' direct marketing purposes under California Civil Code §1798.83. We do not disclose personal information to third parties for their direct marketing purposes.
Nexus is not intended for use by children under the age of 16. We do not ask users for their age at signup and do not actively verify it; we rely on the representation users make in our Terms that they are 16 or older, and on notifications from parents, guardians, or community operators. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact privacy@nexus.app and we will delete it.
Our Services may include links to or integrations with third-party websites and apps. We do not control those sites or services and are not responsible for their privacy practices. We recommend reviewing their privacy policies before sharing personal data.
We update this Privacy Policy from time to time. We will post the updated, date-stamped version here and, where the changes are material, notify you in line with applicable law before they take effect.
Privacy questions and data subject requests: privacy@nexus.app
Security issues and vulnerability reports: security@nexus.app