Privacy Policy

Last Updated: February 6, 2026

This Privacy Policy (the "Privacy Policy" or "Policy") describes the types of information Nex AI ("Nex," "we," "our," or "us"), operated by Amplitude Labs, collects and processes from and about you.

This Policy applies to the Nex AI web application and any other electronic and/or digital products and/or services that are made available by Nex AI and that link to this Policy (collectively, the "Services").

By using the Services, you are agreeing to the practices described in this Policy. If you do not agree to the practices described in this Policy, please do not access or use the Services.

1. Information We Collect

When you access or otherwise use our Services, we may collect information from you. The types of information we collect depend on how you use our Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services. The information we collect may include data you directly provide to us, data we obtain automatically from your interactions with our Services, and data we obtain from other sources.

Information you provide directly to us

We may collect information directly from you. You are not required to provide us with such information, but certain features of the Services may not be accessible or available absent the provision of the requested information. Information you provide directly to us may include, but is not limited to:

(a) Account Information:

  • Email address (when you sign in via Google OAuth)
  • User name or display name
  • Profile information

(b) Payment Information:

  • Payment information (processed through Stripe, our payment processing vendor)
  • Billing address
  • Subscription details (plan type, billing cycle)

(c) Compliance and Implementation Data:

  • The documents and data content you submit for proactive compliance validation
  • The AI-generated validation reports and risk assessments of your content
  • Your compliance preferences and infrastructure settings

(d) Communications:

  • Contents of communications with us (support requests, feedback, inquiries)

Information we collect automatically

We and our third-party vendors may use cookies, web beacons, and other tracking technologies to collect information about the computers or devices (including mobile devices) you use to access the Services. We may collect and analyze information including but not limited to:

  • Browser type and version
  • ISP or operating system
  • Domain name
  • Access time and date
  • Referring or exit pages
  • Page views and navigation patterns
  • IP address
  • Unique device identifiers
  • Version of our Services you're using
  • Type of device that you use

We may also track when and how frequently you access or use the Services, including how you engage with or navigate our application. We use this information for analytics (including to determine which portions of the Services are used most frequently and what our users like/do not like), to evaluate the success of our features, and as otherwise described in this Policy.

We and our third-party vendors may use cookies, clear GIFs, pixel tags, and other technologies that help us better understand user behavior, personalize preferences, perform research and analytics, and improve the Services. These technologies, for example, may allow us to tailor the Services to your needs, save your preferences, track the pages you visit, help us manage content, and compile statistics about usage of our Services.

Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline cookies if you prefer. If you disable cookies, you may be prevented from taking full advantage of the Services, because the Services may not function properly. As we adopt additional technologies, we may also gather additional information through other methods.

Information we collect from other sources

We may collect information about you from other parties, such as:

(a) Third-Party Authentication:

When you sign in using Google OAuth, we receive information from Google identifying your account, including your email address and basic profile information.

(b) Payment Processors:

We receive payment confirmation and subscription status information from Stripe when you execute a Statement of Work with us.

(c) Analytics Services:

We may receive aggregated analytics data from third-party services to help us understand how our Services are used.

2. How We Use the Information We Collect

We may use your information for any of the following purposes:

(a) Provide and administer the Services:

  • Process your compliance validation requests
  • Store and retrieve your validation and risk history
  • Manage your account and subscription
  • Provide customer support

(b) Improve and develop our Services:

  • Analyze usage patterns and outcomes
  • Train and improve our proactive compliance AI algorithms
  • Develop new features and services
  • Conduct research and development

(c) Personalize the Services:

  • Remember your preferences and settings
  • Provide personalized compliance recommendations
  • Customize your user experience

(d) Communicate with you:

  • Send you service-related communications (account updates, subscription changes)
  • Respond to your inquiries, comments, feedback, or questions
  • Send you information about features or aspects of the Services we believe might be of interest to you
  • Communicate with you about changes to our terms, conditions, or policies

(e) Security and Fraud Prevention:

  • Detect and prevent fraud, criminal activity, or misuses of our Service
  • Ensure the security of our IT systems, architecture, and networks
  • Enforce usage limits and prevent abuse

(f) Legal Compliance:

  • Comply with legal obligations and legal process
  • Protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other parties
  • Enforce our Terms of Service and any other agreements

(g) Business Operations:

  • Aggregate and anonymize data for business intelligence
  • Conduct research and analysis
  • Develop new programs and services

We may combine information that we collect from you through the Services with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use and disclose de-identified or aggregated data for any purpose, including without limitation for research, algorithm improvement, and marketing purposes.

3. When We Disclose the Information We Collect

We may disclose your information in any of the following circumstances:

Service Providers and Vendors:

We may disclose your information to employees, consultants, and other vendors who need access to such information to carry out work or perform services on our behalf, such as:

  • Supabase: Data storage and database services
  • Stripe: Payment processing and subscription management
  • Google: Authentication services (Google OAuth) and AI Processing (Gemini API)
  • Vercel: Application hosting and infrastructure
  • Analytics providers, customer service platforms, and technology support services

Safety and Protection of Nex AI and Others:

We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to:

  • Protect or defend Nex AI or other parties, including to defend or enforce this Policy, our Terms of Service, or any other contractual arrangement
  • Protect the rights, property or personal safety of Nex AI, our employees, users and/or the public

Legal Requirements:

We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to comply with any law enforcement, legal, or regulatory process, such as to respond to a warrant, subpoena, court order, or other applicable laws and regulations.

Business Transfers:

We may disclose certain information, in connection with or during negotiations or closing of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

With Your Consent:

We may disclose your information to nonaffiliated third parties based on your consent to do so.

Aggregated and De-Identified Data:

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, benchmarking, and business purposes.

4. Data Retention

We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices. We may retain certain information after account deletion as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance, algorithm improvement). Some data may be converted to anonymized form for ongoing research and development.

5. Your Choices

We offer you certain choices regarding the collection, use, and disclosure of information about you.

Account Information:

You may deactivate your account through your account settings. You may also verify, correct, update, or delete certain of your information through your account settings.

Data Deletion:

You can request deletion of your validation history and content. Please note that deletion may take up to 30 days to process, and some data may be retained as required by law or for legitimate business purposes.

Marketing Communications:

You can unsubscribe from marketing emails by following the directions in those emails. Please note that if you unsubscribe from marketing emails, we may still send you administrative emails regarding the Services.

Cookies and Analytics:

You can opt out of certain cookie-related and analytics processing by adjusting your browser settings or using browser extensions that block tracking technologies.

6. Regional Privacy Disclosures

Residents of the European Economic Area and United Kingdom

Nex AI (Amplitude Labs) is considered the "data controller" of the "personal data" we handle under this Policy. To the extent laws in these regions apply, our legal grounds for processing are: Contractual Commitments, Your Consent, Legitimate Interests (customer support, improving services, security, preventing fraud), and Legal Compliance.

Residents of Nevada

You have the right to opt-out of the sale of certain personal information. We do not currently sell your personal information as defined by Nevada law.

Residents of California

Under the CCPA, we provide the following disclosures regarding categories of personal information we collect: Identifiers (email, IP), Commercial information (subscriptions), Internet activity (usage data), and Content data (submitted documents). We use these for the business purposes described in Section 2.

7. Children's Privacy

The Services are not designed for minors under 13. If we discover that an individual under 13 has provided us with personal information, we will close the account and delete the personal information to the extent required by law.

8. Security

Nex AI implements technical, administrative, and physical safeguards to protect the information we collect. These measures include: Encryption of data in transit and at rest, secure authentication via Google OAuth, regular security assessments, and secure payment processing through Stripe. However, no internet transmission is ever fully secure.

9. Consent to Transfer

Our services are global and your information may be stored and processed in the United States and other countries that may have data protection laws that differ from the laws in your country. By using the Services, you consent to this transfer.

10. AI Processing and Third-Party Services

AI Content Processing: When you submit content for validation, we may use advanced AI models, including Google's Gemini AI, to process and analyze your data. This means your content is transmitted to these providers' servers for processing, governed by their respective privacy terms.

11. Changes to this Policy

We may change this Policy to reflect changes in the law, our information practices or the features of the Services. We will indicate the date of the most recent update. By continuing to use the Services, you are confirming that you have read and understood the latest version.

12. Contact us

Email: contact@nexai.app
Address: Amplitude Labs, Singapore