Legal
Privacy Policy
Last updated: May 27, 2026 · Effective: May 27, 2026
We collect information you provide directly to us and information collected automatically when you use our platform.
Information you provide
- Account information — email address, name, and password when you create an account or join our waitlist.
- Quiz responses — answers you provide in our onboarding quiz (goals, skill level, age range, preferences) to personalise your roadmap.
- Payment information — billing details when you subscribe. We do not store payment card data directly — all payments are processed by Stripe.
- Communications — messages you send us via email or support channels.
- Profile information — any additional information you voluntarily add to your account.
Information collected automatically
- Usage data — pages visited, lessons completed, quiz results, time spent on the platform, and clicks.
- Device information — browser type, operating system, IP address, and device identifiers.
- Cookies and similar technologies — see Section 4 for details.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Nexora platform and its features
- Personalise your learning roadmap and AI coaching based on your goals and progress
- Process payments and manage your subscription
- Send you product updates, educational content, and promotional emails (you can unsubscribe at any time)
- Respond to your questions and provide customer support
- Monitor and analyse usage patterns to improve the platform
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with legal obligations
3. How We Share Your Information
We do not sell your personal data. We share information only in the following circumstances:
Service providers
We share data with trusted third-party service providers who help us operate Nexora. These providers are contractually bound to protect your data and may only use it to provide services to us:
- Stripe — payment processing
- Supabase — database and authentication
- ConvertKit / Beehiiv — email marketing
- Vercel — website hosting
- PostHog — analytics
- OpenAI / Anthropic — AI features (only anonymised or aggregated inputs are used)
Legal requirements
We may disclose your information if required to do so by law or in response to valid legal process, such as a court order or government request.
Business transfers
If Nexora is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
4. Cookies and Tracking
We use cookies and similar tracking technologies to improve your experience on Nexora.
Types of cookies we use
- Essential cookies — required for the platform to function (login sessions, preferences). Cannot be disabled.
- Analytics cookies — help us understand how users interact with the platform (PostHog, Vercel Analytics). These are anonymised where possible.
- Marketing cookies — used to measure the effectiveness of our advertising campaigns on platforms like Meta (Facebook/Instagram) and Google. These are only set if you consent.
You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.
5. Payment Information
All payment processing on Nexora is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you make a purchase:
- Your payment card details are entered directly into Stripe's secure, encrypted environment
- Nexora never sees, stores, or has access to your full card number, CVV, or bank details
- We receive only a transaction confirmation and a tokenised reference from Stripe
- Stripe's privacy policy is available at stripe.com/privacy
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:
- Account data — retained for the duration of your account, plus 30 days after deletion request
- Payment records — retained for 7 years as required by tax and financial regulations
- Analytics data — aggregated and anonymised data may be retained indefinitely
- Email marketing — retained until you unsubscribe or request deletion
You can request deletion of your account and associated data at any time by emailing privacy@nexora.io.
7. Your Rights
Depending on where you are located, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request that we delete your personal data ("right to be forgotten")
- Portability — request that we provide your data in a machine-readable format
- Objection — object to certain types of processing, including direct marketing
- Restriction — request that we restrict how we process your data in certain circumstances
- Withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, email us at privacy@nexora.io. We will respond within 30 days.
If you are in the European Union or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
8. Children's Privacy
Nexora is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@nexora.io and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. Continued use of Nexora after changes constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please get in touch: