Privacy Policy

Last updated: February 14, 2026

1. Introduction

Nexora AI ("we", "us", or "our"), a company based in Switzerland, operates Nexora Suite ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and profile picture through our authentication provider (Clerk). This information is necessary to provide you access to the Service.

2.2 Lead and Business Data

You may voluntarily enter lead information including names, email addresses, phone numbers, appointment dates, and notes. This data is stored to provide the core functionality of the Service.

2.3 Google Calendar Data

If you choose to connect your Google Calendar, we request access to create and manage calendar events related to your lead appointments. We store your Google OAuth tokens securely to maintain this connection. We only access the minimum data necessary to sync appointments and do not read, store, or process any other calendar data.

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details on our servers. We only store Stripe customer and subscription identifiers to manage your subscription status.

2.5 Usage Data

We may collect anonymized usage data such as pages visited, features used, and general interaction patterns to improve the Service.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Manage your account and subscription
  • Sync appointments with your Google Calendar (if connected)
  • Send transactional emails (e.g., appointment confirmations)
  • Respond to your support requests
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We share data only with the following third-party service providers, strictly to operate the Service:

  • Clerk — Authentication and user management
  • Supabase — Database hosting and storage
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Google — Calendar integration (only if you connect your account)

Each provider processes data according to their own privacy policies and in compliance with applicable data protection laws.

5. Google Calendar Data Use

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google Calendar data to sync lead appointments to your calendar
  • We do not use Google data for advertising purposes
  • We do not share Google data with third parties except as necessary to provide the Service
  • We do not allow humans to read your Google data unless required for support with your consent, for security purposes, or to comply with applicable law
  • You can disconnect Google Calendar at any time from your Settings page, which will revoke our access and delete your stored tokens

6. Data Storage and Security

Your data is stored on servers provided by Supabase. We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. OAuth tokens are stored securely and encrypted.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain information.

8. Your Rights

Under Swiss data protection law and, where applicable, the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Deletion — Request deletion of your personal data
  • Portability — Request your data in a structured, machine-readable format
  • Objection — Object to certain processing of your data
  • Withdraw consent — Revoke consent for optional data processing at any time

To exercise any of these rights, contact us at info@nexoraai.ch.

9. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us at:

Nexora AI

Switzerland

Email: info@nexoraai.ch