Privacy Policy

This policy is issued by PRISM LABS PTE. LTD. (incorporated in Singapore, "we") and applies to all services provided under the nexevo.ai domain — the dashboard, autonomous agent, projects and knowledge files, private memory, generation studio, and APIs.

Account data (email, password hash, display name); content data (conversations, agent runs and their steps, projects and knowledge files you upload, memory items); usage data (token counts, request timestamps, API key used); billing data (payment method, transactions, invoices).

Only to provide the services you have paid for: routing your requests to the most appropriate model, returning responses, accurate billing, and semantic retrieval (vector embeddings) for the private memory layer. We do not use your prompts or responses to train AI models — neither ours nor those of upstream providers (we rely on "not used for training" terms with each provider).

Your prompts are forwarded to upstream model providers (OpenAI, Anthropic, Google, DeepSeek, etc.) solely to generate responses, through the providers' international service endpoints and under data-processing terms. We only route to providers that commit to no-training terms. We do not sell or rent your data to third parties for advertising or profiling.

Our primary infrastructure runs in Singapore, and your workspace data is stored there with strict per-workspace isolation. Data storage is protected under the PDPA (Singapore) and the supervision of the PDPC (Personal Data Protection Commission). Additional regions may be offered as customer demand arrives.

Account + billing data: account lifetime + the minimum retention required for tax / accounting compliance (typically 7 years). Conversations, projects, knowledge files, and memory items: until you delete them or close your account. Security audit logs: 5 years.

You can at any time, via your workspace settings: (a) export your data; (b) close your account (full purge within 30 days; audit logs retained per §6); (c) individually delete any conversation, project, knowledge file, or memory item; (d) withdraw cookie / notification consent.

For GDPR (EU) / CCPA (California) / PIPL (China) / PDPA (Singapore) access, correction, restriction, portability, and deletion requests, email [email protected]. We respond within 30 calendar days.

Transport: TLS 1.2+. Data at rest: AES-256-GCM encryption with keys managed independently by PRISM LABS. API keys are stored as hashes (cannot be retrieved if lost — they must be regenerated). SOC 2 Type II audit is in preparation; we run periodic third-party penetration testing.

Our services are software tools — not a medical device, legal counsel, investment advisor, or tax advisor. Content generated by the agent, the generation studio, and any third-party AI model called through our platform may contain errors, biases, or out-of-date information. For any decision involving law, medicine, finance, or personal safety, always consult a licensed professional. We make no guarantee as to the accuracy, completeness, or suitability of AI outputs.

Only necessary cookies: authentication (session cookie) and preferences (language, theme, cookie-consent choice). No tracking or advertising cookies. Cookie data is not shared with third parties.

Privacy: [email protected]. Data Protection Officer / DPO: [email protected]. Legal entity: PRISM LABS PTE. LTD. (UEN 202623344N), 3 Gambas Crescent, #04-01, Nordcom One, Singapore 757088.