1. What data we collect
Account data (email, password hash, display name); Conversation data (messages you send, responses you receive); Usage data (token count, request timestamp, API key used); Billing data (payments, invoices).
2. How we use
It is only used to provide the services you have paid for: routing your questions to the most appropriate model, returning responses, and billing accurately. We do not use your prompts or responses to train AI models - neither ours nor those of upstream providers (we have a "not used for training" clause with each provider).
3. How we share
Your prompt will be forwarded to the upstream model provider (OpenAI, Anthropic, Google, DeepSeek, etc.) only for generating responses. Each provider has a data processing clause with us. We will not sell or rent your data to third parties for advertising or profiling. For requests routed to LLM providers in mainland China (DeepSeek / Tongyi Qianwen / Moonshot / Zhipu / Doubao), the request content is processed by Nexevo's intranet infrastructure deployed in Shenzhen, China. This infrastructure only runs on the internal network segment and has no public network entrance. The data will not leave the Alibaba Cloud private network, and Nexevo will not retain this data outside the request life cycle. If the customer requires that the data not enter mainland China at all, they can set `provider.data_collection: "deny"` in the request, and we will only route to providers that promise not to retain data strictly (such as self-built distillation models).
4. How long do we keep it?
Account + billing data: Account lifetime + minimum retention period for tax/accounting compliance (usually 7 years). Conversations: Until you delete or close your account. Audit logs: retained for 2 years for compliance requirements. You can request complete deletion at any time.
5. Your rights
You can access, export or delete your data at any time through the settings page. For GDPR/CCPA/protection requests, please email privacy@nexevo.ai and we will respond within 30 days. You can also object to certain processing or restrict certain categories of data.
6. Security
The transport layer uses TLS 1.2+. Data-at-rest encryption. API keys are stored as SHA-256 hashes (cannot be retrieved if lost and must be regenerated). We maintain SOC 2 controls and undergo regular penetration testing.
7. Cookies
We only use necessary cookies: authentication (JWT storage) and preferences (language, theme). No tracking or advertising cookies are used. Cookie data is not shared with third parties.
8. Contact us
Privacy related: privacy@nexevo.ai. Data Protection Officer: dpo@nexevo.ai. We are registered in [jurisdiction], company code [number].