NEXUPIRA
Let's talk →

Privacy Policy

Last updated: 2026-04-15

Nexupira ("we", "us", or "the Service") is an AI-powered integration platform that lets users connect their productivity tools (Google Workspace, Slack, GitHub, Notion, Linear, and others) and automate workflows through natural-language instructions. This Privacy Policy describes what we collect, how we use it, and what control you have.

1. Information We Collect

When you use Nexupira, we collect:

  • Account information: email address, name, and (if you register with a password) a salted password hash.
  • OAuth tokens: access tokens and refresh tokens from services you choose to connect. These are encrypted at rest with AES-256-GCM and used only to call APIs on your behalf.
  • Content you upload: documents, images, and files you attach to chats. Encrypted at rest.
  • Chat messages and workflow definitions: stored to let you resume sessions and re-run automations.
  • Operational telemetry: error logs, performance metrics, and session replays triggered only when errors occur (used to diagnose bugs).

2. Google User Data

When you connect a Google account, you grant Nexupira access to a limited set of Google APIs. The scopes we request are:

  • calendar & calendar.events — read and manage your Google Calendar events when you ask an automation to do so.
  • drive.file — create, read, and modify only the files that Nexupira itself creates or that you explicitly open through Nexupira. We never read your entire Drive.
  • documents, spreadsheets, presentations — edit the Google Docs, Sheets, and Slides files that Nexupira creates on your behalf.
  • gmail.send — send emails from your account when your workflow asks us to.
  • gmail.compose — create draft emails.
  • gmail.labels — list your existing Gmail labels.

Limited Use disclosure

Nexupira's use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide or improve user-facing features that are visible in the Nexupira interface.
  • We do not transfer Google user data to third parties except as necessary to provide those features, comply with law, or prevent fraud.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read Google user data unless we have your explicit consent for specific messages, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in line with these requirements.

3. How We Use the Data

  • To execute the automations and chat instructions you give us.
  • To route prompts and your explicitly selected context to the AI provider you have configured (e.g. OpenAI, Anthropic, Google, or a self-hosted model).
  • To debug crashes and improve reliability (error traces, anonymised session replays).
  • To authenticate you on subsequent sign-ins.

We do not sell your data, use it to train AI models, or share it with advertising networks.

4. Data Storage & Security

  • Each user's data lives in an isolated LibSQL namespace — one user's data is never co-mingled with another's.
  • OAuth tokens and uploaded documents are encrypted at rest with AES-256-GCM. Keys are held in a server-side KMS and never exposed to application logs.
  • Transport is HTTPS / TLS 1.2+ only.
  • We apply the principle of least privilege: OAuth scopes are the minimum needed for the feature you invoked.

5. Third-Party Services

To deliver the Service we send necessary data to:

  • AI model providers you have configured (OpenAI, Anthropic, Google Gemini, Groq, or any custom endpoint) — for the purpose of generating the response you asked for.
  • Connected service providers (Google, Slack, GitHub, Notion, Linear) — when you invoke a tool that touches them.
  • Cloud infrastructure (the hosting provider running our servers) — for execution.

We do not send your data anywhere you have not explicitly connected, except to our own operational infrastructure.

6. Your Choices

  • Disconnect a service at any time from the Connections page. This deletes our copy of the OAuth tokens and revokes our access.
  • Delete documents from the Documents page; deletion is immediate and permanent.
  • Delete your account by emailing the address below; we will remove your data within 30 days of the request.
  • Export your data on request.

You can also revoke our access directly from your Google Account settings at myaccount.google.com/permissions.

7. Data Retention

Chat messages are retained for 90 days for the session-resume feature and are then archived. Documents and automations persist until you delete them or close the account. OAuth tokens persist until you disconnect the service. Error logs are kept for 30 days.

8. Children's Privacy

Nexupira is not directed to children under 13 and we do not knowingly collect information from them.

9. Changes to this Policy

We will update the "Last updated" date above whenever this policy changes. Material changes will be announced by email or in-product notice before they take effect.

10. Contact

Questions, data-deletion requests, or other privacy concerns: [email protected].