Privacy Policy

Last updated: 2026-04-20

This Privacy Policy explains how Nuveki ("we," "us," or "our") collects, uses, discloses, and protects information about you when you use our Platform. It applies to all users worldwide, including users in Canada, the European Economic Area (EEA), United Kingdom, and California.

1. Information We Collect

We collect the following types of information:

• Account information: Email address, display name, profile photo, and other details you provide at registration or in your profile
• Usage data: How you interact with the Platform, including conversations initiated, workflow executions, feature usage, and actions taken
• Technical data: Browser type, operating system, device identifiers, IP address, access timestamps, and session information
• User Content: Conversations with AI agents, library items, uploaded files, and workflow configurations you create or submit
• Payment information: Billing address and payment method details, processed by our payment processor; we do not store full card numbers
• Communications: Messages you send to our support team or through contact forms

2. Legal Basis for Processing (GDPR)

If you are located in the EEA or United Kingdom, we process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing your account information, User Content, and payment data to provide the Platform services you have requested
• Legitimate interests (Art. 6(1)(f)): Analyzing usage patterns to improve the Platform, detecting and preventing abuse, ensuring platform security, and sending service-related communications -- where these interests are not overridden by your rights
• Legal obligation (Art. 6(1)(c)): Retaining billing records, responding to lawful government requests, and complying with applicable law
• Consent (Art. 6(1)(a)): Sending optional marketing communications and placing non-essential cookies, where required -- you may withdraw consent at any time

3. How We Use Your Information

We use your information for the following purposes:

• To create and manage your account and provide access to the Platform
• To process your subscription and billing
• To analyze aggregate and anonymized usage patterns to improve Platform features and performance (we do not use your individual conversation content for this purpose)
• To send transactional and service-related communications (account confirmations, security alerts, billing notices)
• To enforce our Terms of Service and protect against misuse, fraud, and abuse
• To comply with legal obligations and respond to lawful requests from authorities

We do not use your conversation content to train AI models. Aggregate, anonymized platform analytics (e.g., feature adoption rates, session counts) are used for product improvement, but individual conversation content is never used for this purpose.

4. AI and Data Processing

When you interact with AI agents, your messages are transmitted to third-party AI model providers for processing. Each provider processes data in accordance with their own privacy policies and data processing agreements. Our current AI model providers include Anthropic (via AWS Bedrock), OpenAI, Google, and xAI. AWS acts as an infrastructure sub-processor for Anthropic model access. These providers act as sub-processors under our instruction. We have executed Data Processing Agreements with each provider to protect your data. Provider privacy policies are available at their respective websites.

AI model providers may apply their own content moderation, safety filtering, and usage policies to messages sent through our Platform. We recommend reviewing their policies if you have specific data handling requirements.

5. Data Retention

We retain your data for the following periods:

• Account information: For the duration of your account, plus 90 days after deletion to allow account recovery, then permanently deleted
• Conversation history and library items: Until you delete them or close your account, subject to the 90-day recovery window above
• Billing records: 7 years from the transaction date, as required by applicable tax and financial laws
• Security and access logs: 12 months from creation
• Aggregate analytics: Indefinitely in anonymized, non-identifiable form

You may request deletion of your data at any time by contacting us at hello@nuveki.ai. Certain data may be retained longer where required by law or for legitimate legal defense purposes.

6. Data Sharing and Sub-Processors

We do not sell your personal information. We may share data with:

• AI model providers (Anthropic via AWS Bedrock, OpenAI, Google, xAI) -- to process your AI agent interactions
• Cloud infrastructure providers -- for hosting, storage, and database services
• Payment processors -- to handle subscription billing
• Analytics services -- using anonymized data only, for platform improvement
• Law enforcement and government authorities -- when required by law, legal process, or to protect the safety of users or the public
• Business transfers -- in connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data becomes subject to a different privacy policy

All third-party sub-processors are contractually bound to process your data only as directed by us and in accordance with applicable data protection law.

7. International Data Transfers

Nuveki operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States and Canada. Where data is transferred from the EEA or UK to countries not recognized as providing adequate data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards, to ensure your data remains protected. Where required by Canadian privacy law, we ensure that any cross-border transfers maintain a comparable level of protection through contractual and organizational safeguards. You may request a copy of the applicable transfer mechanisms by contacting us at hello@nuveki.ai.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data. To exercise any right, contact us at hello@nuveki.ai. We will respond within 30 days (GDPR/PIPEDA) or 45 days (CCPA).

All users:

• Access and download a copy of your personal data
• Correct inaccurate or incomplete information
• Delete your account and associated personal data
• Withdraw consent where processing is based on consent (without affecting prior processing)

Canadian residents (PIPEDA / provincial privacy laws):

• Access your personal information held by Nuveki and be informed of its use and disclosure
• Challenge the accuracy and completeness of your personal information and have it amended
• Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
• File a complaint with the Office of the Privacy Commissioner of Canada or your applicable provincial privacy commissioner

EEA / UK users (GDPR / UK GDPR):

• Object to processing based on legitimate interests
• Request restriction of processing in certain circumstances
• Data portability -- receive your data in a structured, machine-readable format
• Lodge a complaint with your local supervisory authority (e.g., ICO in the UK, your national DPA in the EU)

California residents (CCPA / CPRA):

• Know the categories and specific pieces of personal information we collect, use, and disclose
• Opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
• Limit the use of sensitive personal information
• Non-discrimination -- we will not discriminate against you for exercising your privacy rights

9. Children's Privacy

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Users between 13 and the age of majority in their jurisdiction may only use the Platform with parental consent as described in our Terms of Service. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at hello@nuveki.ai and we will delete such information promptly.

10. Automated Decision-Making

Certain Platform functions involve automated processing that may affect your account, including automated enforcement of subscription usage limits and automated content moderation for policy violations. Where such automated decisions produce significant effects, you have the right to request human review. Contact hello@nuveki.ai to make such a request or to contest an automated decision. AI agents themselves do not make binding decisions on Nuveki's behalf -- they generate responses for your use and review.

11. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, role-based access controls, regular security assessments, and audit logging to protect your data. Despite these measures, no system is completely secure. You are responsible for keeping your account credentials confidential and notifying us immediately at hello@nuveki.ai if you suspect unauthorized access to your account.

12. Contact Us

For privacy-related questions, data rights requests, security concerns, or DMCA notices, contact us at hello@nuveki.ai. We will acknowledge your request within 5 business days and provide a full response within the legally required timeframe.