nxfloNXFLO
Request Access
Legal

Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

Account information. When you create a workspace, we collect your email address and an encrypted password. If you authenticate via Google OAuth, we receive your name and email from Google — no other profile data.

Workspace data. Content you create through the platform — campaigns, brand memory, session history — is stored in your isolated workspace. We do not access, read, or analyze your workspace content except when required to provide the service or comply with legal obligations.

Usage data. We collect anonymized usage metrics including session duration, feature usage frequency, and error logs for the purpose of improving the service. These metrics are not tied to your workspace content.

Payment information. If you subscribe to a paid plan, payment is processed by Stripe. We do not store credit card numbers or bank account details on our servers.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the NXFLO platform
  • Authenticate your identity and secure your workspace
  • Send transactional communications (account confirmations, security alerts)
  • Monitor for abuse, fraud, and security threats
  • Comply with legal obligations

We do not sell your data. We do not use your workspace content to train AI models.

3. Data Storage and Security

Your data is stored on Google Cloud Platform infrastructure in the United States. Workspaces are fully isolated — each client operates in a separate environment with no shared tenancy.

Security measures include:

  • HMAC-signed session tokens with automatic rotation
  • Bcrypt-hashed credentials (cost factor 12)
  • TLS encryption for all data in transit
  • Rate limiting across REST, WebSocket, and authentication endpoints
  • Secrets managed via GCP Secret Manager (never stored on disk)

4. Ad Platform Integrations

When you connect advertising accounts (Meta, Google, TikTok, LinkedIn, Pinterest, Snapchat), NXFLO accesses your ad account data through official platform APIs to provide campaign management, reporting, and optimization services. Specifically:

  • Data accessed: Campaign performance metrics, ad account settings, audience definitions, billing information, and conversion events
  • Data use: Exclusively to provide the services you request — campaign creation, performance analysis, budget optimization, and reporting within your workspace
  • Data storage: Ad platform data is stored in your isolated workspace on Google Cloud Platform infrastructure. We do not share your ad account data with other users or third parties
  • Data deletion: When you disconnect an integration or delete your account, all associated ad platform data is permanently removed within 30 days
  • Server-side tracking: If you enable Conversions API (CAPI) integrations, conversion event data is transmitted directly to the ad platform on your behalf. Personally identifiable information (PII) is hashed with SHA-256 before transmission and is not stored in plaintext

We do not sell, rent, or share your ad platform data. We do not use your ad account data to train AI models or for any purpose other than providing the Service to you.

5. Third-Party Services

We use the following third-party services:

  • Anthropic — AI model provider for campaign generation and analysis
  • Google Cloud Platform — infrastructure hosting and data storage
  • Stripe — payment processing
  • Google Analytics / Google Tag Manager — anonymized website analytics
  • Meta Platform — advertising API, Conversions API, and Messenger integrations
  • Google Ads — advertising API for campaign management

Each provider is bound by their own privacy policies and data processing agreements. Your use of third-party ad platforms through NXFLO remains subject to those platforms' terms of service.

6. Data Retention

Your workspace data is retained for the duration of your account. If you delete your account, all associated workspace data, session history, and brand memory is permanently deleted within 30 days.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@nxflo.io.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the platform after changes constitutes acceptance.

9. Contact

For privacy-related inquiries, contact privacy@nxflo.io.