Privacy Policy
Last updated: May 18, 2026
This Privacy Policy describes how Nexarticle ("Nexarticle", "we", "us") collects, uses, and shares information when you use the Nexarticle service available at https://nexarticle.ai (the "Service").
1. Information We Collect
1.1 Information you provide
- Account data: name, email address, password (stored only as a salted bcrypt hash), optional avatar URL, language preference.
- Workspace data: organization name, workspace name, members you invite, and roles you assign.
- Content you create: articles, prompts, images, and configuration data you submit through the Service.
- Payment data: we use Stripe to process payments. We do not store full card numbers on our servers. Stripe returns and stores tokenized payment identifiers.
1.2 Information from Google Sign-In (OAuth)
When you choose to sign in with Google, we request the following OAuth scopes from your Google account:
openid,email, andprofile— used to identify you, pre-fill your full name, and display your Google profile picture as your avatar inside Nexarticle.
We do not request access to your Gmail, Google Drive, Google Calendar, contacts, or any other Google service. The Google profile picture URL is stored in our database so we can display it in the dashboard without re-querying Google on every request. You can replace it at any time from Settings → Profile.
1.3 Information collected automatically
- Operational logs: IP address, user agent, timestamps of sign-ins and security-relevant actions (account-level audit log).
- Usage telemetry: counts of articles generated, images produced, and tokens consumed — used for quota enforcement and billing.
2. How We Use Your Information
- To create and operate your account and workspaces.
- To generate the articles, images, and other AI outputs you explicitly request via the Service.
- To meter usage against your plan's monthly word and image allowance.
- To send transactional emails (account verification, password reset, invoices, security alerts).
- To detect, investigate, and prevent abuse (rate limiting, fraud checks, audit log review).
3. AI Providers and Sub-processors
To generate content, your prompts (and selected metadata such as tone and target language) are forwarded to upstream AI providers including OpenAI, Anthropic, BFL (FLUX), and Stability AI. These providers process the request on our behalf as data sub-processors. Other infrastructure sub-processors include:
- DigitalOcean (compute, managed Postgres, object storage)
- Cloudflare (DNS, edge caching, DDoS protection)
- Amazon SES (transactional email)
- Stripe (payment processing)
We do not sell your data and we do not use your prompts or generated content to train our own models.
4. Data Retention
- Account and workspace data: retained for the lifetime of your account.
- Generated content (articles, images): retained until you or a workspace admin deletes it.
- Operational logs and audit entries: retained for at least 12 months for security and compliance.
- After you delete your account, we soft-delete data immediately and purge it from production backups within 35 days.
5. Your Rights
You can:
- Access and export your account data from Settings → Profile.
- Correct your name, email, avatar, and language preference from the same screen.
- Delete your account from Settings → Account. This triggers an irreversible cleanup of your personal data within 35 days.
- Revoke Google sign-in by removing Nexarticle from your Google Account permissions page. After revocation, you can continue accessing the Service with a password if one is set, or use the "Forgot password" flow to set one.
6. Security
We encrypt all traffic between your browser and our servers with TLS. Passwords are stored only as salted bcrypt hashes. JWT access tokens are signed with RSA keys held only on the API server. Database backups are encrypted at rest. We restrict production-server SSH access to designated maintainers and audit administrator actions.
7. International Transfers
Our primary production infrastructure is located in the United States (DigitalOcean ATL1, Atlanta, GA). By using the Service you consent to your data being transferred to and processed in the United States.
8. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13.
9. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced in-app and via email. Continued use of the Service after a change constitutes acceptance of the updated Policy.
10. Contact
Questions about this Policy or your data? contato@ostops.net