Privacy Policy

1. Who We Are

Nexos English is operated by NexosNova LLC. We are committed to protecting your personal data and respecting your privacy. For any privacy-related questions, contact us at [email protected].

2. Data We Collect

• Account data: First name, last name, email address, password (hashed), and profile information.
• Learning data: Your English level, session history, exercise results, credits used, and progress statistics.
• Payment data: Subscription status and billing history. Payment card details are processed by Stripe and never stored on our servers.
• Technical data: IP address, browser type, device information, and usage logs for security and performance purposes.
• Communications: Messages sent to our support email.

3. How We Use Your Data

• To provide and improve the learning platform
• To personalize your learning experience based on your level
• To process payments and manage your subscription
• To send transactional emails (welcome, verification, password reset)
• To send learning reminders (evenings, weekdays) — you may opt out anytime
• To detect and prevent fraud or abuse
• To comply with legal obligations

4. Legal Basis (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract performance: To provide the service you signed up for.
• Legitimate interests: To improve our service and ensure security.
• Consent: For marketing communications (you may withdraw at any time).
• Legal obligation: To comply with applicable laws.

5. Third-Party Services

We use trusted third-party services to operate our platform:

• Stripe: Payment processing (PCI-DSS compliant).
• Resend: Transactional email delivery.
• OpenAI / Anthropic: AI-powered conversation and correction features.
• Cloudflare: DNS, CDN, and DDoS protection.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where required by law (e.g., billing records retained for 7 years).

7. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data.
• Correct: Fix inaccurate or incomplete data.
• Delete: Request deletion of your account and data ("right to be forgotten").
• Export: Receive your data in a portable format.
• Object: Opt out of certain types of processing.
• Withdraw consent: Unsubscribe from marketing emails at any time.

8. Cookies

We use essential cookies only to maintain your session and authentication. We do not use advertising or tracking cookies. No third-party tracking scripts are loaded on our platform.

9. Data Security

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Bcrypt password hashing
• JWT token authentication with expiry
• Regular security audits
• Cloudflare DDoS protection

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email. The "Last updated" date at the top reflects the most recent revision.