1. Data We Collect
When you use NEXICFLOW, we collect the following categories of information:
- Account Information โ Your full name, email address, and business name provided during registration
- Business Information โ Your business type, WhatsApp phone number, and email connection credentials (stored encrypted)
- Message Content โ WhatsApp messages and email content processed by our AI to generate automated responses. This data is used solely to deliver the Service and is not used for advertising or sold to third parties
- Usage Data โ Information about how you use the Service, including feature usage, session duration, and interaction logs
- Technical Data โ IP address, browser type, device information, and cookies for authentication and security purposes
Your WhatsApp and email message content is processed by AI to generate replies on your behalf. We do not read, review, or store your messages beyond what is necessary to provide the automated reply service.
2. How We Use Your Data
We use the data we collect to:
- Provide the Service โ Process WhatsApp and email messages to generate AI-powered automated replies
- Account Management โ Manage your subscription, authenticate your identity, and maintain your workspace
- Service Improvement โ Understand how the Service is used to improve features and fix bugs (using anonymized and aggregated data only)
- Communication โ Send you important service updates, security notifications, and (with your consent) marketing communications
- Legal Compliance โ Comply with applicable laws, regulations, and legal processes
We do not sell your personal data to third parties. We do not use your message content for training AI models beyond what is necessary to provide your personal service.
3. Data Security
We take data security seriously and implement multiple layers of protection:
- Encryption at Rest โ Sensitive data including API credentials and connection tokens are encrypted using Fernet symmetric encryption (AES-128-CBC)
- Encryption in Transit โ All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Access Controls โ Strict access controls ensure only authorized systems can access your data
- Regular Audits โ We conduct regular security reviews of our systems and practices
While we implement industry-standard security measures, no system is 100% secure. We recommend using a strong, unique password and enabling two-factor authentication where available.
4. Third-Party Services
NEXICFLOW integrates with the following third-party services to deliver functionality:
- Google Gemini AI โ We use Google's Gemini AI models to generate intelligent automated responses. Your message content is transmitted to Google's API for processing in accordance with Google's privacy policies. See Google's Privacy Policy.
- Baileys (WhatsApp Web API) โ We use Baileys, an open-source WhatsApp Web API library, to connect to WhatsApp. This operates through WhatsApp's unofficial web interface. You connect your own WhatsApp account via QR code scan.
- Email Providers (IMAP/SMTP) โ When you connect an email account, we store your connection credentials (encrypted) to read and reply to emails on your behalf.
- Google OAuth โ If you sign in with Google, we receive your name and email address from Google in accordance with your Google account permissions.
Important: WhatsApp's Terms of Service prohibit the use of unofficial APIs. By using NEXICFLOW's WhatsApp feature, you acknowledge this risk and accept responsibility for your WhatsApp account's compliance with WhatsApp's policies.
5. Data Retention
We retain your data for the following periods:
- Account Data โ Retained for the duration of your account and for 30 days following account deletion
- Message Logs โ WhatsApp and email message logs are retained for 90 days to support the CRM feature, after which they are permanently deleted
- Usage Analytics โ Anonymized usage data may be retained indefinitely for product improvement purposes
- Billing Records โ Payment and subscription records are retained for 7 years as required by financial regulations
You may request deletion of your data at any time by contacting us or deleting your account through the dashboard settings.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of Access โ Request a copy of the personal data we hold about you
- Right to Rectification โ Request correction of inaccurate or incomplete data
- Right to Erasure โ Request deletion of your personal data ("right to be forgotten")
- Right to Portability โ Request your data in a portable, machine-readable format
- Right to Object โ Object to processing of your data for direct marketing purposes
- Right to Restriction โ Request restriction of processing your data in certain circumstances
To exercise any of these rights, please contact us at privacy@nexicflow.com. We will respond within 30 days.
If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.
7. Cookies
We use the following types of cookies:
- Essential Cookies โ Required for the Service to function, including session authentication cookies. These cannot be disabled.
- Preference Cookies โ Store your preferences such as theme selection (dark/light mode). Stored in localStorage.
We do not use advertising cookies or third-party tracking cookies. You can control cookie settings through your browser, though disabling essential cookies will prevent you from using the Service.
8. Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.
9. Contact Us
For privacy-related questions, requests, or concerns, please contact our privacy team:
We aim to respond to all privacy inquiries within 5 business days and will complete data requests within 30 days.