This Privacy Policy describes how NexusMax collects, uses, stores and protects your personal data. Our commitment is to be straightforward about what we collect and why.
We collect only what's needed to run the service (email, optional name, your project history). We do not sell your data. The briefings you send are processed by Anthropic AI models under enterprise confidentiality terms.
Who is responsible
The controller of your data is NexusMax (hereinafter "we"). For any request related to your personal data, including rights granted by Brazilian LGPD or comparable legislation, contact contato@nexusmax.com.br.
What data we collect
Data you provide directly
- Account: name and email provided at signup or via social login (when available)
- Briefings: descriptive text you send to generate your projects
- Reference URLs: links you optionally provide as inspiration
- Payment data: processed by payment partners (we do not store card data on our systems)
- Communications: emails and messages you send us
Data collected automatically
- Usage data: your project history, credits consumed, generated versions
- Technical metadata: IP address, browser type, operating system, access times (for security and aggregate stats)
- Essential cookies: used only to keep your authenticated session. We do not use third-party advertising tracking cookies
How we use your data
The data we collect is used strictly to:
- Deliver the service you contracted (generate content, save history, process payments)
- Authenticate your access and protect your account from unauthorized use
- Improve service quality (via aggregate, anonymous analytics)
- Communicate important updates, account issues or changes to the terms
- Comply with legal, tax and regulatory obligations
- Prevent fraud, abuse and violations of the terms of use
We do not use your data for third-party marketing, nor do we sell or rent your personal information.
Sharing with third parties
We share data only with partners necessary to operate the service:
AI providers
The briefings you send are processed by Anthropic's API (Claude models), our AI provider. Anthropic operates under enterprise terms that include:
- Content sent via API is not used to train future models
- Limited retention for abuse prevention (per Anthropic's policy)
- Encryption in transit and at rest
See Anthropic's Privacy Policy for details.
Other technical partners
- Payment processors (e.g., Asaas, Stripe) — for billing and credit management
- Hosting and infrastructure providers — for platform operation
- Transactional email services — for sending account notifications
- Unsplash and image providers — for optional photo integration in landing pages
Authorities and legal requirements
We may disclose data under court order, legal request from a competent authority, or when necessary to protect the rights, safety and property of NexusMax, its users or the public.
Where your data lives
Data is stored on enterprise-grade servers, with encryption in transit (HTTPS/TLS) and at rest. Some providers may store data outside Brazil (mainly in the US and Europe) — in those cases we ensure partners maintain standards equivalent to LGPD.
How long we keep your data
- Account data (email, name): while your account is active, plus 6 months after closure
- Generated project history: while your account is active; on closure, data remains available for 30 days for export before deletion
- Payment data: for the period required by tax law (typically 5 years)
- Technical and security logs: up to 12 months, in aggregate form
Your rights
Under Brazilian data protection law (LGPD) you have the right to:
- Confirmation and access: know what data we have about you and obtain a copy
- Correction: update incorrect, incomplete or outdated data
- Anonymization, blocking or deletion: request that unnecessary data be removed
- Portability: receive your data in a structured, transferable format
- Consent withdrawal: revoke previously given consents
- Objection: object to processing carried out on legitimate-interest grounds
- Review of automated decisions: request human review of decisions made solely by AI that affect you
To exercise any right, send an email to contato@nexusmax.com.br with the subject "LGPD — [your request]". We respond within 15 days.
Security
We apply reasonable technical and organizational measures to protect your data:
- Encryption in transit (HTTPS required) and at rest
- Role-based access control within the team
- Continuous monitoring for unauthorized access attempts
- Periodic code security reviews
- Sanitization of generated HTML against malicious scripts
No system is 100% immune to incidents. In case of a breach affecting your data, we will notify you and the competent authority within the legally required timeframe.
Minors
NexusMax is not directed to users under 18. We do not knowingly collect data from minors. If you are a legal guardian and believe a minor provided data without authorization, contact us for removal.
Cookies and similar technologies
We use essential cookies to maintain your authenticated session and usage preferences. We do not use behavioral advertising or cross-site tracking cookies. You can manage cookies through your browser settings — though disabling essential cookies may prevent use of the service.
Changes to this policy
This Policy may be updated as the service, applicable law or best practices evolve. We will notify you by email and within the platform when there is a material change. The date of the latest update is at the top of this page.
Contact
Privacy questions, data-related requests or incident reports: contato@nexusmax.com.br