Privacy Policy

Last updated: 28 April 2026

Nexus Protocol is built on a simple principle: your signal belongs to you. This document explains, in plain language, what data we collect, why we collect it, where it lives, and how you can take it back at any moment. No tracking pixels. No analytics. No selling. No sharing. Just what we need to make the app work, and nothing else.

1. Who we are

Nexus Protocol is published by Nexus Protocol, operated from Barcelona, Spain. Throughout this document, "we", "us" and "our" refer to the publisher, and "you" refers to the person using the app.

2. The short version

We collect your email and password so you can have an account.
We store the answers and results of your evaluation, plus any AI-generated portrait you create, so you can return to them.
We store your purchase status so you don't lose access to what you paid for.
We do not use analytics, advertising SDKs, trackers, or third-party data brokers.
We do not sell, rent or share your data with anyone.
You can delete your account and all your data at any time. We will honor it.

3. Information we collect

3.1 Account information

When you create an account, we collect:

Email address — used as your unique identifier and for password recovery.
Password — stored only as a one-way cryptographic hash by our authentication provider. We never see, log, or have access to your plaintext password.

3.2 Evaluation data

When you use the app, we store:

Your answers to the evaluation questions.
Your resulting classification and profile generated from those answers.
Optional AI-generated portraits you choose to create within the premium experience.
Timestamps of evaluations and re-evaluations, so we can show you how your signal has shifted over time.

3.3 Purchase information

In-app purchases are processed entirely by Apple's App Store. We never receive, see, or store your credit card, billing address, or any payment information. We only receive a transaction receipt that tells us which tier you unlocked (Dossier, Full Access, Re-Evaluation Pass, etc.) so the app can grant you access.

3.4 Information stored only on your device

Some preferences and a copy of your unlock state are stored locally on your iPhone using Apple's standard storage system (UserDefaults). This information stays on your device and is never transmitted anywhere unless explicitly listed elsewhere in this policy.

3.5 What we do NOT collect

We do not access your camera, microphone, photos, contacts, or location.
We do not use any analytics tools (no Google Analytics, no Firebase Analytics, no Mixpanel, no Amplitude).
We do not use any advertising or attribution SDKs (no Meta, no AppsFlyer, no Adjust, no Branch).
We do not use any crash-reporting service that ties data to your identity.
We do not fingerprint your device or track you across other apps or websites.

4. Where your data lives

Your account and evaluation data are stored on Supabase, a cloud platform we use as our database and authentication provider. Supabase processes data on servers located in the European Union, in compliance with GDPR. You can read Supabase's own privacy policy at supabase.com/privacy.

5. Why we collect what we collect — legal basis (GDPR)

Account creation and authentication — to perform the contract you enter into when using the app (Article 6(1)(b) GDPR).
Storing your evaluations and portraits — to provide the service you signed up for (Article 6(1)(b) GDPR).
Processing purchases — to comply with consumer-protection and tax obligations (Article 6(1)(c) GDPR).
Securing accounts and preventing abuse — based on our legitimate interest in protecting users and the service (Article 6(1)(f) GDPR).

6. How long we keep your data

We keep your account data and evaluations for as long as your account exists. When you delete your account, all associated data — answers, portraits, purchase records linked to your user ID — is permanently deleted from our database within 30 days. Backups containing the data are rotated out within 90 days. After that, no copy remains.

7. Your rights

You have full rights over your data, in particular under GDPR:

Access — get a copy of everything we store about you.
Rectification — correct anything that is wrong.
Erasure — delete your account and all data tied to it.
Portability — receive your data in a machine-readable format.
Restriction — ask us to pause processing of your data.
Objection — object to any processing based on legitimate interest.
Complaint — file a complaint with the Spanish Data Protection Agency (AEPD) or the supervisory authority in your country.

To exercise any of these rights, contact us at the address below. We respond within 30 days.

8. Children's privacy

Nexus Protocol is not intended for children under 16 years of age. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, please contact us and we will delete the account immediately.

9. Security

All connections between the app and our servers use HTTPS / TLS encryption. Passwords are hashed with industry-standard algorithms and never stored or transmitted in plain text. Our database enforces row-level security, meaning each user can only access their own records. No system is perfectly secure, but we treat your data with the same care we expect for our own.

10. International transfers

Our infrastructure is located in the European Union. If you access the app from outside the EU, your data may be transferred to and stored in the EU. We do not transfer personal data outside the EU to jurisdictions with weaker protections.

11. Changes to this policy

If we update this policy, we will post the new version here and update the "Last updated" date at the top. For material changes (for example, if we ever introduced any third-party processor), we will notify you in the app or by email before the changes take effect.

12. Contact

Data controller: Nexus Protocol

Location: Barcelona, Spain

Email: support@nexus-protocol.app

For any privacy question, request, or concern, write to the address above. We read every message.