Privacy Policy

Last Updated: February 17, 2026

1. Who We Are

Nexlo ("we", "us", "our") provides a business automation platform that helps companies manage customers, prospects, tasks, and AI-powered agents. This policy explains how we collect, use, and protect your data.

2. What Data We Collect

Account Data: Name, email address, and password when you create an account.

Organization Data: Company name, industry, office locations, and product/service lines you provide during onboarding.

Business Data: Customer records, prospect records, tasks, deals, trips, activities, expenses, and any other data you enter into the platform.

Agent Data: AI agents you create or install, agent run history, and outputs generated by agents.

Integration Data: API keys and webhook URLs you provide to connect external services. We store these securely and use them only to execute actions you configure.

Usage Data: Pages visited, features used, and technical information such as browser type and IP address.

3. How We Use Your Data

• To provide and operate the platform
• To execute AI agents and automation you configure
• To generate reports and analysis you request
• To connect with external services you authorize (SendGrid, Slack, etc.)
• To improve the platform and fix issues
• To communicate with you about your account

We never sell, rent, or share your data with third parties for advertising or marketing purposes.

4. AI Processing

When you use AI features (chatbot, agents, analysis), your business data is sent to Anthropic's Claude API for processing. This data is:

• Used only to generate your requested response
• Not used to train AI models
• Not stored by Anthropic beyond the request
• Subject to Anthropic's data processing terms

5. Data Isolation

Each organization's data is isolated using database-level row security policies. This means:

• No other organization can access your data
• This isolation is enforced by the database itself, not application code
• Even in the event of a software bug, cross-organization data access is architecturally prevented

6. Data Storage and Security

• Data is stored in PostgreSQL databases hosted by Supabase on AWS infrastructure
• All data is encrypted at rest and in transit (TLS 1.2+)
• Authentication is handled by Supabase Auth with secure password hashing
• API keys for external integrations are stored encrypted in our database

7. Your Rights

You have the right to:

• Access all your data at any time through the platform
• Export all your data in Excel format (Settings → Data → Export All Data)
• Delete all your data permanently (Settings → Data → Delete All Data)
• Correct any inaccurate data through the platform interface
• Disconnect any external integration at any time

8. Data Retention

• Your data is retained as long as your account is active
• When you delete your organization, all data is permanently removed within 24 hours
• Agent run logs are retained for 90 days, then automatically deleted
• API call logs are retained for 30 days, then automatically deleted

9. Third-Party Services

The platform may connect to external services you authorize, including but not limited to:

SendGrid, Slack, Twilio, Google Sheets, Zapier, HuggingFace, OpenAI, Mailgun, Discord, Airtable, and Notion.

When you connect these services, your data is sent to them according to their respective privacy policies. We recommend reviewing their policies before connecting.

10. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies or advertising cookies.

11. Children

The platform is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

12. PIPEDA Compliance (Canada)

In accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA):

• We obtain consent before collecting personal information
• We collect only information necessary to provide our services
• We protect personal information with appropriate security measures
• We provide access to personal information upon request
• We have procedures to receive and respond to complaints about our privacy practices

13. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the platform. Continued use of the platform after changes constitutes acceptance.

14. Contact

For privacy questions, data requests, or complaints:

Email: privacy@nexlo.app
Address: Calgary, Alberta, Canada

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.