Skip to content

Privacy Policy

Last updated: January 21, 2026

Introduction

Nexus ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AP automation platform and related services.

Please read this policy carefully. By using our Service, you consent to the practices described herein.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and business information
  • Phone number (optional)
  • Billing and payment information (processed by our payment providers)
  • Job title and role

Business Documents

To provide our services, we process documents you upload, including:

  • Invoices and bills
  • Purchase orders
  • Delivery notes and receipts
  • Vendor and supplier information contained in these documents

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited, time spent)
  • Device information (device type, operating system)
  • Feature usage and interaction patterns
  • Error reports and performance data

Integration Data

When you connect third-party integrations (e.g., QuickBooks, Sage), we receive data necessary to sync your accounting information, such as chart of accounts, vendors, and transaction history.

How We Use Your Information

We use your information to:

  • Provide Services: Process documents, perform matching, manage exceptions, and deliver core functionality
  • Improve Our Platform: Analyze usage patterns to enhance features and user experience
  • Train AI Models: Use anonymized and aggregated data to improve our machine learning algorithms
  • Customer Support: Respond to inquiries and provide technical assistance
  • Communication: Send service updates, security alerts, and (with consent) marketing communications
  • Billing: Process payments and manage subscriptions
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Meet legal obligations and respond to lawful requests

Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

Service Providers

Third-party vendors who help us operate our service, including:

  • Cloud infrastructure providers (AWS)
  • Payment processors (Stripe)
  • Authentication services (Clerk)
  • Analytics providers (with anonymized data only)
  • Customer support tools

Integration Partners

When you authorize integrations, we share necessary data with those platforms (e.g., QuickBooks) to enable synchronization.

Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

Data Retention

We retain your data according to the following guidelines:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Business Documents: Retained according to your configured retention policy (default: 7 years for compliance)
  • Usage Logs: Retained for 90 days
  • Backup Data: Retained for 30 days after deletion from production systems

You may request earlier deletion of your data, subject to legal retention requirements.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Secure cloud infrastructure with regular security assessments
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response procedures

For more details, see our Security page.

Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Export: Receive your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Limit how we use your data in certain circumstances

To exercise these rights, contact us at privacy@nexusap.com.

Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: To understand how users interact with our service (can be disabled)
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings or our cookie consent banner.

International Data Transfers

Our services are hosted in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. We implement appropriate safeguards for international transfers, including standard contractual clauses where required.

Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

Contact Us

For questions about this Privacy Policy or our data practices, contact us:

  • Privacy Inquiries: privacy@nexusap.com
  • General Support: support@nexusap.com
  • Data Protection Officer: dpo@nexusap.com