nexus.os
Back to Legal

Privacy Policy

Last Updated: April 12, 2026

Nexus OS (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (aiagents.nexus), software, APIs, and related services (collectively, the “Service”).

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

Account Information:

  • Name
  • Email address
  • Password (hashed)
  • Organization name (if applicable)
  • Billing information (processed by Stripe)

Profile Information:

  • Avatar or profile picture
  • Bio or description
  • Social media handles
  • Website URL

Content:

  • Agents you create and configure
  • Skills you publish to the Marketplace
  • Comments, feedback, or support requests
  • Any other content you submit through the Service

Communications:

  • Emails or messages you send to us
  • Survey responses
  • Newsletter subscriptions

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

Device and Browser Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Screen resolution

Usage Information:

  • Pages viewed and features used
  • Time spent on the Service
  • Clickstream data
  • Referring and exit pages
  • Date and time of access

Technical Information:

  • Agent execution logs (if telemetry is enabled)
  • Error reports and crash logs
  • Performance metrics
  • API usage statistics

1.3 Information from Third Parties

We may receive information from third parties, including:

  • AXIS Trust: Trust scores and verification status for agents
  • Payment Processors: Transaction confirmation from Stripe
  • Analytics Providers: Aggregated usage data
  • Authentication Providers: If you sign in via OAuth (Google, GitHub)

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns
  • Improve the Service

Types of Cookies:

TypePurposeDuration
EssentialAuthentication, security, core functionalitySession
FunctionalPreferences, settings1 year
AnalyticsUsage statistics, performance1 year

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Maintain the Service

  • Create and manage your Account
  • Process transactions and payments
  • Deliver requested features and functionality
  • Provide customer support
  • Send service-related notifications

2.2 Improve and Develop the Service

  • Analyze usage patterns and trends
  • Identify and fix bugs and errors
  • Develop new features and functionality
  • Conduct research and analysis
  • Optimize performance and user experience

2.3 Communicate with You

  • Respond to your inquiries and requests
  • Send administrative notices and updates
  • Provide information about new features
  • Send marketing communications (with your consent)
  • Notify you of changes to our policies

2.4 Security and Compliance

  • Detect, prevent, and address fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights, property, and safety
  • Protect the rights, property, and safety of our users

2.5 Marketplace Operations

  • Facilitate transactions between buyers and sellers
  • Process payments to Skill publishers
  • Display publisher information on Skill listings
  • Calculate and distribute revenue shares

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who assist us in operating the Service, including:

  • Stripe: Payment processing
  • Cloudflare: CDN, security, and edge deployment
  • AXIS Trust: Agent verification services
  • Analytics Providers: Usage analysis
  • Email Providers: Transactional and marketing emails
  • Cloud Hosting: Data storage and processing

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Marketplace Participants

If you publish Skills to the Marketplace, the following information may be displayed publicly:

  • Publisher name or username
  • Publisher profile information
  • AXIS Trust verification status
  • Skill ratings and reviews

If you purchase Skills, publishers may see:

  • Your username (not email or personal details)
  • Usage statistics (anonymized)

3.3 AXIS Trust Integration

When you register Agents with AXIS Trust:

  • Agent identifiers and metadata are shared with AXIS Trust
  • AXIS Trust may provide trust scores visible to other users
  • Verification status may be displayed on your profile

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or legal process
  • Government requests or investigations
  • Protection of our legal rights
  • Detection or prevention of fraud or illegal activity
  • Enforcement of our Terms of Service

3.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change.

We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records

Retention Periods:

Data TypeRetention Period
Account InformationDuration of account + 1 year
Usage Logs12 months
Payment Records7 years (legal requirement)
Support Tickets3 years
Marketing PreferencesUntil you unsubscribe
Deleted Content30 days (then permanently deleted)

After the retention period, we securely delete or anonymize your information.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

Security Incident Response:

If we become aware of a security breach affecting your personal information, we will:

  • Investigate the incident promptly
  • Take steps to mitigate harm
  • Notify affected users as required by law
  • Report to relevant authorities if required

6. Your Rights and Choices

Depending on your location, you may have the following rights:

6.1 Access and Portability

You may request a copy of the personal information we hold about you. You can also export your data through the Service dashboard.

6.2 Correction

You may update or correct your Account information at any time through the Service dashboard or by contacting us.

6.3 Deletion

You may request deletion of your personal information by contacting us at [email protected] or through the Service dashboard. Note that we may retain certain information as required by law or for legitimate business purposes.

6.4 Objection and Restriction

You may object to or request restriction of certain processing of your information, such as marketing communications.

Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

6.6 Opt-Out of Marketing

You can opt out of marketing communications by:

  • Clicking “unsubscribe” in any marketing email
  • Updating your preferences in the Service dashboard
  • Contacting us at [email protected]

6.7 Do Not Track

Some browsers have a “Do Not Track” feature. We currently do not respond to Do Not Track signals, but you can control tracking through cookie settings.

To Exercise Your Rights:

Contact us at [email protected] with your request. We will respond within 30 days. We may need to verify your identity before processing your request.

7. International Data Transfers

We are based in the United States and process data in the United States and other countries where our service providers operate.

If you are located outside the United States, your information may be transferred to, stored, and processed in countries with different data protection laws than your country of residence.

For EU/EEA/UK Users:

We transfer data outside the EU/EEA/UK using appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent for specific transfers

8. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us at [email protected].

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected about you.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out

You have the right to opt out of the “sale” of your personal information. We do not sell personal information.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.5 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

CategoryExamplesCollected
IdentifiersName, email, IP addressYes
Customer RecordsBilling informationYes
Commercial InformationPurchase historyYes
Internet ActivityUsage data, browsing historyYes
GeolocationApproximate location from IPYes
Professional InformationOrganization name, roleYes
InferencesPreferences, interestsYes

To Exercise Your CCPA Rights:

Contact us at [email protected].

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

We process your personal data based on the following legal bases:

  • Contract: Processing necessary to provide the Service
  • Legitimate Interests: Improving the Service, security, marketing
  • Consent: Where you have given explicit consent
  • Legal Obligation: Compliance with laws and regulations

10.2 Your GDPR Rights

In addition to the rights listed in Section 6, you have the right to:

  • Lodge a complaint with your local data protection authority
  • Object to automated decision-making and profiling
  • Receive your data in a portable format

10.3 Data Protection Officer

For GDPR-related inquiries, contact:

Data Protection Officer
Email: [email protected]

10.4 EU Representative

Our EU representative can be contacted at:

Email: [email protected]

11. Telemetry and Analytics

11.1 Optional Telemetry

The Nexus OS CLI includes optional, opt-in telemetry to help us improve the Service. When enabled, we collect:

  • Command usage (which commands are run)
  • Error reports and crash logs
  • Performance metrics
  • Feature usage statistics

Telemetry does NOT collect:

  • Your Content or Agent configurations
  • Personal information
  • API keys or credentials
  • File contents

11.2 Opting Out

Telemetry is disabled by default. You can control telemetry settings:

# Disable telemetry
naos config set telemetry.enabled false

# Check telemetry status
naos config get telemetry.enabled

The Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access through the Service.

Key Third-Party Services:

ServicePurposePrivacy Policy
StripePaymentsstripe.com/privacy
CloudflareCDN, Edgecloudflare.com/privacypolicy
AXIS TrustAgent Verificationaxistrust.io/privacy

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the “Last Updated” date
  • Sending an email notification (for material changes)

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Nexus OS
Email: [email protected]
Support: [email protected]
Website: aiagents.nexus

For data protection inquiries in the EU:
Email: [email protected]

Back to Legal

By using the Service, you acknowledge that you have read and understood this document.