Back to NEXA
NEXA Privacy Policy
Last updated: April 19, 2026
This Privacy Policy describes how NEXA ("we", "our", "us") collects, uses, stores, and protects information when you use the NEXA mobile application (the "App"). NEXA is operated by its publisher (contact details below). By using the App you agree to this Policy.
1. Information We Collect
1.1 Information you provide directly
- Account information. When you sign in with Apple or Google, we receive your email address and display name. If you use Sign in with Apple with the "Hide My Email" option, we receive a private relay email.
- Profile information. Optional profile photo, username, job title, company, and short bio that you choose to add.
- Scanned business-card data. When you scan a business card, we extract and store the text on the card — name, job title, company, phone numbers, email addresses, physical address, website, and any QR-link content present on the card.
- Your content. Voice notes, text notes, reaction tags, folder labels, and follow-up reminders that you attach to contacts.
1.2 Device permissions we request
We only access device capabilities that you explicitly grant:
- Camera. Used solely to capture images of business cards for on-device OCR. No video is recorded. You can deny or revoke camera access in iOS Settings at any time.
- Microphone. Used only when you tap "Record voice note" to attach an audio note to a contact. Audio is captured only while recording is active.
- Photo Library. Only accessed if you choose to import an existing card image from your library; we never read photos you do not explicitly select.
- Notifications. Used to deliver follow-up reminders you schedule. You can disable notifications at any time in iOS Settings.
1.3 Information we do NOT collect
- We do not collect location data.
- We do not collect contacts from your address book.
- We do not use advertising identifiers (IDFA) and do not track you across apps or websites owned by other companies.
- We do not collect health, financial, biometric, or payment information.
- We do not sell your personal information to anyone.
2. How We Use Your Information
- To provide the core service: scanning, storing, organizing, and syncing business-card contacts across your devices signed into the same account.
- To run text extraction (OCR) on the images you capture. OCR runs on-device using Apple's Vision framework; the resulting text is stored in your account.
- To deliver follow-up reminders you schedule.
- To enable optional connection and sharing features between NEXA users that you initiate.
- To diagnose crashes, fix bugs, and improve reliability.
- To comply with legal obligations and enforce our Terms of Service.
3. Third-Party Service Providers
We use the following sub-processors strictly to operate the App. Each provider is contractually obligated to protect your data at a level at least equivalent to this Policy:
- Supabase — managed Postgres database, authentication, storage, and edge functions. Data encrypted in transit (TLS) and at rest.
- Sign in with Apple — authentication only. Apple shares your email/name per your consent in the sign-in sheet.
- Google Sign-In — authentication only. Google shares your name, email, and profile photo per your consent.
- Apple Vision framework — on-device OCR. Card images do not leave your device for text extraction.
We do not use third-party analytics, advertising SDKs, or tracking SDKs.
4. Data Storage, Security, and Location
Your data is stored on Supabase cloud infrastructure. Row-level security ensures you can only read and write data belonging to your own account. Data is encrypted in transit (TLS 1.2+) and at rest. We use short-lived JWT sessions and follow current industry best practices for access control.
Data may be processed on servers located outside your country of residence. By using the App, you consent to this transfer.
5. Data Retention
- Contacts and notes remain stored while your account is active.
- Contacts you delete are moved to a Trash folder and permanently deleted after 30 days.
- Original card photos used for OCR are retained only as long as needed to display the card thumbnail; you may delete them at any time.
- Diagnostic/crash logs are retained for up to 90 days.
6. Your Rights and Choices
You have the following rights, exercisable at any time:
- Access. All your data is visible inside the App.
- Export. Use the CSV export feature in Settings to download your contacts.
- Correction. Edit any contact's fields directly in the App.
- Deletion of individual items. Delete any contact, note, or voice recording from the contact detail screen.
- Revocation of consent. Revoke camera, microphone, photo-library, or notification permissions at any time via iOS Settings.
- Account deletion. See section 7 below.
7. Account Deletion
You can permanently delete your NEXA account and all associated data from inside the App:
- Open Settings in the App.
- Scroll to Delete Account.
- Confirm the action.
Your account, all contacts, notes, voice recordings, reminders, and profile data will be permanently removed within 30 days. If you prefer to request deletion by email, write to jad@eleven22spx.com from your account email and we will complete the deletion within 30 days.
8. Children's Privacy
NEXA is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or for legal reasons. Material changes will be communicated in-app or by email before they take effect. The "Last updated" date at the top reflects the effective date of the current version.
10. Tracking Disclosure (Apple App Tracking Transparency)
NEXA does not track you across apps and websites owned by other companies and does not request App Tracking Transparency permission.
11. Contact
For questions, data requests, or deletion requests, contact:
Email: jad@eleven22spx.com