Privacy Policy

Nexorus LLC — Privacy Policy

Effective Date: October 29, 2025

Last updated: October 29, 2025

1) Introduction

Nexorus LLC (“Nexorus,” “we,” “us,” or “our”) provides AI-powered marketing solutions and related consulting services (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect Personal Data when you visit our websites, create an account, interact with our platform, or engage with our business.

If you do not agree with this Privacy Policy, please do not access or use the Services.

2) Who We Are & How To Contact Us

Nexorus LLC
2093 Philadelphia Pike, Claymont, DE 19703, USA
Privacy: privacy@nexorus.com
Support: support@nexorus.com

If you are located in the EEA/UK, you may also contact us regarding GDPR matters at privacy@nexorus.com. If we appoint an EU/UK representative or DPO, we will update this Policy.

3) Scope & Relationship To Other Terms

This Policy applies to Personal Data we process about:

  • Website visitors, prospects, clients, and their users
  • Individuals whose information may be contained in Client Data uploaded to or generated within the Services

Use of the Services is also governed by our Terms of Service and, where applicable, our Data Processing Addendum (DPA), which is incorporated by reference when executed with a Client.

4) Key Definitions

  • Personal Data / Personal Information: Information that identifies or relates to an identifiable individual.
  • Client Data: Data (which may include Personal Data) that a Client uploads to the Services or provides to us for processing (e.g., contact lists, creatives, analytics, prompts, instructions).
  • AI Outputs: Content generated by the Services based on inputs and Client Data (e.g., copy, audience insights, recommendations).
  • Controller / Processor (GDPR): Roles allocated in the DPA; generally, the Client is Controller and Nexorus is Processor for Client Data.
  • Sell / Share (CPRA): As defined under California law.

5) What We Collect

We collect Personal Data in three ways: (A) directly from you, (B) automatically, and (C) from third parties.

A. Data You Provide

  • Account & profile: name, company, role, email, phone, password, authentication details.
  • Billing: payment card details (processed by our payment processors), billing address, tax IDs.
  • Communications: emails, chat, support tickets, call recordings (where permitted), survey responses.
  • Client Data: contact lists, campaign configs, audience segments, creative assets, prompts/instructions.
  • Professional services: project specs, briefs, SOW artifacts.

B. Data Collected Automatically

  • Usage & device data: IP address, identifiers, browser/OS, settings, pages viewed, timestamps, feature usage, crash logs.
  • Cookies & similar tech: session cookies, analytics pixels, A/B testing identifiers, advertising identifiers (see Section 10).

C. Data From Third Parties

  • Integrations: ad platforms (e.g., Google, Meta, TikTok), CRMs, analytics, data providers (as enabled by you).
  • Public/partners: business contact data, firmographics, lead sources, referral programs.

We do not knowingly collect sensitive Personal Data unless explicitly required for a defined purpose and permitted by law (e.g., payment fraud checks). We do not knowingly collect information from children under 13 (see Section 16).

6) How We Use Personal Data (Purposes)

We use Personal Data to:

  1. Provide and operate the Services (accounts, authentication, processing Client Data, generating AI Outputs).
  2. Support & improve the Services (troubleshooting, analytics, security, quality assurance, training of systems using de-identified data).
  3. Personalize experiences (settings, content relevance, product recommendations).
  4. Billing & accounting (subscriptions, usage, fraud prevention).
  5. Communicate (service messages, security alerts, updates, and—with your consent or as allowed by law—marketing).
  6. Compliance & enforcement (terms enforcement, legal requests, regulatory obligations).
  7. Research & development (develop new features, models, and insights using de-identified/aggregated data).

7) Our Legal Bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, we rely on:

  • Performance of a contract (to deliver the Services to Clients).
  • Legitimate interests (to secure, improve, and promote our Services, provided interests are not overridden by your rights).
  • Consent (for certain cookies/marketing in applicable jurisdictions).
  • Legal obligation (to comply with laws, tax, accounting, security obligations).

8) Client Data, Roles, & AI

For Client Data, Nexorus generally acts as a Processor (or “Service Provider” under CPRA) and processes Client Data only per the Client’s instructions in the DPA and applicable agreement. Clients are responsible for:

  • Having a valid legal basis to process Client Data;
  • Providing required notices/consents to data subjects;
  • Managing data subject requests relating to Client Data.

AI Outputs: May contain errors, bias, or third-party content. Clients must review AI Outputs for accuracy and legal compliance before use.

9) Sharing & Disclosures

We may share Personal Data with:

  • Service providers/sub-processors: hosting, infrastructure, payments, analytics, communications, security, customer support.
  • Integration partners: as enabled by you (e.g., ad platforms, CRMs).
  • Professional advisors: auditors, accountants, lawyers (under confidentiality).
  • Affiliates/transaction parties: in connection with corporate restructuring, merger, or sale.
  • Legal & safety: to comply with law, enforce terms, protect rights, security, and safety.

We do not sell Personal Data for money. Under CPRA, certain analytics/advertising activities may be deemed “sharing” or “selling” for cross-context behavioral advertising. You may opt out (see Section 12).

10) Cookies & Similar Technologies

We use cookies, pixels, SDKs, and local storage to:

  • Remember settings and keep you logged in (Strictly Necessary)
  • Measure site performance and usage (Analytics)
  • Improve features and run experiments (Functionality)
  • Deliver/measure ads and retargeting (Advertising)

You can manage cookies in your browser and, where required, via our cookie banner. Some features may not function without certain cookies.

11) Data Retention

We retain Personal Data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Client Data is retained in accordance with the Client’s settings/instructions and our contract; upon termination, we will delete or de-identify Client Data within the timeframes described in our Terms/DPA, subject to legal retention requirements and routine backups.

12) Your Privacy Choices & Rights

Email/SMS Marketing. You can unsubscribe using the link in our emails/SMS or by contacting us.
Analytics/Ads. You can adjust cookie settings and use platform-level ad settings (e.g., Google Ad Settings, Meta Ad Preferences).
“Do Not Sell or Share” (California). If you are a California resident, you may opt out of “selling”/“sharing” by using our cookie banner or contacting privacy@nexorus.com. We honor Global Privacy Control (GPC) signals where required.
Access, Deletion, Correction, Portability. Depending on your location (e.g., EEA/UK/California/Virginia/Colorado/Connecticut), you may have rights to request access, deletion, correction, restriction, portability, or to object to certain processing.
Exercising Rights. Submit requests to privacy@nexorus.com. For identity verification, we may request reasonable information. If we process your data as a Processor for a Client, we may refer your request to that Client.

13) International Transfers

We process data in the United States and other countries where we and our providers operate. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses (SCCs) and supplementary measures). If we participate in any approved transfer frameworks, we will comply with their requirements and update this Policy accordingly.

14) Security

We employ administrative, technical, and physical safeguards designed to protect Personal Data (e.g., access controls, encryption in transit, logging/monitoring). No system is 100% secure; you are responsible for maintaining the confidentiality of your credentials and promptly notifying us of suspected unauthorized access.

15) Automated Decision-Making & Profiling

Our Services may use automated processing and profiling (e.g., lead scoring, audience segmentation, creative recommendations). Where required by law, we will provide meaningful information about the logic involved and the significance of such processing, and we will facilitate your rights related to automated decision-making.

16) Children’s Privacy

Our Services are not directed to children under 13 (or other age as defined by local law). We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data, contact us and we will take appropriate steps to delete it.

17) Third-Party Links & Services

Our websites and Services may link to third-party sites or integrate with third-party platforms. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

18) State-Specific Notices (U.S.)

California (CCPA/CPRA): We are a “business” for website visitor/prospect data and a “service provider” for Client Data processed on behalf of Clients.

  • Categories collected (past 12 months): identifiers, commercial information, internet activity, geolocation (approximate), inferences, professional data.
  • Sources: you, your device, integrations, data providers.
  • Purposes: as listed in Section 6.
  • Disclosures: service providers, integration partners (as enabled), advisors, affiliates, legal/safety.
  • Sensitive Personal Information: processed only for limited, necessary purposes (e.g., fraud prevention) and not for inferring characteristics.
  • Your rights: see Section 12. You may also authorize an agent to act for you. We will not discriminate for exercising rights.

Other U.S. states (e.g., VA, CO, CT, UT) grant similar rights; we honor them where applicable.

19) Changes To This Policy

We may update this Policy from time to time. Material changes will be posted on this page and, when appropriate, notified via email or the Services. Please review periodically. Your continued use of the Services after changes become effective signifies acceptance.

20) How To Reach Us

For questions or to exercise privacy rights, contact: privacy@nexorus.com
Postal: Nexorus LLC, 2093 Philadelphia Pike, Claymont, DE 19703, USA

21) Additional Disclosures For Clients (Processing On Your Behalf)

When we act as Processor/Service Provider for Client Data, our processing is governed by the applicable agreement and DPA. Among other things, we will:

  • Process Client Data only on documented instructions;
  • Implement appropriate security measures;
  • Assist with data subject requests and impact assessments as reasonably possible;
  • Maintain a list of sub-processors and provide notice of changes;
  • Delete or return Client Data at the end of the provision of Services, per the contract.

22) Summary Of Cookies (Illustrative)

  • Strictly Necessary: session management, authentication, security (cannot be disabled).
  • Functional: preferences, product tours, in-app guides.
  • Analytics: traffic sources, feature usage, performance metrics.
  • Advertising: ad delivery, frequency capping, retargeting (subject to your choices and applicable laws).

23) Nevada & “Do Not Track”

Nevada residents may submit “do not sell” requests to privacy@nexorus.com. Industry standards for Do Not Track (DNT) are not yet uniform; we do not respond to DNT signals but do honor GPC where required.

24) Complaints

If you believe we have not addressed your concerns, you may lodge a complaint with your local supervisory authority (e.g., an EEA Data Protection Authority or the UK ICO). We encourage you to contact us first so we can try to resolve your issue.

25) Non-Contractual Notice

This Privacy Policy is for transparency and compliance purposes and does not by itself create a contractual relationship with non-Clients. For Clients, the Terms of Service and any DPA govern our processing of Client Data.

26) Quick Reference (At-A-Glance)

  • Controller for website/prospect data: Nexorus LLC
  • Processor for Client Data: Nexorus LLC (per DPA)
  • Primary purposes: provide, secure, improve the Services; support; billing; compliance
  • Transfers: U.S. and global service locations with appropriate safeguards
  • Rights: access, delete, correct, opt-out (as applicable), GPC honored where required
  • Contact: privacy@nexorus.com