Nova · Privacy

Account data: email, name, company name, password hash (or SSO identifier).

Usage data: API requests, latency, cost, error rates, IP and user agent on admin actions.

Content data: prompts, generated code, uploaded files, project metadata.

Billing data (if applicable): processed by our payment provider; we receive only the last 4 digits, brand and expiry for receipts.

To deliver the Nova service: serve generations, store projects, persist chat history.

To operate the service: monitoring, cost control, abuse prevention, security forensics.

We do NOT use your prompts or generated code to train any model, ours or any third party's.

We do not sell or rent personal data.

Account data: kept for the lifetime of the account, deleted within 30 days of account closure.

Audit logs: 13 months by default (extendable for enterprise tenants under contract).

API event logs: 90 days.

Webhook delivery logs: 30 days.

Generated artefacts (projects, snippets): until you delete them, or 30 days after account closure.

Access, correct, port and delete your personal data via the in-product controls or by emailing privacy@vxera.ai.

EU/UK customers may exercise GDPR rights; CA customers may exercise CCPA rights. We will respond within 30 days.

If you believe we are processing your data unlawfully, you may complain to your local supervisory authority.

We use a minimal set of strictly-necessary cookies for authentication and CSRF protection.

We do not use third-party advertising cookies. Analytics is privacy-preserving and aggregated.

Data may be transferred to the United States. For EU customers we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.

Privacy: privacy@vxera.ai · Security: security@vxera.ai · DPO requests: dpo@vxera.ai.