Privacy Policy

Last updated: June 30, 2026 · Effective date: June 30, 2026

Nexivo LLC ("Nexivo", "we", "us", "our") is a software company headquartered in Columbus, Ohio. We operate Nexivo AI, a spec-driven software development platform that turns plain-English ideas into engineering-grade artifacts. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with and the choices you have. It applies to nexivollc.com, the Nexivo AI platform and any related services we operate (collectively, the "Services").

We wrote this policy in plain English because we wanted any customer — not just a lawyer — to be able to read it and understand exactly what happens to their data. If anything here is unclear, please contact us at contact@nexivollc.com.

1. Who we are

The data controller for personal data processed through the Services is Nexivo LLC, 2025 Riverside Drive, Columbus, OH 43221, United States. For EU/UK data subjects, you can contact us at the same address or by email at contact@nexivollc.com.

2. Personal data we collect

We collect only the data we need to operate the Services, and we try to collect as little as possible. The categories below cover everything Nexivo collects today.

Account data

When you receive a passcode or create an account, we collect your name, email address, organization and role. If you upgrade to a paid plan we also collect billing contact information processed by our payment processor; we do not store full card numbers ourselves.

Customer content

When you use the platform, we collect the prompts you submit and the artifacts generated for you (constitution, specification, architecture plan and developer tasks). This content is your data — you retain ownership of it and we process it only to deliver the Services.

Usage telemetry

We collect standard product telemetry: pages visited, features used, pipeline runs, exports performed, browser type, device type and approximate location derived from IP. This data helps us improve performance and reliability.

Support communications

When you contact us, we keep a record of the conversation so we can respond and improve our support workflows.

3. How we use personal data

We use the categories above to: (i) provide, secure and improve the Services; (ii) authenticate users and prevent abuse; (iii) bill and administer paid plans; (iv) communicate operationally about the Services (incidents, security advisories, material policy changes); and (v) comply with legal obligations.

We do not sell personal data. We do not share personal data with advertising networks. We do not use customer prompts or generated artifacts to train AI models — neither ours nor any third party's.

4. Legal bases for processing (GDPR)

Where the GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Services you signed up for), legitimate interests (to secure and improve the platform), consent (where required, for example for non-essential analytics) and legal obligation (to comply with applicable law). You may withdraw consent at any time by contacting us.

5. How we share data

We share personal data only with a small set of trusted sub-processors who help us run the Services — cloud hosting, payment processing, transactional email and customer support tooling. Each sub-processor is bound by a written agreement that requires them to protect personal data and use it only on our instructions. Our current sub-processor list is available on request from contact@nexivollc.com.

We may disclose personal data if required to do so by law, court order or regulatory request, or to protect the rights, property or safety of Nexivo, our customers or others. We will challenge overbroad requests and notify affected customers wherever we are legally permitted to do so.

6. International transfers

Nexivo is based in the United States and the Services are hosted in U.S. regions. Where personal data is transferred from the EU/UK to the United States, we rely on Standard Contractual Clauses and supplementary safeguards as required by applicable law.

7. Data retention

We retain account data and customer content for as long as your account is active and for up to 30 days after account closure, after which it is permanently deleted from production systems and removed from backups within the documented backup retention window. Usage telemetry is retained in aggregated form for up to 24 months. We may retain limited records longer where required to comply with legal, accounting or security obligations.

8. Security

We protect personal data using industry-standard administrative, technical and physical safeguards, including TLS 1.3 in transit, AES-256 at rest, hardware-key MFA for administrative access, row-level security in the database and continuous monitoring. See our Security page for a full description.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to the processing of your personal data, the right to data portability, and the right to lodge a complaint with a supervisory authority. California residents have the rights set out in the CCPA, including the right to know, the right to delete and the right to opt out of sale (we do not sell personal data). To exercise any of these rights, email contact@nexivollc.com — we respond within 30 days.

10. Children

Nexivo is a business tool. The Services are not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify customers by email and update the "Last updated" date at the top of this page at least 30 days before the changes take effect.

12. Contact us

For any privacy question or to exercise your rights, write to Nexivo LLC, 2025 Riverside Drive, Columbus, OH 43221, United States, or email contact@nexivollc.com.