Privacy Policy

NexGen AI Advisors LLC ("NexGen," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Services").

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password (hashed), company name, job title, and industry when you create an account
• Profile Information: Additional details you choose to provide such as company size, AI maturity level, and business goals
• Assessment Responses: Your answers to AI readiness assessments, governance evaluations, and other diagnostic tools
• Chat Conversations: Messages you send to our AI advisor chat, concierge, and any human advisory interactions
• Payment Information: Billing address and payment method details (processed and stored by Stripe; we do not store full card numbers)
• Booking Information: Consultation preferences, availability, and meeting notes
• Communications: Emails, support requests, feedback, and contact form submissions

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, assessment completion rates, time spent on pages, and navigation patterns
• Device Information: Browser type, operating system, device type, screen resolution, and language preferences
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies and Similar Technologies: See our Cookie Policy for details

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services
• Process and analyze your assessment responses to generate personalized recommendations
• Power AI advisory features (chat, roadmap generation, ROI calculations)
• Match you with relevant partners, tools, and experts
• Process payments and manage subscriptions
• Send transactional emails (account confirmations, password resets, booking confirmations)
• Send marketing communications (only with your consent; you may opt out at any time)
• Monitor and analyze usage trends to improve the Platform
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations
• Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract Performance: Processing necessary to provide the Services you have requested (account creation, assessments, AI advisory, bookings)
• Legitimate Interests: Processing necessary for our legitimate interests, including improving the Services, fraud prevention, and security (where not overridden by your rights)
• Consent: Processing based on your explicit consent (marketing communications, optional analytics cookies)
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal data. We never have and never will.

We may share your information with the following categories of third parties, solely for the purposes described:

• Supabase (Database Provider): Stores your account data, assessment responses, chat history, and platform data securely with encryption at rest and in transit
• Anthropic (AI Provider): Processes your chat messages and assessment data to generate AI responses. Anthropic does not use your data to train their models when accessed via their API
• Stripe (Payment Processor): Processes subscription payments. Stripe is PCI DSS Level 1 compliant
• Resend (Email Provider): Sends transactional and marketing emails on our behalf
• Vercel (Hosting Provider): Hosts the Platform and processes HTTP requests

We may also disclose your information:

• To comply with legal obligations, court orders, or governmental requests
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (with prior notice)

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Assessment Data: Retained while your account is active; deleted upon account deletion
• Chat Conversations: Retained for 12 months from creation, then automatically purged
• Payment Records: Retained for 7 years as required by tax and accounting regulations
• Usage/Analytics Data: Retained in anonymized/aggregated form indefinitely for service improvement
• Support Communications: Retained for 3 years after resolution

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 GDPR Rights (EEA/UK/Switzerland)

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format (JSON)
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

6.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell personal information. If this ever changes, we will provide a "Do Not Sell My Personal Information" link
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us at privacy@nexgen-ai.com or use the data export and account deletion features in your account security settings. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. Cookies

We use cookies and similar technologies to operate and improve our Services. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

8. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. If you are located in the EEA, UK, or Switzerland, we ensure that such transfers are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Data processing agreements with all third-party processors

9. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@nexgen-ai.com.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Password hashing using bcrypt with salting
• Role-based access controls and the principle of least privilege
• Row-level security on all database tables
• Regular security audits and vulnerability assessments
• Secure session management with httpOnly cookies
• PCI DSS compliant payment processing (via Stripe)

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and, where required, sending you an email notification at least 30 days before the changes take effect. Your continued use of the Services after such notice constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.