This Privacy Policy covers personal data Nexly handles as a controller for its own website, accounts, billing, support, and service operations. Analytics data collected from a customer’s property is primarily handled on that customer’s instructions and is described in the Data Policy and Data Processing Agreement.
Nexly does not sell personal data or use customer analytics data for third-party advertising.
Our roles
- Controller: account registration, authentication, profile, billing relationship, support messages, security monitoring, and analytics on nexly.to.
- Processor: analytics events and related property data collected for Nexly customers.
- Customer responsibility: customers decide which events and custom properties to collect and must provide required notices and consent choices to their visitors.
Account and service data
| Category | Examples | Purpose |
|---|---|---|
| Account | Email, password hash, verification state | Create and secure an account |
| Profile | Display name, avatar, locale preferences | Personalize the dashboard |
| Security | Passkeys, 2FA configuration, sessions, recovery-code hashes | Authenticate and prevent abuse |
| Workspace | Properties, team roles, invites, settings, API-token metadata | Provide collaboration and configuration |
| Billing | Polar customer and subscription identifiers, webhook records | Manage plans, invoices, and usage |
| AI Insights | Prompts, chat messages, tool results, model and token usage | Provide and account for AI features |
| Support | Messages and information you choose to provide | Respond to questions and resolve problems |
Visitors to nexly.to
The Nexly marketing site currently uses the Nexly analytics SDK with automatic pageview and engagement collection. The SDK creates a pseudonymous visitor identifier in localStorage and a session identifier so events can be associated with a browser and session.
Depending on your location, storing or reading analytics identifiers may require consent. Nexly does not claim that this use is exempt from consent requirements in every jurisdiction.
Why we process data
- Perform our contract by providing accounts, analytics, reports, billing, and support.
- Protect the service, detect abuse, investigate errors, and maintain reliability.
- Operate and improve Nexly where we have a legitimate interest that is not overridden by individual rights.
- Use consent where it is required for analytics storage or another optional activity.
- Comply with legal obligations and enforce our agreements.
Retention and deletion
We keep account information while an account is active and as needed for security, billing, dispute resolution, and legal obligations. Analytics retention is detailed in the Data Policy.
Account closure, access, correction, portability, objection, and deletion requests can be sent to mail@nexly.to. Requests are handled manually and may require identity verification. Verified deletion requests are completed within 30 days in active systems; residual copies may persist in backups for a limited period before being cycled out.
Your choices and rights
Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent where processing relies on consent.
If your request concerns analytics collected by a Nexly customer, contact that customer first because it controls the property and determines the purposes of collection. We will assist customers with valid requests as required by the DPA.
Changes and contact
We may update this Policy as the service and legal requirements change. Material updates will be communicated through a reasonable channel.
Privacy questions and requests can be sent to mail@nexly.to.
Last updated: July 10, 2026