Nexly
Legal

Privacy Policy

How Nexly handles information about account holders, website visitors, and support contacts.

This Privacy Policy covers personal data Nexly handles as a controller for its own website, accounts, billing, support, and service operations. Analytics data collected from a customer’s property is primarily handled on that customer’s instructions and is described in the Data Policy and Data Processing Agreement.

Nexly does not sell personal data or use customer analytics data for third-party advertising.

Our roles

  • Controller: account registration, authentication, profile, billing relationship, support messages, security monitoring, and analytics on nexly.to.
  • Processor: analytics events and related property data collected for Nexly customers.
  • Customer responsibility: customers decide which events and custom properties to collect and must provide required notices and consent choices to their visitors.

Account and service data

CategoryExamplesPurpose
AccountEmail, password hash, verification stateCreate and secure an account
ProfileDisplay name, avatar, locale preferencesPersonalize the dashboard
SecurityPasskeys, 2FA configuration, sessions, recovery-code hashesAuthenticate and prevent abuse
WorkspaceProperties, team roles, invites, settings, API-token metadataProvide collaboration and configuration
BillingPolar customer and subscription identifiers, webhook recordsManage plans, invoices, and usage
AI InsightsPrompts, chat messages, tool results, model and token usageProvide and account for AI features
SupportMessages and information you choose to provideRespond to questions and resolve problems

Visitors to nexly.to

The Nexly marketing site currently uses the Nexly analytics SDK with automatic pageview and engagement collection. The SDK creates a pseudonymous visitor identifier in localStorage and a session identifier so events can be associated with a browser and session.

Depending on your location, storing or reading analytics identifiers may require consent. Nexly does not claim that this use is exempt from consent requirements in every jurisdiction.

Cookies and device storage

  • The analytics SDK does not use cookies, but it does use localStorage or equivalent device storage for pseudonymous visitor and session identifiers.
  • The Nexly dashboard uses an HttpOnly, SameSite=Lax session cookie needed to keep an authenticated user signed in.
  • The dashboard also uses localStorage for interface preferences such as theme, timezone, sorting, and dismissed notices.

Why we process data

  • Perform our contract by providing accounts, analytics, reports, billing, and support.
  • Protect the service, detect abuse, investigate errors, and maintain reliability.
  • Operate and improve Nexly where we have a legitimate interest that is not overridden by individual rights.
  • Use consent where it is required for analytics storage or another optional activity.
  • Comply with legal obligations and enforce our agreements.

Service providers and international transfers

We share data only with providers needed to operate the service or when required by law. The current provider list is published on the Subprocessors page.

Nexly's primary backend deployment is hosted by Railway in the Netherlands, transactional email is provided by Resend in Ireland, and object storage is configured with Cloudflare's Eastern Europe location hint. Cloudflare edge delivery and other providers, including AI model, monitoring, billing, and frontend hosting providers, may process limited data in additional countries under their own infrastructure and contractual safeguards.

Retention and deletion

We keep account information while an account is active and as needed for security, billing, dispute resolution, and legal obligations. Analytics retention is detailed in the Data Policy.

Account closure, access, correction, portability, objection, and deletion requests can be sent to mail@nexly.to. Requests are handled manually and may require identity verification. Verified deletion requests are completed within 30 days in active systems; residual copies may persist in backups for a limited period before being cycled out.

Your choices and rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent where processing relies on consent.

If your request concerns analytics collected by a Nexly customer, contact that customer first because it controls the property and determines the purposes of collection. We will assist customers with valid requests as required by the DPA.

Changes and contact

We may update this Policy as the service and legal requirements change. Material updates will be communicated through a reasonable channel.

Privacy questions and requests can be sent to mail@nexly.to.

Questions about this document can be sent to mail@nexly.to.

Last updated: July 10, 2026