Nexora
Upgrade

Beta: Nexora is in beta—an independent project in development, based in Lille, France. These pages describe how the service works today and may change as the product evolves. They are not legal advice.

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Nexora (the "Service") processes personal data when you visit our website, create an account, or use our features. Nexora is in beta as an independent project currently in development, based in Lille, France. Who publishes the Service is described in our Legal Notice. We aim to follow the EU General Data Protection Regulation (GDPR) and applicable law where they apply.

Data controller

Controller: Amira M. (independent project — Nexora).
Location: Lille, France
Contact (including privacy): contact@nexoragoals.com
EU representative: Not applicable at this stage (single natural person controller).

How we use your data

We use your data only to run and improve Nexora: sign-in, storing your goals and tasks, generating plans when you use AI features, understanding product usage, and handling subscription status when relevant. Your information is stored with providers that apply strong security practices (including encryption in transit and access controls). We do not sell your personal data. We do not share it for third-party marketing lists.

1. Data we process

Depending on how you use Nexora, we may process the following categories:

  • Email address
  • Account information (identifiers, profile and security-related data)
  • Goals and related content you create
  • Tasks and related content you create
  • AI-generated plans and related outputs
  • Usage data (for example analytics events and technical logs)
  • Subscription status (including metadata from payment testing)
  • Feedback you choose to send us

Account and authentication

When you sign up or sign in, we process your email, account identifiers, session and security-related data, and data you add to your profile as applicable. Authentication and the application database are provided by Supabase (Supabase Inc. and its subprocessors), acting on our instructions.

Goals, tasks, and AI-generated plans

Content you enter—goals, tasks, deadlines, check-ins, and similar—is stored so the Service can display and sync your workspace. When you use AI-assisted features, we send relevant input to OpenAI to generate plans and related text; outputs are stored in your account.

Payments (beta)

Nexora is in beta. No real payments are processed. We may use Stripe in test mode only to exercise payment flows. When live billing exists, Stripe would process payment details; we do not intend to store full card numbers on our own infrastructure.

Usage, analytics, and support

We process usage and technical data (for example IP address, browser type, timestamps) and product analytics through PostHog. We process messages and feedback you send us for support or product improvement.

2. Purposes and legal bases (GDPR)

  • Contract (Art. 6(1)(b)): running the Service, authentication, syncing goals and tasks, AI features you request, and subscription-related data where applicable.
  • Legitimate interests (Art. 6(1)(f)): security, abuse prevention, reliability, and limited analytics, balanced against your rights.
  • Legal obligation (Art. 6(1)(c)): compliance with tax, accounting, or regulatory requests where applicable.
  • Consent (Art. 6(1)(a)): where we rely on consent (for example certain cookies or marketing), we will ask separately and you may withdraw consent.

3. Subprocessors and international transfers

Processing may involve:

  • Supabase — authentication and database.
  • OpenAI — AI plan generation from prompts you submit.
  • Stripe — payment flow testing (test mode during beta).
  • PostHog — analytics.
  • Vercel Inc. — hosting (340 S Lemon Ave #4133, Walnut, CA 91789, USA; vercel.com).
  • OVHcloud — domain and email (2 rue Kellermann, 59100 Roubaix, France; ovhcloud.com).

Providers may process data in the United States, the European Union, or other countries. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and measures described in providers' documentation.

4. Retention

We retain personal data while your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal obligations. Billing-related records may be kept longer where the law requires.

5. Your rights

Under applicable law, you may have the right to access, correct, delete, restrict, or object to certain processing, and to data portability. You may complain to a supervisory authority (for example the CNIL in France). To request access to your data, a copy, correction, or deletion, email contact@nexoragoals.com. We will respond in line with applicable deadlines. You can also use the contact details in the Legal Notice.

6. Security

We use technical and organizational measures suited to the risk, including encryption in transit, access controls, and providers with strong security practices. No online service is completely risk-free.

7. Children

Nexora is not directed at children under 16 (or the minimum age in your country). We do not knowingly collect personal data from children.

8. Changes

We may update this Policy and will change the "Last updated" date. Material changes will be communicated through the Service or by email where appropriate.