NexusCore

Privacy Policy

This policy explains what data NexusCore collects, how it is used, and your rights regarding that data. NexusCore is a multi-tenant resource management application available on web, iOS, and Android.

1. Data we collect

Account information

When you register, we collect your name, email address, and organization name. These are provided by you during sign-up and are used to create and identify your account.

Google Sign-In identity

NexusCore uses Google Sign-In exclusively (via Firebase Authentication). During sign-in, Google provides us with your email address, display name, and a unique Firebase user identifier (UID). We do not receive your Google password.

Asset and team data

Data you create within the app — including asset records, CSV imports, team member invitations (which include third-party email addresses), and audit log entries — is stored on our servers and associated with your organization.

Authentication tokens

A short-lived Firebase ID token (JWT) is attached to every request made to our servers. This token contains your UID and email and is used to verify your identity on each request. It is not stored separately.

2. How we use your data

  • To create and manage your account and organization
  • To authenticate you on every request and enforce role-based access control
  • To provide the core features of the app (asset management, team management, reporting)
  • To send team invitation emails on your behalf when you invite members
  • To maintain audit logs of changes made within your organization

We do not use your data for advertising, sell it to third parties, or use it for any purpose beyond operating and improving NexusCore.

3. Third-party services

Google / Firebase Authentication

We use Firebase Authentication for sign-in. Google receives your account identity (email, UID) as part of the OAuth and token-verification flow. Firebase is governed by Google's Privacy Policy.

Resend (transactional email)

When you invite a team member, we use Resend to deliver the invitation email. The recipient's email address is transmitted to Resend for this purpose only and is not stored by Resend beyond delivery.

Railway (hosting) & Neon (database)

Our API server runs on Railway and our database runs on Neon (PostgreSQL). All data you submit is stored in these services. Both are infrastructure providers and do not independently process your personal data for their own purposes.

4. Data retention

Your data is retained for as long as your account is active. When you delete your account, your user profile, organization (if you are the last member), all assets, invitations, and your Firebase Authentication record are permanently deleted immediately. Audit log entries that referenced your account are anonymised (your user ID is set to null) rather than deleted, to preserve traceability for other organization members.

5. Your rights

You may request access to, correction of, or deletion of your personal data at any time. To delete your account and all associated data, sign in to NexusCore, go to Settings, and select "Delete Account". For other requests or if you cannot access the app, email us at jakev.dev@gmail.com.

6. Security

All data in transit is encrypted via HTTPS/TLS. Authentication is handled by Firebase, which uses industry-standard OAuth 2.0. We do not store passwords. Access to organization data is enforced by role-based access control on every API endpoint.

7. Children's privacy

NexusCore is intended for business use and is not directed at children under 13. We do not knowingly collect personal information from children under 13.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date below reflects the most recent revision. Continued use of NexusCore after changes are posted constitutes acceptance of the updated policy.

Contact

If you have any questions about this privacy policy, contact us at jakev.dev@gmail.com.

NexusCore — jakevb8 — Last updated: March 2026