Nuvex ("we," "us," or "our") operates the website nuvex.design and the Nuvex platform (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding your data.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account information: Email address and authentication credentials when you create an account. Passwords are transmitted securely to our authentication system and stored as protected hashes; we do not store or view plain-text passwords.
- Payment information: When you purchase credits or subscribe to a plan, payment is processed by a third-party payment processor. We do not store your credit card number, CVV, or full billing details on our servers.
- App content: App screenshots, app names, descriptions, and other details you provide to generate designs. This content is sent to our AI processing partner to produce your screenshot compositions.
- Communications: Any messages, feedback, or support requests you send to us.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, generation counts, credits consumed, timestamps, and interaction patterns.
- Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
- Analytics and session replay data: We may record masked product sessions, clicks, page views, errors, and performance information to debug issues and improve the Service. Form inputs such as passwords, payment fields, and email fields are masked in replays; signed-in sessions may be associated with your account email inside our internal analytics tools so support and debugging are easier.
- Cookies and similar technologies: We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. See Section 7 for details.
- Log data: Server logs that record requests to our Service, including IP address, request URL, timestamp, and response status.
1.3 Information from Third Parties
We may receive information from third-party sign-in services you connect to your account. We only receive the data those services are configured to share, typically limited to your email address and profile name.
2. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service, including AI-powered screenshot generation | Performance of contract |
| Process payments, manage credits, and handle subscriptions | Performance of contract |
| Send transactional emails (verification codes, receipts, account alerts) | Performance of contract |
| Respond to support requests and communications | Legitimate interest |
| Improve and optimize the Service (including AI output quality using anonymized data) | Legitimate interest |
| Detect fraud, abuse, and security incidents | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not sell your personal data. We do not use your uploaded app screenshots for marketing or advertising. Your uploaded content is used to provide, debug, secure, and improve the Service, including generating and editing your designs.
3. How We Share Your Information
We share your personal data only with the following categories of recipients:
- Payment processors: To process credit pack purchases and subscription payments securely. Your payment details are handled by the processor, not stored by Nuvex.
- AI processing providers: To process your screenshots, descriptions, and generation instructions so the Service can create screenshot design specifications and outputs.
- Authentication, database, hosting, and infrastructure providers: To manage accounts, sessions, stored projects, file storage, security, and delivery of the Service.
- Email providers: To deliver transactional emails such as verification codes, receipts, and account notifications.
- Analytics and session replay providers: To understand usage, diagnose bugs, measure performance, detect errors, and improve the product. We configure these tools to mask sensitive form inputs and avoid recording request bodies or authorization headers.
- Legal and regulatory authorities: When required by law, regulation, legal process, or governmental request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
We require all third-party service providers to process your data only on our instructions and in compliance with applicable data protection laws.
4. AI-Generated Content
When you use the Service, your app screenshots and descriptions are processed by AI to generate screenshot design compositions. Specifically:
- Your uploaded screenshots and app information are sent to our AI provider's API to produce design specifications (layout, typography, colors, headlines).
- We use AI providers and settings intended for API processing rather than model training on your individual uploads.
- All generated outputs are unique compositions created for your specific app — they are not templates.
- We do not intentionally use your individual uploads as a public dataset or marketing asset. Aggregated usage patterns and error trends may be used to improve reliability and output quality.
5. Data Retention
- Account data: Retained for as long as your account is active and as needed for security, support, legal, and operational purposes.
- Uploaded app screenshots: Retained as needed to provide project history, re-downloads, editing, support, abuse prevention, and account functionality unless you delete them or request deletion where available.
- Generated outputs: Retained as needed to provide project history, re-downloads, editing, support, abuse prevention, and account functionality unless you delete them or request deletion where available.
- Payment records: Retained for 7 years to comply with tax and accounting obligations.
- Log and diagnostic data: Retained as needed for debugging, security review, abuse prevention, compliance, and product reliability, then deleted, anonymized, or aggregated when no longer needed.
- Analytics and session replay data: Retained as needed for product analytics, debugging, fraud prevention, and security review, then deleted or aggregated when no longer needed.
- Credits and usage data: Retained for the lifetime of your account to maintain accurate balances and history.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise any of these rights, email us at [email protected] and we will respond within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) for all connections.
- Encrypted database and file storage where supported by our infrastructure providers.
- Access controls limiting data access to authorized personnel.
- Regular security reviews of our infrastructure and code.
- Secure payment processing through PCI-focused third-party payment infrastructure.
- Rate limiting and abuse detection on all authentication and API endpoints.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Cookies
We use the following types of cookies and local storage:
- Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
- Preference storage: We use browser localStorage to save your settings such as theme preference (light/dark mode) and onboarding state.
- Analytics and replay storage: Help us understand how users interact with the Service, debug errors, and improve reliability. Sensitive inputs are masked where replay tools are used.
We do not use advertising or tracking cookies. You can manage cookies through your browser settings.
9. International Data Transfers
The Service is hosted on servers located in Sweden (EU). Your data may also be processed by third-party providers in other jurisdictions (including the United States) as described in Section 3. Where we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms approved by applicable data protection authorities.
10. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it. If you believe a child has provided us with personal data, please email us at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: [email protected]
- Website: nuvex.design