Nexma
Login
Nexma

Legal

Privacy Policy

Last updated: 7 June 2026

This Privacy Policy explains how Nexma, Inc. ("Nexma," "we," "us," or "our") collects, uses, discloses, and safeguards personal data when you use the Nexma platform, our websites, and related services (together, the "Services"). We are committed to handling your information responsibly and transparently.

Scope and Who We Are

This policy applies to personal data we process about visitors to our websites, users of the Services, and individuals who interact with us in a business capacity. Nexma, Inc. is the controller of personal data processed in connection with our own activities described here.

Where we process personal data on behalf of a customer as part of providing the Services, the customer is the controller and we act as a processor under that customer's instructions. In those cases, the customer's own privacy notice and our Data Processing Agreement govern that processing.

By using the Services, you acknowledge the practices described in this policy. If you do not agree with this policy, please do not use the Services.

Information We Collect

We collect personal data from several sources, described below.

Information you provide directly

We collect information you give us when you use the Services or communicate with us, including:

  • Account and registration details, such as your name, email address, organization, and role;
  • Project, configuration, and content you create or upload within the platform;
  • Billing and payment information, processed through our payment providers;
  • Information in your communications with us, including support requests and feedback;
  • Records of your support and service interactions with our team.

Information from third parties

We may receive information about you from third parties, including:

  • Single sign-on and identity providers you use to authenticate;
  • Resellers, partners, and referral sources that introduce you to us;
  • Publicly available sources and databases, where lawful.

Information collected automatically

When you use the Services, we automatically collect certain technical information, including:

  • Usage data, such as features used and actions taken in the platform;
  • Device and browser information, including IP address and identifiers;
  • Cookies and similar technologies, as described in our Cookie Policy;
  • Log data, including access times, pages viewed, and error reports;
  • Analytics about how you and others interact with the Services.

Spatial and project data

Because Nexma is a spatial intelligence platform, the Services may process spatial and project data you provide or generate, including:

  • Designs, plans, and project artifacts you create in the platform;
  • Geospatial coordinates and location data associated with your projects;
  • Site, asset, and facility data you upload or connect;
  • Terrain, imagery, and environmental data used in analysis;
  • Infrastructure and asset information within your workspaces.

AI interaction data

When you use our AI features, we process data related to those interactions, including:

  • Prompts, conversations, and instructions you provide to our AI assistant;
  • Voice inputs, where you choose to use voice features;
  • Outputs generated by the AI in response to your requests;
  • Parameters and configurations used to run analyses and optimizations.

How We Use Your Information

We use personal data to operate and improve the Services and to support our business, including to:

  • Provide, maintain, secure, and improve the Services;
  • Process your project and spatial data to deliver platform functionality;
  • Operate AI features and generate the outputs you request;
  • Communicate with you, including service, technical, and support messages;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our agreements;
  • Understand how the Services are used and develop new features;
  • Send you marketing communications where permitted, which you can opt out of at any time.

We do not use customer project data to make decisions about you without appropriate human involvement where such decisions would have legal or similarly significant effects.

How We Share Information

We share personal data only as described in this policy, including with:

  • Service providersvendors who process data on our behalf under contract, such as hosting, payment, analytics, and AI infrastructure providers.
  • Legal and safetyauthorities or others where required by law, to protect rights and safety, or to respond to lawful requests.
  • Business transfersin connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
  • Aggregated or de-identified datainformation that cannot reasonably be used to identify you, which we may share for analytics and other purposes.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising as those terms are defined under applicable law.

AI-Specific Data Practices

We apply specific commitments to how data is handled in connection with our AI features.

Use of data for model training

We do not use customer content — including your project data, spatial data, and AI interaction data within the platform — to train foundation models for other customers without your instruction or consent.

We may use aggregated or de-identified data, and operational data that does not identify you, to evaluate and improve the quality and safety of the Services.

AI outputs

AI-generated outputs are produced to assist you and may be inaccurate or incomplete. You remain responsible for reviewing outputs before relying on them, and consequential decisions should involve appropriate human judgment.

Third-party AI providers

We use third-party AI infrastructure providers to deliver certain AI features. These providers process data under contractual terms that restrict their use of it to providing services to us, and they are not permitted to use your content to train their general models.

Voice features

Where you use voice features, audio inputs are processed to transcribe and act on your request. We do not retain voice recordings longer than necessary to provide the feature and meet our legal obligations.

International Data Transfers

We operate internationally, and your personal data may be processed in countries other than the one in which you are located, including the United States.

These countries may have data-protection laws that differ from those in your jurisdiction. Where we transfer personal data internationally, we put appropriate safeguards in place.

For transfers from the EEA, UK, and Switzerland, we rely on mechanisms such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures where appropriate.

You may contact us to obtain more information about the safeguards we use for international transfers.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law. The periods below are indicative and may vary based on legal and operational needs.

Data categoryRetention period
Account dataFor the duration of your account, then deleted or anonymized.
Project and spatial dataFor the duration of your account, subject to customer agreement and export.
AI interaction dataRetained for a limited period to provide and improve the feature, then deleted.
Log and security dataTypically up to 12 months, unless needed for security or legal reasons.
Marketing dataUntil you opt out or after a period of inactivity.
Post-terminationDeleted or anonymized after a defined wind-down period, subject to legal holds.

When data is no longer required, we delete or anonymize it using appropriate measures.

Security

We implement technical and organizational measures designed to protect personal data, including:

  • Encryptionencryption of data in transit and at rest using industry-standard protocols.
  • Access controlsleast-privilege access, authentication, and authorization controls.
  • Audit logginglogging and monitoring of access to systems and data.
  • Incident responseprocesses to detect, investigate, and respond to security incidents.
  • Infrastructure securityhardened, regularly patched infrastructure operated with reputable providers.

No method of transmission or storage is completely secure. While we work to protect your data, we cannot guarantee its absolute security.

Your Rights and Choices

Depending on where you live, you may have rights over your personal data. We honor these rights as required by applicable law.

All users

Regardless of location, you can generally ask us to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Delete your personal data, subject to legal limits;
  • Receive a copy of certain data in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at legal@nexma.ai

EEA and UK residents (GDPR / UK GDPR)

If you are in the EEA or UK, you have the following rights:

  • The right to be informed about how your data is used;
  • The right of access to your personal data;
  • The right to rectification of inaccurate data;
  • The right to erasure ("right to be forgotten");
  • The right to restrict processing;
  • The right to data portability;
  • The right to object to processing, including direct marketing;
  • The right not to be subject to solely automated decisions with legal or similarly significant effects;
  • The right to lodge a complaint with a supervisory authority.

You may lodge a complaint with your local data-protection authority, though we encourage you to contact us first so we can address your concerns.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose;
  • Request deletion of your personal information;
  • Opt out of any sale or sharing of personal information;
  • Correct inaccurate personal information;
  • Limit the use of sensitive personal information;
  • Not be discriminated against for exercising your rights.

As noted above, we do not sell or share personal information as those terms are defined under California law.

We will verify your request using the information associated with your account before responding, and you may use an authorized agent where permitted.

Israeli residents

If you are in Israel, you have rights under the Protection of Privacy Law, including:

  • The right to access personal data we hold about you;
  • The right to request correction of inaccurate data;
  • The right to request deletion of data in certain circumstances;
  • The benefit of our obligations to secure personal data under applicable regulations.

Other jurisdictions

Residents of other jurisdictions may have additional rights, including under:

  • Brazil (LGPD)rights of access, correction, deletion, portability, and information about sharing.
  • Australia (Privacy Act)rights to access and correct personal information held about you.
  • South Korea (PIPA)rights to access, correct, delete, and suspend processing of your data.

Do-Not-Track Signals

Some browsers offer a "Do Not Track" signal. Because there is no common industry standard for interpreting these signals, we do not currently respond to them. You can manage cookies and tracking technologies through your browser settings and our cookie controls.

Children's Privacy

Children under 13

The Services are not directed to children under 13, and we do not knowingly collect personal data from them. If we learn that we have collected such data, we will delete it.

Minors under 18

The Services are intended for business use by adults. We do not knowingly collect personal data from individuals under 18 outside of a business context, and minors should not use the Services without appropriate authorization.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, you can reach us at:

By email: legal@nexma.ai

By mail: Nexma, Inc., Attn: Legal Department.