Nextcraftai

Legal

Privacy Policy

We are committed to protecting your data while you orchestrate multiple generative AI providers through NextcraftAi.

Privacy Policy

Last Updated: January 2025

1. Overview

This Privacy Policy explains how NextcraftAi collects, uses, and protects information when you access our services. We are committed to protecting your privacy and ensuring the security of your personal data.

2. Data We Collect

2.1 Account Information

  • Personal Details: Name, email address, and authentication credentials
  • Profile Data: Account preferences and settings
  • Authentication Information: Login credentials and session data

2.2 Usage Metrics

  • API Usage Data: Aggregate request metadata including timestamps, endpoints accessed, and models used
  • Token Consumption: Token counts and usage patterns for billing and analytics
  • Performance Metrics: Latency data and request success rates
  • Device Information: IP addresses, browser type, and device identifiers

2.3 Billing Information

  • Payment Details: Processed securely through trusted third-party payment providers (Stripe, Razorpay)
  • Billing Address: Required for invoice generation and tax compliance
  • Transaction History: Records of payments, subscriptions, and invoices

2.4 Support Communications

  • Support Tickets: Communications with our support team
  • Feedback: User feedback and feature requests

3. How We Use Data

3.1 Service Provision

  • To authenticate users and secure API access
  • To process and route API requests to third-party AI providers
  • To manage subscriptions, billing, and invoicing
  • To provide customer support and respond to inquiries

3.2 Analytics and Improvement

  • To provide usage dashboards and analytics
  • To monitor service performance and reliability
  • To identify and resolve technical issues
  • To improve service features and user experience

3.3 Security and Compliance

  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations and regulatory requirements
  • To enforce our Terms of Service and Acceptable Use Policy

4. Data Sharing and Disclosure

4.1 Third-Party AI Providers

When you use our Service, your API requests are forwarded to third-party AI providers (Google, OpenAI, Anthropic, etc.). These providers process your requests according to their own privacy policies. We do not control how third-party providers handle your data.

4.2 Service Providers

We may share limited information with trusted service providers who assist in:

  • Payment processing (Stripe, Razorpay)
  • Infrastructure hosting and cloud services
  • Analytics and monitoring tools
  • Customer support platforms

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.5 We Do Not Sell Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

5.1 Security Measures

We employ industry-standard security measures to protect your data:

  • Encryption: All data in transit is encrypted using TLS (Transport Layer Security)
  • API Key Security: API keys are hashed at rest using secure cryptographic methods
  • Access Controls: Principle of least privilege with role-based access controls
  • Secret Management: Rotating secrets and secure credential storage
  • Monitoring: Continuous security monitoring and threat detection
  • Regular Audits: Security assessments and vulnerability testing

5.2 Your Responsibility

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Securing your API keys and not sharing them publicly
  • Using strong passwords and enabling two-factor authentication when available
  • Notifying us immediately of any suspected security breaches

6. Data Retention

6.1 Active Accounts

Account data is retained while your subscription is active and for a reasonable period afterward to comply with legal obligations and resolve disputes.

6.2 Deleted Accounts

Upon account deletion:

  • Personal data is purged within 30 days
  • Usage metadata may be retained in anonymized form for analytics
  • Billing records are retained as required by law (typically 7 years for tax purposes)
  • Legal obligations may require longer retention periods

6.3 Anonymized Data

We may retain anonymized, aggregated usage data indefinitely for analytics and service improvement purposes. This data cannot be used to identify individual users.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

  • Access your personal data through your account dashboard
  • Request a copy of your data in a portable format
  • Review your usage history and billing information

7.2 Correction and Deletion

You may:

  • Update your account information at any time through your dashboard
  • Request correction of inaccurate data
  • Request deletion of your account and associated data (subject to legal retention requirements)

7.3 Opt-Out and Preferences

You can:

  • Manage email notification preferences in your account settings
  • Opt out of marketing communications (service-related emails will still be sent)
  • Control data sharing preferences where applicable

7.4 Data Export

You may request a complete export of your data by contacting support at privacy@nextcraftai.com.

8. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including:

  • Standard contractual clauses
  • Adequacy decisions
  • Other legally recognized transfer mechanisms

9. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Authenticate users and maintain sessions
  • Analyze service usage and performance
  • Improve user experience

You can control cookie preferences through your browser settings. Note that disabling cookies may affect Service functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or through the Service
  • Update the "Last Updated" date at the top of this policy
  • Provide prominent notice of significant changes

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@nextcraftai.com
  • Support: support@nextcraftai.com
  • Website: https://nextcraftai.com/contact

13. Your Consent

By using NextcraftAi, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

We are committed to protecting your privacy and ensuring transparency in how we handle your data.