Nexmax AI

Privacy Policy

Effective date: April 6, 2026

1. Overview

Nexmax AI ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data when you use nexmaxai.com.

2. Data We Collect

Account Data

  • Email address — used for authentication and transactional emails (e.g. verification codes).
  • Password — stored as a secure hash via Supabase Auth. We never store or transmit plaintext passwords.

Google Ads Data

  • Google Ads Customer ID
  • OAuth refresh token — used to authenticate API calls on your behalf.
  • Campaign performance data: campaign name, type, status, impressions, clicks, spend, conversions, ROAS, CPC, and optimisation score.

Shopify Data

  • Shop name and OAuth access token.
  • Order data: order ID, date, product, quantity, revenue, and attribution identifiers (GCLID, UTM source/medium/campaign).
  • Product catalogue: product name, Shopify product ID, price, and category.

Derived / Processed Data

  • Sales attribution records linking orders to ad campaigns.
  • ML model inputs (daily sales quantities per product) and outputs (demand forecasts).
  • Campaign version history and change logs generated during syncs.

3. How We Use Your Data

  • To authenticate you and provide access to the Service.
  • To display your campaign and sales performance in your dashboard.
  • To attribute Shopify sales to Google Ads campaigns via GCLID and UTM matching.
  • To generate demand forecasts and budget optimisation recommendations.
  • To send transactional emails (email verification, account notices).
  • To run automated background sync jobs on your connected accounts.

We do not sell your data. We do not use your data to train generalised AI models shared across users. Your data is used solely to operate the Service for your account.

4. Data Storage and Security

  • Data is stored in Supabase (PostgreSQL) hosted in a secure cloud environment.
  • All data in transit is encrypted via HTTPS/TLS.
  • OAuth tokens (Google Ads, Shopify) are stored in the database with row-level security — only you can access your own credentials.
  • Passwords are hashed using industry-standard algorithms and are never readable by us.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — database and authentication.
  • Google Ads API — campaign data access.
  • Shopify API — order and product data access.
  • Gmail / SMTP — transactional email delivery.
  • Amazon Web Services (EC2) — application hosting.

Each third-party service has its own privacy policy and data handling practices. We are not responsible for their policies.

6. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and all associated data.
  • Revoke integrations — disconnect Google Ads or Shopify at any time via your account settings. Revoking access stops future syncs but does not immediately delete already-synced data unless you request account deletion.

To exercise any of these rights, contact us at pathunguyen@nexmaxai.com.

8. Cookies

We use HTTP-only cookies solely for session management (storing your authentication token after login). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email or via an in-app notice when material changes are made.

10. Contact

Questions or concerns about this policy? Contact us at pathunguyen@nexmaxai.com.

© 2026 Nexmax AI. All rights reserved.
Terms of ServiceSign In