Privacy Policy

1. Scope and roles

This Privacy Policy applies to Nuxa websites, product surfaces, APIs, and related services, including nuxa.ai and app.nuxa.ai (the “Service”).

Nuxa provides an AI operating system for restaurants. Depending on the context, Nuxa may act as a controller for website visitor, prospect, billing, and account-administration data, and as a processor or service provider for restaurant data that customers upload, connect, or instruct us to process through the Service.

2. Information we collect

• Account and contact data, such as name, email address, company, role, login credentials, and account preferences.
• Restaurant and business data, such as location details, menus, orders, reviews, loyalty, floor, KDS, cashbook, and related operational data that customers connect or upload.
• Integration data, such as tokens, account identifiers, and synced records from third-party platforms you authorize us to connect.
• Communications and content, such as questions, prompts, workflow instructions, support requests, attachments, and feedback.
• Technical and usage data, such as IP address, browser type, device information, pages or features used, timestamps, logs, and security events.
• Public web and business-profile data that we collect to power scans, monitoring, and cited analysis.

3. How we use information

• Provide, secure, maintain, and improve the Service.
• Authenticate users and manage accounts, permissions, and sessions.
• Run scans, compile restaurant intelligence, generate briefs, draft content, and support customer-requested workflows.
• Operate integrations and sync or retrieve data at your direction.
• Send transactional messages, service notices, and respond to support or sales inquiries.
• Detect abuse, prevent fraud, troubleshoot incidents, and enforce our agreements.
• Comply with legal obligations and protect our rights, users, and the public.

4. Legal bases for EEA, UK, and Swiss data

Where EU, UK, or Swiss privacy law applies, we process personal data under one or more of the following legal bases: performance of a contract, legitimate interests, consent, and compliance with legal obligations.

Our legitimate interests include securing the Service, improving reliability, preventing misuse, supporting customers, and operating the business in a proportionate way.

5. How we disclose information

• Service providers and infrastructure partners that help us host, authenticate, secure, support, or operate the Service. Our current public list is maintained at /subprocessors.
• Third-party platforms and integrations you connect or instruct us to use.
• Professional advisers, auditors, insurers, and transaction counterparties as reasonably necessary.
• Law enforcement, regulators, courts, or other parties when disclosure is required by law or reasonably necessary to protect rights, safety, or the Service.
• Affiliates or successors in connection with a merger, financing, acquisition, reorganization, or sale of assets.

6. International data transfers

Nuxa is based in the United States and may process information in the United States and other countries where Nuxa or its service providers operate.

When we transfer personal data subject to the GDPR or similar laws outside the originating region, we use appropriate safeguards as required by law, such as Standard Contractual Clauses, reliance on adequacy decisions where available, and comparable transfer mechanisms.

7. Retention

We retain personal data for as long as necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods vary by data type, customer configuration, contractual commitments, and operational needs. When data is no longer required, we delete it or de-identify it where reasonable.

8. Cookies, local storage, and similar technologies

We use cookies, local storage, and similar technologies for essential functions such as authentication, security, session continuity, and user preferences.

If we introduce non-essential analytics, advertising, or similar technologies in regions where consent is required, we will provide the required notice and choice before using them.

9. Your rights and choices

• Access, correct, delete, or export certain personal data, subject to applicable law and verification requirements.
• Object to or restrict certain processing, and withdraw consent where processing depends on consent.
• Opt out of marketing communications using the unsubscribe link or by contacting us.
• If Nuxa processes your data on behalf of a restaurant or other customer, we may direct your request to that customer because they control the relevant processing.

10. U.S. state privacy disclosures

Residents of certain U.S. states, including California, may have additional privacy rights under applicable law, such as rights to know, access, correct, delete, or obtain a portable copy of personal information, and rights to appeal certain decisions.

Nuxa does not describe itself here as selling personal information or using customer data for cross-context behavioral advertising. If that changes, we will update this Policy and provide any required notices or opt-out mechanisms.

11. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system is perfectly secure, and you should also use appropriate safeguards such as strong passwords, access controls, and secure integration practices.

12. Children

The Service is intended for businesses and their authorized personnel, not for children. We do not knowingly collect personal data from children in a manner requiring parental consent under applicable law.

13. Changes and contact

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and adjust the effective date above.

For privacy requests, complaints, DPA requests, or transfer questions, contact us at hello@nuxa.ai.