Nexoraa

Legal

Privacy Policy

Effective date: May 1, 2026 · Last updated: May 1, 2026

1. Who We Are

Nexoraa, Inc. (“Nexoraa”, “we”, “us”, or “our”) is a Delaware corporation headquartered in the United States. We operate an enterprise agentic AI platform that orchestrates AI agents, enterprise systems, and human decision points across complex business operations. Our platform is designed for regulated industries including financial services, healthcare, life sciences, and manufacturing.

For questions about this policy, contact us at privacy@nexoraa.ai.

2. Scope

This Privacy Policy applies to information we collect when you visit our website (nexoraa.ai and related subdomains), use our platform services, attend our webinars or events, or otherwise interact with us. It does not apply to the data our enterprise customers process through the Nexoraa platform on behalf of their end users — that data is governed by our Data Processing Agreement (“DPA”) and the customer’s own privacy notices.

3. Information We Collect

3.1 Information you provide directly

  • Account & contact data — name, work email, company name, job title, phone number when you request a demo, create an account, or contact us.
  • Form submissions — content you submit through demo request, contact, or support forms.
  • Communications — emails, chat messages, and other correspondence you send us.

3.2 Information collected automatically

  • Usage data — pages visited, features used, time spent, clickstream data, and referring URLs.
  • Device & technical data — IP address, browser type and version, operating system, screen resolution, and device identifiers.
  • Cookies & similar technologies — see our Cookie Policy for details.

3.3 Information from third parties

  • Business contact data from data enrichment providers (e.g., Clearbit) to supplement demo request information.
  • Engagement data from marketing platforms (e.g., HubSpot) when you interact with our emails or content.

4. How We Use Your Information

  • Providing services — to operate the platform, process transactions, and provide customer support.
  • Sales & marketing — to respond to demo requests, send product updates, and deliver relevant marketing communications (with your consent where required by law).
  • Product improvement — to analyze usage patterns, diagnose issues, and improve platform features.
  • Security & compliance — to detect fraud, enforce our terms, and comply with legal obligations.
  • SOC 2 audit support — Nexoraa maintains a SOC 2 Type II certification. Access logs and audit trails are retained as required by our security controls.

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract — processing necessary to perform our contract with you or to take steps at your request before entering a contract.
  • Legitimate interests — processing for our legitimate business interests (e.g., improving our products, preventing fraud) where those interests are not overridden by your rights.
  • Consent — where you have given explicit consent (e.g., marketing emails). You may withdraw consent at any time.
  • Legal obligation — processing required to comply with applicable law.

6. Sharing Your Information

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers — vendors who process data on our behalf (cloud hosting, CRM, analytics, email delivery) under data processing agreements.
  • Business transfers — if Nexoraa is acquired or merges, personal data may be transferred as part of that transaction.
  • Legal requirements — when required by law, court order, or to protect the rights and safety of Nexoraa, our customers, or the public.
  • With your consent — in any other case with your explicit consent.

7. International Transfers

Nexoraa is headquartered in the United States. If you are located outside the US, your data may be transferred to and processed in the US. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (“SCCs”) approved by the European Commission as the transfer mechanism. Our DPA (available upon request) includes the applicable SCCs.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:

  • Account and contact data: duration of the business relationship plus 3 years.
  • Marketing data: until you opt out or withdraw consent.
  • Security and audit logs: as required by SOC 2 controls (minimum 1 year).
  • Anonymized analytics: indefinitely.

9. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data (subject to legal retention obligations).
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — at any time for processing based on consent.

To exercise any of these rights, email us at privacy@nexoraa.ai. We will respond within 30 days. EEA/UK residents also have the right to lodge a complaint with their local supervisory authority.

10. Security

Nexoraa implements administrative, technical, and physical safeguards aligned with our SOC 2 Type II controls. These include encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, continuous monitoring, and annual penetration testing. No system is completely secure; if you suspect a security incident, please contact security@nexoraa.ai.

11. Children’s Privacy

Our platform is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently done so, please contact us and we will delete the information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date and, where appropriate, by sending an email notification to the address on file.

13. Contact Us

Nexoraa, Inc.
511 E John W Carpenter Fwy., Suite # 500
Irving, TX 75062
Phone: 972-750-0709
Email: privacy@nexoraa.ai

EU Representative (Art. 27 GDPR): To be appointed. Contact privacy@nexoraa.ai for current details.