Privacy Policy

Nexiom is a personal-development app for entrepreneurs. We store the data you log — your daily entries, body activity, finances, mood, and reflections — only so we can show it back to you. We do not sell or share your data with advertisers.

You can export everything we have on you as a JSON file and permanently deleteyour account at any time from Settings → Privacy & data.

MarshallRidge Consulting Private Limited(“we”, “us”) operates the Nexiom application. Our registered address is MarshallRidge Consulting Private Limited, A Unit No 52, 2nd Flr, P No C-39A, Gami Ind. Park, MIDC, Thane 400705, Maharashtra, India. For privacy questions or to exercise your rights, contact privacy@nexiom.app.

• Account data — email, full name, optional phone, timezone. Used to authenticate you and personalise the app.
• Profile data — life roles, custom roles, goals, currency preference. Used to render your home dashboard and tracker.
• Daily logs — intent, mood, energy, reflection, time per role. Used to compute your streak, score, and trends.
• Body data — workouts, intensity (RPE), feel, optional measurements (weight, waist, body-fat %), personal records. Stored only to show your progress and adherence.
• Business ledger — income/expense entries you choose to log. Never shared.
• Wisdom queries— questions you submit to the Wisdom Corner are sent to Anthropic's Claude API to generate an answer. Both question and answer are stored against your account so you can revisit them. Anthropic does not use API inputs to train models per their published policy.
• Push subscriptions — only if you opt in to notifications: the browser push endpoint and keys, used to deliver daily nudges.
• Operational data — IP address and user-agent at the moment of sensitive actions (sign-in, password change, account deletion). Stored in an audit log visible only to you.
• Billing data — if you subscribe, your plan, status, and payment timestamps. Card / UPI details are never seen by Nexiom — they go directly to Razorpay.

We process your personal data under the consent you provide when creating an account, and under contract to deliver the service you subscribe to. We rely on the Digital Personal Data Protection Act, 2023 (DPDP) for our Indian users and on equivalent principles (lawful basis, purpose limitation, data minimisation, accuracy, storage limitation, integrity, accountability) for users elsewhere.

• While your account is active — for as long as you keep using Nexiom.
• If you delete your account — all of your data is permanently removed within 24 hours, except minimal records we are legally required to retain (invoices for tax/GST: 8 years; security/fraud audit log: 12 months).
• Inactive trial accounts — automatically purged after 90 days of no logins.

The third parties that help us run the service:

• Supabase, Inc. — Database, authentication, file storage. Region: Mumbai (ap-south-1), India.
• Vercel, Inc. — Web application hosting & edge delivery. Region: Global edge with primary in Mumbai.
• Anthropic PBC — AI model that powers Wisdom Corner answers. Region: United States (data not used for training per Anthropic's API policy).
• Google FCM / Apple APNS — Web push notification delivery (when you enable notifications). Region: Global.
• Razorpay Software Pvt. Ltd. — Payment processing (only when you upgrade to a paid plan). Region: India.

We sign data-protection agreements with each sub-processor where their standard terms are available. Pages are served from Vercel and our database lives in Mumbai (ap-south-1). Data does cross borders briefly for AI inference (US, Anthropic) and push delivery (FCM/APNS) — both encrypted in transit.

Under DPDP §11–13 you have the right to:

• Access— export everything we hold on you as JSON, instantly, from Settings → Privacy & data.
• Correct — edit your profile, roles, goals, and any past log directly in the app.
• Erase— permanently delete your account from Settings → Privacy & data → Delete my account. This is irreversible.
• Withdraw consent — by deleting your account.
• Nominate a person to exercise your rights in case of incapacity — email privacy@nexiom.app.
• Grievance redressal — write to privacy@nexiom.app. We acknowledge within 7 working days and resolve within 30 days. If unresolved, you may approach the Data Protection Board of India.

Connections are TLS-only. Data at rest is encrypted by our database provider. Authentication uses bcrypt-hashed passwords and signed JWTs. We isolate every user's rows with database row-level security. Sensitive operations are audit-logged. We do not have a way for our staff to read your daily entries — access to production data is restricted to incident response.

If you believe your account is compromised, sign out of all devices from Settings → Security and email privacy@nexiom.app immediately.

Nexiom is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, write to privacy@nexiom.app and we will remove the account.

We will notify you in-app and via email of material changes and require you to re-accept before continuing to use the service. Non-material changes (clarifications, typos) will be reflected in the “Last updated” date above.

Narendra Pratap Singh Tomar · privacy@nexiom.app · MarshallRidge Consulting Private Limited, A Unit No 52, 2nd Flr, P No C-39A, Gami Ind. Park, MIDC, Thane 400705, Maharashtra, India.