Skip to main content
Skip to main content
NexusMonitor

Privacy Policy

Last updated: February 17, 2026

1. Introduction

NexusMonitor ("we," "us," or "our") operates the NexusMonitor sales tax nexus monitoring platform at nexusmonitor.app ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address and password when you create an account
  • Business information: Organization name, primary state, and business type during onboarding
  • Contact form submissions: Name, email address, subject, and message content when you use our contact form
  • Support conversations: Messages you send through our in-app support chat
  • Payment information: Billing details are collected and processed directly by Stripe — we do not store your credit card numbers or full payment details on our servers

2.2 Information from Connected Platforms

When you connect a sales platform (including Shopify, WooCommerce, and Square), we access your order data to calculate nexus thresholds. We collect and store:

  • Aggregated sales data: Total revenue and transaction counts per U.S. state, per month
  • Platform connection data: Store name, platform type, connection status, and sync timestamps

We do NOT store individual order details, product information, customer names, customer addresses, or any other personally identifiable information about your customers.

2.3 Automatically Collected Information

  • Usage data: Pages visited, features used, and timestamps (via Vercel Analytics)
  • Device information: Browser type, operating system, and screen resolution
  • Cookies: We use essential cookies for authentication and session management. During platform OAuth flows (Shopify, WooCommerce, Square), temporary CSRF cookies (nonce, store identifier) are set and removed after authentication completes. We do not use advertising cookies or third-party tracking cookies.

2.4 System and Operational Monitoring

To maintain service reliability and security, we automatically collect operational data:

  • Email delivery logs: We track whether emails (alerts, sequences, notifications) were successfully delivered. Recipient email addresses are masked in logs.
  • Cron job performance: We monitor the execution time and success/failure status of automated background jobs.
  • Compliance check results: When our system checks public state government websites for rule changes, the AI analysis results are stored for verification.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Calculate your nexus status across U.S. states
  • Send threshold alerts and notifications via email
  • Process your subscription payments (via Stripe)
  • Respond to your support inquiries and contact form submissions
  • Send onboarding, educational, and product update emails
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. AI Processing

NexusMonitor uses AI technology (Anthropic Claude) to provide certain features:

  • Support chatbot: Your chat messages are sent to Anthropic's API to generate helpful responses. Conversations are stored in our database to maintain context and improve support quality. If a conversation is escalated (e.g., you request human assistance), the full conversation history may be forwarded to our support team via email.
  • Contact form responses: Messages submitted through our contact form are processed by AI to classify the inquiry type (e.g., product question, pricing, partnership) and generate a personalized response.
  • Blog content: Blog articles about sales tax nexus are generated using AI and reviewed before publication.
  • Compliance monitoring: AI is used to classify potential nexus rule changes from public government sources.

We do not use your personal data or business data to train AI models. Data sent to Anthropic's API is processed according to Anthropic's Privacy Policy.

5. Third-Party Services

We use the following third-party services to operate our platform. Each service has access only to the data necessary for its specific function:

  • Supabase: Database hosting and authentication — stores your account data, business data, and aggregated sales data
  • Stripe: Payment processing — handles subscription billing, stores payment methods securely
  • Vercel: Application hosting — serves the web application, runs scheduled background jobs
  • Resend: Email delivery — sends alert notifications, onboarding emails, and support responses
  • Anthropic: AI processing — powers the support chatbot, contact form responses, and content generation
  • Cloudflare: DNS and security — manages domain routing and provides DDoS protection
  • Shopify: Platform integration — we access order data through Shopify's official API when you connect your store
  • WooCommerce: Platform integration — we access order data through the WooCommerce REST API when you connect your store
  • Square: Platform integration — we access order data through Square's official API when you connect your account

6. Data Retention

  • Account data: Retained for the duration of your account, plus 30 days after deletion request
  • Sales data: Aggregated sales data is retained for the duration of your account to provide historical nexus analysis
  • Support conversations: Retained for 12 months after the last message
  • Contact form submissions: Retained for 6 months
  • System logs: Retained for 90 days
  • Email delivery logs: Retained for 90 days for operational monitoring
  • Compliance check records: Retained indefinitely as a public record audit trail
  • Email sequence records: Retained for 12 months after completion

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is encrypted in transit using TLS/SSL
  • Database connections are encrypted and access is restricted by Row Level Security policies
  • Passwords are hashed using bcrypt (via Supabase Auth)
  • API keys and secrets are stored as environment variables, never in source code
  • Admin functions are restricted to authorized users only
  • Daily automated database backups (Supabase Pro)

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and account
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your personal data for certain purposes
  • Withdraw consent: Withdraw consent for data processing at any time

To exercise any of these rights, please contact us at support@nexusmonitor.app or through our contact form. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information
  • The right to non-discrimination for exercising your CCPA rights

We do not sell your personal information to third parties. We share data with service providers (Supabase, Stripe, Vercel, Resend, Anthropic) solely to operate and deliver the Service.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. By using the Service, you consent to such transfers.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

12. Email Communications

We may send you emails related to:

  • Transactional emails: Account verification, password resets, billing receipts — these cannot be opted out of
  • Alert emails: Nexus threshold alerts — configurable in your alert preferences
  • Product emails: Onboarding tips, feature updates, educational content — you may unsubscribe at any time

You can manage your email preferences in your account settings or by contacting support.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by sending an email to your registered address and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: