Privacy Policy

Last Updated: October 16, 2025

YouTube API Services Notice: Nexa Reply uses YouTube API Services to provide its core functionality. By using Nexa Reply, you are also agreeing to be bound by the YouTube Terms of Service et la Google Privacy Policy.

1. Introduction

Welcome to Nexa Reply ("we," "our," or "us"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered YouTube comment management service.

We are committed to protecting your privacy and being transparent about our data practices. This policy complies with applicable data protection laws including GDPR, CCPA, and YouTube API Services Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, name, and authentication credentials when you register for an account
  • Payment Information: Billing information processed securely through our third-party payment provider (Stripe). We do not store complete credit card details on our servers
  • Communication Data: Messages, feedback, and support requests you send us through our contact forms or email
  • Configuration Data: Your AI assistant settings, tone preferences, language selections, and custom rules you create

2.2 YouTube API Data (API Data from YouTube API Services)

When you connect your YouTube account via OAuth 2.0, Nexa Reply accesses, collects, stores, and uses the following data through the YouTube Data API v3:

  • Channel Information: Your YouTube channel ID, channel name, channel description, profile picture, subscriber count, and public channel statistics
  • Video Information: Video titles, descriptions, IDs, publication dates, and public metadata of your uploaded videos
  • Comment Data: All comments on your videos including: comment text content, author names and channel IDs, timestamps, like counts, reply threads, and comment status (published/held for review)
  • Authorization Data: OAuth 2.0 access tokens and refresh tokens that allow us to access your YouTube data on your behalf. These tokens are encrypted and stored securely
  • Historical Response Data: Your previous replies to comments to train the AI to match your communication style

Important: We only access the minimum data necessary to provide our comment management service. We do NOT access your private videos, unlisted content, or any data beyond comment management functionality.

2.3 Automatically Collected Information

  • Usage Data: How you interact with our service including features used, pages visited, time spent on pages, click patterns, and timestamps of actions
  • Device Information: Browser type and version, operating system, IP address, device identifiers, screen resolution, and general location (country/city level only)
  • Cookies and Similar Technologies: We store, access, and collect information using cookies, local storage, session storage, and similar tracking technologies on your devices and browsers. This includes:
    • Authentication cookies to maintain your login session
    • Preference cookies to remember your settings
    • Analytics cookies to understand usage patterns (Google Analytics)
    • Security cookies to prevent fraud and abuse
  • Log Data: Server logs including API calls, error messages, and system performance data

2.4 Third-Party Data Collection

We allow the following third parties to place cookies and similar technologies on your device:

  • Google Analytics: Collects anonymous usage statistics
  • Stripe: Processes payment information (if you subscribe to paid plans)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Core Service Functionality: To retrieve your YouTube comments and enable AI-powered reply generation
  • Authentication: To verify your identity and maintain secure access to your account
  • Service Improvement: To analyze usage patterns and improve our features
  • Communication: To send you service updates, security alerts, and support messages
  • AI Processing: Comment text is processed by AI services to generate contextual replies
  • Compliance: To comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our service. These providers process data on our behalf and are contractually obligated to protect your information:

  • AI Services (OpenAI/Anthropic): Comment text and context are sent to AI providers to generate reply suggestions. These providers:
    • Process data according to their own privacy policies
    • Do not use your data to train their models (per our agreements)
    • Delete data after processing (temporary processing only)
  • Cloud Infrastructure (Google Cloud Platform/AWS): We use secure cloud hosting to store and process data with encryption at rest and in transit
  • Payment Processors (Stripe): Payment and billing information is handled exclusively by Stripe. We never store complete credit card numbers
  • Analytics Providers (Google Analytics): Anonymous usage data to understand service performance and improve features
  • Email Service (SendGrid/Mailgun): To send transactional emails, notifications, and support communications

Data Processing Agreements: All third-party processors have signed Data Processing Agreements (DPAs) that comply with GDPR requirements.

4.2 Sharing with YouTube/Google

When you use our service to post replies to YouTube comments, that data is transmitted to YouTube through the YouTube Data API v3 and becomes subject to:

YouTube/Google may collect and process this data according to their own policies.

4.3 Internal Data Sharing

Within Nexa Reply:

  • Only authorized employees and contractors with legitimate business needs can access your data
  • All internal access is logged and monitored
  • Employees sign confidentiality agreements

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government requests
  • Protection of our rights, property, or safety
  • Protection of our users or the public

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your data is transferred.

4.6 No Sale of Personal Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. We have never sold user data and never will.

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict access limitations and authentication requirements
  • Regular Security Audits: We regularly review and update our security practices
  • Data Minimization: We only collect and retain data necessary for service functionality

Storage Duration: We retain your data as long as your account is active. YouTube OAuth tokens are stored securely and can be revoked at any time.

6. Cookies and Tracking Technologies

Nexa Reply stores, accesses, and collects information directly and indirectly on and from your devices, including by placing, accessing, and recognizing cookies and similar technologies on your devices and browsers.

6.1 Types of Technologies We Use

We use the following technologies on our website and application:

  • Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled without breaking the service.
    • Session cookies (expire when you close browser)
    • Authentication tokens (JWT stored in localStorage)
    • CSRF protection tokens
  • Preference Cookies: Remember your settings and choices
    • Language preferences
    • UI customizations
    • Notification settings
  • Analytics Cookies: Help us understand how users interact with our service (you can opt-out)
    • Google Analytics cookies (_ga, _gid, _gat)
    • Page view tracking
    • Feature usage statistics
  • Local Storage: We store data in browser local storage including:
    • Authentication tokens
    • User preferences
    • Cached data for offline functionality

6.2 Third-Party Cookies

We allow third parties to place cookies on your device:

  • Google Analytics: Tracks anonymous usage statistics
  • Stripe: Fraud detection for payment processing

6.3 Managing Cookies

You can control cookies through your browser settings:

  • Block all cookies: Note that essential cookies are required for the service to function
  • Delete cookies: You can clear cookies at any time, but this will log you out
  • Opt-out of analytics: You can disable Google Analytics using browser extensions or our settings

Browser-specific instructions:

7. Your Rights and Choices

7.1 Access and Control Your Data

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information through account settings
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Request your data in a machine-readable format
  • Objection: Object to certain data processing activities

7.2 Revoke YouTube Access

You can revoke Nexa Reply's access to your YouTube data at any time through:

When you revoke access, we will delete your YouTube OAuth tokens immediately. Other account data will be retained according to our retention policy unless you request full account deletion.

7.3 Delete Your Data

To delete your data:

  • Contact us at hello@nexareply.com with your deletion request
  • We will process your request within 30 days
  • Some data may be retained for legal or security purposes as required by law

8. Children's Privacy

Nexa Reply is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • Significant changes will be communicated via email or in-app notification
  • Your continued use of the service after changes constitutes acceptance of the updated policy

11. Additional Information for EU/UK Users (GDPR)

Legal Basis for Processing: We process your data based on:

  • Your consent (for YouTube API access)
  • Contract performance (to provide our services)
  • Legitimate interests (service improvement and security)

Data Protection Officer: For GDPR-related inquiries, contact us at hello@nexareply.com

12. Additional Information for California Users (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising CCPA rights

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We will respond to your inquiries within 30 days.

Important Links:

← Back to Home | Terms of Service