Privacy Policy

1. Introduction and Scope

This Privacy Policy governs how Aqylon Nexus Limited (“Company”, “we”, “us”), registered in India, collects, uses, stores, shares, and protects personal data from global B2B and B2C users of the NOWG proprietary‑AI platform (https://www.nowg.ai and https://app.nowg.ai). NOWG enables users to build, deploy, and monetize web applications using our tools, including integrations like Open Router, Vercel, Netlify, Supabase, and Stripe. Access requires email‑verified registration and operates on a fixed monthly subscription basis. We comply with India’s DPDP Act, IT Act, and applicable global standards (e.g., GDPR for EU users).

2. Data Controller and Contact

Aqylon Nexus Limited is the data controller. For privacy queries, rights exercises, or grievances, contact support@nowg.ai. A Grievance Officer/Data Protection Officer will be appointed as required under the DPDP Act.

3. Types of Data Collected

• User Identification: name, email, organization, role, phone (if provided).
• Account Data: hashed credentials, login history, subscription details, API keys.
• Billing/Payment: payment tokens, transactions, invoices via Stripe.
• Usage/Technical: IP, device/browser info, session logs, feature analytics.
• Application Data: prompts/inputs, generated code/apps, configs, deployment metadata.
• Integration Data: tokens/credentials for Open Router, Vercel, Netlify, Supabase.
• Generated Content: outputs from platform tools and monetization settings. Sensitive data included in user apps is user‑controlled; ensure compliance.

4. Sources of Data

• Directly from users: registration, prompts, integration setups.
• Automatically: logs, cookies, analytics during platform use and deployments.
• Third parties: Stripe (payments), Vercel/Netlify/Supabase (deployments), Open Router (model access).

5. Legal Basis and Purposes

Processing aligns with consent, contract necessity, legitimate interests, or legal obligations, including:

• Account verification and subscription management.
• Web‑app building, code generation, testing, debugging, and deployment.
• Third‑party integrations (e.g., Vercel/Netlify deployments, Open Router access, Stripe payments).
• Service delivery, security/fraud detection, and analytics for improvements.
• Billing, dispute resolution, and compliance reporting.

We process inputs solely to generate outputs; we do not train models on your data without explicit opt‑in.

6. Cookies and Tracking

We use essential cookies for sessions and integrations, plus analytics for usage insights. Third‑party cookies from Stripe/Vercel may apply during deployments. You can manage cookies in your browser or in‑app settings where available.

7. Data Sharing and Disclosures

• Processors: cloud providers in India, Stripe, Vercel, Netlify, Supabase, Open Router — all under DPAs.
• B2B Admins: team usage/app data may be visible to account owners.
• Authorities: for lawful requests under Indian/global laws.

No selling of personal data. Third‑party‑hosted user apps are governed by those providers’ policies.

8. Data Storage and Localization

Personal and application data are stored on secure servers within India in compliant data centers, consistent with DPDP localization. Third‑party integrations may store deployed app data per their own policies.

9. International Data Transfers

No routine transfers outside India. Exceptional transfers (e.g., Stripe global operations) use SCCs or equivalent safeguards. EU/UK users benefit from adequacy decisions or appropriate safeguards.

10. Data Retention

• Active accounts/apps: retained while subscribed.
• Post‑termination: billing/legal data kept up to 7 years; app data deleted on request. Backups are retained securely for disaster recovery.

11. User Rights

Depending on your jurisdiction: access, rectification, erasure, restriction, portability, objection, and consent withdrawal.

Submit requests to support@nowg.ai. We respond within 30 days (or DPDP timelines). No fee unless requests are excessive.

12. Children’s Privacy

Service is for 18+ users/competent entities only. We do not knowingly collect minor data.

13. Security Measures

• Encryption (TLS in‑transit, AES at‑rest).
• Access controls (RBAC; MFA recommended).
• Audits, penetration testing, DPDP breach notifications within 72 hours as applicable.
• App‑specific isolation for platform tools; scoped tokens for integrations.

14. Third‑Party Integrations and User Apps

When connecting Open Router, Vercel, Netlify, Supabase, or Stripe, review those providers’ policies. We share only necessary tokens/metadata. Users are responsible for compliance of their deployed apps. Stripe processes payments under PCI‑DSS.

15. Proprietary‑AI Platform Tools Disclosures

NOWG’s tools process inputs to generate outputs for web‑app building, editing, and deployment (e.g., code completion, theming). Outputs are user‑owned; inputs are processed transiently. We do not train on your data without consent. You are responsible for legal compliance of generated content.

16. Policy Changes

Material updates will be notified via email/in‑app 30 days prior. Continued use constitutes acceptance of the updated policy.

17. Grievance Redressal

Email: support@nowg.ai. [Grievance Officer details to be inserted]. Governing law: India.

This policy references “proprietary‑AI platform tools,” India‑based storage, and global integrations. Consult counsel for finalization.