Privacy Policy
Your privacy is fundamental to our mission. We're committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data.
Last updated: September 30, 2025
NexPhrase ("we", "our", or "us") operates the NexPhrase AI coaching platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using NexPhrase, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Account Information
When you create an account, we collect your name, email address, and password (encrypted). If you subscribe to a paid plan, we also collect billing information through our payment processor, Stripe.
Conversation Data
During coaching sessions, we process audio data in real-time and generate transcripts. Audio recordings and transcripts are stored securely to provide you with session history and performance analytics.
Usage Information
We collect information about how you use NexPhrase, including session duration, feature usage, and interaction patterns to improve our service and provide analytics.
Device Information
We collect information about the devices you use to access NexPhrase, including browser type, operating system, and IP address for security and optimization purposes.
How We Use Your Information
Service Delivery
We use your information to provide real-time AI coaching, generate personalized suggestions, and track your communication improvement over time.
AI Processing
Your conversation data is processed by AI models to provide coaching suggestions. This processing happens in real-time and follows strict data minimization principles.
Communication
We may send you service updates, billing notifications, and optional marketing communications (which you can opt out of at any time).
Improvement
We analyze aggregated, anonymized usage data to improve our AI models and enhance the platform's features.
Data Security & Storage
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Audio streams are encrypted end-to-end during real-time sessions.
Storage
Your data is stored on secure servers managed by Supabase (PostgreSQL) and compliant cloud storage providers. Audio recordings are retained for 90 days unless you choose to delete them sooner.
Access Controls
We implement strict access controls and authentication mechanisms. Only authorized personnel can access user data, and all access is logged and monitored.
Data Retention
We retain your account data for as long as your account is active. You can request deletion at any time, and we'll remove your data within 30 days.
Data Sharing & Third Parties
AI Service Providers
We use AI Service Providers to power our coaching features. These providers process your conversation data according to their privacy policies and our data processing agreements.
Payment Processing
Stripe handles all payment processing. We don't store credit card numbers or sensitive payment information on our servers.
Analytics
We use privacy-focused analytics tools to understand usage patterns. These tools receive anonymized data only.
No Sale of Data
We never sell, rent, or trade your personal information to third parties for marketing purposes.
Your Rights & Choices
Access & Portability
You can access, download, or export your data at any time through your account settings.
Correction
You can update your personal information through your profile settings or by contacting our support team.
Deletion
You have the right to delete your account and all associated data. We'll process deletion requests within 30 days.
Opt-Out
You can opt out of marketing communications and certain data processing activities through your account preferences.
GDPR & CCPA Rights
If you're in the EU or California, you have additional rights including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities.
Children's Privacy
NexPhrase is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information immediately.
International Data Transfers
Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction. We ensure that such transfers comply with applicable data protection laws and that your data receives adequate protection through appropriate safeguards.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
- By email: privacy@nexphrase.com
- Through our support portal: support.nexphrase.com
For data protection inquiries or to exercise your rights, please email our Data Protection Officer at dpo@nexphrase.com