Privacy Policy

Effective Date: July 25, 2025

TL;DR

Hyperlink is an offline-first application. Your messages, chats, and documents are indexed and queried locally on your device. We do not have access to your private files.

  • We do NOT sell your data.
  • We do NOT transfer your data to third parties for advertising.

1. Introduction and Identity

This Privacy Policy ("Policy") describes how Nexa AI Inc. ("Company," "we," "our," or "us") collects, uses, processes, and shares information when you use the Hyperlink desktop software, our automatic update services, and support channels (collectively, the "Services").

By downloading, installing, or using the Services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the Services immediately.

2. Scope of Data Collection

We practice data minimization. We only process data strictly necessary for the functionality of the app.

A. Data Stored Locally (Not Collected by Us)

The following data remains 100% local on your device and is never transmitted to our servers:

  • Indexed Content: The actual content of your files, messages, and chats.
  • Search Queries: The text you type into the Hyperlink search bar.
  • Embeddings/Vectors: The mathematical representations of your data generated locally.
B. Data We Collect (Minimal Transmission)

We may collect and process the following limited categories of data:

  1. Device Metadata (Automatic): When the app checks for updates, we receive minimal technical data: app version. This is strictly to ensure compatibility of update files.
  2. Support Communications (Voluntary): If you email octopus@nexa.ai, we collect your email address, name, and any content you voluntarily provide (e.g., crash logs, screenshots).
  3. Usage Logs (Aggregated): We do not track individual user behavior. Any performance logs sent for debugging purposes are anonymized and stripped of personal identifiers before transmission.

3. How We Use Your Information

We use the limited information we collect for specific, legal business purposes:

  • Service Delivery: To provide the Hyperlink application and deliver compatible software updates.
  • Security & Debugging: To detect and prevent fraud, security breaches, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Communication: To respond to your support requests.

4. Disclosure and Sharing of Information

We do not sell, rent, or trade your personal information. We strictly limit disclosure to the following scenarios:

A. Service Providers

We engage trusted third-party vendors to perform functions on our behalf. These vendors are bound by strict confidentiality and data protection obligations:

  • Amazon Web Services (AWS): Used solely for hosting update files and processing update requests (HTTPS).
  • Google Workspace: Used solely for internal email hosting (for support inquiries).
B. Business Transfers

If Nexa AI Inc. is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information (such as support emails and update logs) may be sold or transferred as part of such a transaction as permitted by law and/or contract. We will require the acquiring entity to respect the commitments made in this Privacy Policy.

C. Legal Requirements

We may disclose information if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation (e.g., a subpoena or court order); (ii) protect and defend the rights or property of Nexa AI Inc.; or (iii) prevent or investigate possible wrongdoing in connection with the Services.

5. International Data Transfers

Our servers (via AWS) are located in the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the U.S.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your data, including:

  • Encryption: All network traffic (e.g., update checks) is encrypted via TLS 1.2 or higher.
  • Code Signing: Update files are cryptographically signed to prevent tampering.
  • Access Controls: Access to support emails is restricted to authorized personnel with a specific business need.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. Data Retention

  • Local Data: Stored indefinitely on your device until you uninstall the app and manually clear the data.
  • Server Logs: Update check logs (IP address, device hash) are retained for 30 days for security auditing and then permanently deleted.
  • Support Emails: Retained for the duration of the support ticket plus 12 months for record-keeping, unless a deletion request is received sooner.

8. Your Rights

Depending on your location, you may have specific rights regarding your personal data. We extend these rights to all users where feasible:

  • Right to Access: You may request details about the data we hold about you.
  • Right to Deletion: You may request that we delete your personal data (e.g., support emails).
  • Right to Rectification: You may correct inaccurate information.
  • Right to Opt-Out: You may opt-out of non-essential communications (though we do not send marketing emails).

To exercise these rights, contact us at octopus@nexa.ai. We will respond within the statutory timeframe (usually 30 days).

9. Children’s Privacy

The Services are not directed to individuals under the age of 13 (or 16 in certain jurisdictions like the EEA/UK). We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it immediately.

10. Dispute Resolution: Arbitration & Class Action Waiver

Please read this section carefully. It affects your legal rights.

  • Mandatory Arbitration: Any dispute, claim, or controversy arising out of or relating to this Policy or the breach, termination, enforcement, interpretation, or validity thereof, shall be determined by arbitration in Santa Clara County, California before one arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures.
  • Class Action Waiver: You and Nexa AI Inc. agree that each may bring claims against the other only in your or its individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding.

11. Changes to This Policy

We reserve the right to modify this Policy at any time. If we make material changes, we will notify you through the App or via our website at least 30 days prior to the changes taking effect. Your continued use of the Services after such changes constitutes your acceptance of the new Policy.

12. Contact Us

For any questions regarding this Privacy Policy or our data practices, please contact us:

Nexa AI Inc.Email: octopus@nexa.ai