Nexpilot
Back to home
Privacy & GDPR

Privacy Policy

This page explains how Nexpilot handles personal data and privacy-related requests.

Last updated: July 2026

1.Overview

Nexpilot collects only the personal data needed to provide the service, manage user accounts, respond to support requests, and improve the product. This policy explains what data we collect, why we collect it, and how it is handled.

2.Data we collect

  • Account data: display name, email address, authentication identifiers (e.g., Google account ID or email/password credentials), account role, plan, and credits.
  • Contact form data: name, email, subject, message content, page URL, submission source, and user agent (used for spam prevention).
  • Newsletter subscription data: email address, subscription status, signup source, consent timestamp and consent text, and a unique unsubscribe token. Collected only when you voluntarily subscribe to the Nexpilot newsletter via the homepage form.
  • Product research data: search inputs, AI-generated outputs, saved opportunities, preferences, and workspace settings.
  • Technical data: timestamps, usage events, server logs, session records, and security or audit data.
  • Payment data: If paid plans become available, payment processing may be handled by a third-party payment provider. We do not store full card numbers or sensitive payment details.

3.How we use your data

We use your data to:

  • Create and manage your account
  • Provide the Nexpilot dashboard and research features
  • Send transactional service emails (welcome email, contact confirmation, account closure notification)
  • Send Nexpilot newsletter emails to subscribers (POD ideas, listing tips, product research updates) — only if you have opted in via the newsletter signup form
  • Respond to support requests submitted through the contact form
  • Protect service security and prevent abuse
  • Monitor and improve product reliability

4.Legal bases for processing

Depending on how you use Nexpilot and your jurisdiction, we process your data on the following legal bases:

  • Contract: to provide the service you have requested
  • Legitimate interests: to maintain security, prevent abuse, and improve the service
  • Consent: where required by applicable law
  • Legal obligations: where we are required to retain certain records by law

5.Firebase, Resend and service providers

We use the following service providers to operate Nexpilot:

  • Firebase (Google): authentication, user database (Firestore), and related infrastructure
  • Resend: sending transactional emails

These providers process data on our behalf in accordance with their own privacy policies and applicable data processing agreements. We do not sell your personal data to third parties.

6.Contact form data

When you submit the contact form, your name, email address, subject, and message are sent to our support team and stored in our database. You will receive an automated confirmation email. To contact us, please use our contact page.

7.Newsletter subscriptions

When you subscribe to the Nexpilot newsletter via the homepage form, we collect your email address and store it in our database along with your subscription status, signup source, consent text, and a unique unsubscribe token.

Unsubscribing: Every newsletter email will include a personal unsubscribe link. Clicking it takes you to our unsubscribe page and immediately sets your status to unsubscribed. You can also visit /unsubscribe directly and enter the email you used to subscribe — for privacy, the page does not confirm whether an email is present in our list. You can also request removal via our contact page.

Confirmation emails: When you subscribe or unsubscribe, Nexpilot sends a one-time transactional confirmation email to the address on file. These are not the weekly newsletter and are sent only in response to your action.

Current status: The weekly newsletter is not yet active. Subscribed addresses are stored for when it launches. Until then, you can manage your subscription via the contact page.

8.Account data and authentication

Account data is stored securely in Firebase. If you use Google Sign-In, authentication is handled by Firebase on behalf of Google. Your email address and display name are stored in our database to personalise your experience and provide access to the service.

9.Product research data and saved outputs

Search queries, AI-generated outputs, and saved items are stored in your workspace and associated with your account. This data is not shared with other users.

10.Referral Program

If you apply to become a referral partner via Work with us, or sign up using someone's referral code or link, Nexpilot may process:

  • Application data: name, email, website/social, audience type, main market and message submitted by prospective partners
  • Referral codes and links: your personal code and link once approved as a partner
  • Attribution events: visits/clicks on a referral link and resulting registrations, recorded to credit the correct partner
  • Registration/conversion events: whether a referred account registered, is on a trial, or becomes a paying subscriber
  • Estimated commission data: commission amounts calculated from referred paying subscriptions — estimates only, not a confirmed balance or payment
  • Payout and billing details: payout method and account details, plus billing/invoicing details (legal or business name, billing address, VAT/tax identifiers where applicable, invoice email) that partners provide for Nexpilot to process manual payouts and issue/receive invoices
  • Referred-user identity data: for each referred user, the display name (if available) and email are visible to Nexpilot admins to identify the referral relationship, provide support, and prevent abuse

Privacy safeguards:the full name/email of a referred user, and a partner's full payout/billing details, are visible only to Nexpilot admins for program operation, manual payout, invoicing, and fraud-prevention purposes — a referring partner never sees this data; partners only ever see masked, aggregated counts and their own payout/billing details on their own dashboard. This data is used to operate the referral program, calculate estimated commissions, and prevent abuse such as self-referrals or duplicate attribution. There is no automatic payout or payment execution — every commission and payout requires manual review by an admin.

11.Cookies and local storage

Nexpilot uses session cookies to maintain your authenticated session across page loads. We may use local storage for user preferences or workspace state. We do not use advertising or third-party analytics tracking cookies unless explicitly stated in a future update to this policy.

12.Data retention

We retain your personal data for as long as your account is active. After account closure:

  • Your Firebase Auth account is deleted
  • Your user profile is anonymised in our database
  • Some operational records — such as audit events, closure notifications, and contact requests — may be retained where required for security, legal, or abuse-prevention purposes

13.Account closure and deletion

You can close your account at any time from the Settings page. This removes your access to Nexpilot and anonymises your user profile. Some workspace records may be retained in an anonymised or access-restricted form where required for technical, security, or audit reasons. We are working to improve automated data cleanup and will update this policy accordingly.

14.Your privacy rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Restrict or object to certain processing activities
  • Receive your data in a portable, machine-readable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us through our contact page.

15.GDPR information for EU/EEA users

If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including all rights listed in Section 14 above. You also have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights have been violated.

To submit a privacy request or GDPR-related inquiry, please contact us through our contact page.

16.International transfers

Some of our service providers may process your data in countries outside your country of residence. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent legally recognised transfer mechanisms to protect your personal data.

17.Security

We apply reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, or loss. However, no system is completely secure. We encourage you to use a strong password and keep your credentials confidential.

18.Children's privacy

Nexpilot is not intended for use by children under the age of 16, or under the minimum age required by applicable law in your jurisdiction. Users must be of the age required to enter into a binding agreement in their country. If you believe a child has created an account, please contact us.

19.Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically to stay informed about how we handle your data.

20.Contact

For privacy questions, data requests, or GDPR-related inquiries, please use our contact page.

Cookies

We use essential cookies to keep Nexpilot secure and working properly. If analytics or optional cookies are added in the future, we’ll ask for your consent. Privacy Policy