NexusFlag

Privacy Policy

Last updated: April 2026

NexusFlag is built for businesses that handle financial data. We take that trust seriously. This policy explains exactly what we collect, why, and what we do with it.

1. Information We Collect

We collect information you provide directly when you create an account, import sales data, or contact support. This includes:

  • Account information: name, email address, company name, and password (stored as a bcrypt hash — we never store your plain-text password).
  • Sales data: revenue figures, transaction counts, state-level sales breakdowns, and any CSV files you upload. This data is used exclusively to calculate your nexus exposure.
  • Billing information: payment card details are processed and stored by Stripe. NexusFlag never stores full card numbers.
  • Usage data: pages visited, features used, and timestamps — collected to improve the product and diagnose errors.
  • Device and browser data: IP address, browser type, operating system, and referral source.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the NexusFlag service
  • Calculate your sales tax nexus exposure across US states and send threshold alerts
  • Send transactional emails (alerts, receipts, password resets)
  • Send product update emails — you can unsubscribe at any time
  • Process payments and manage your subscription
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal information or your sales data to third parties. We do not use your data to train AI models.

3. Data Sharing

We share your information only in the following circumstances:

  • Service providers: We use Supabase (database and authentication), Stripe (payments), and SendGrid (email). Each is contractually bound to use your data only as directed by us.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of NexusFlag and its users.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a materially different privacy policy.

4. Data Security

We use industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest, and row-level security on our database. We restrict access to your data to employees and contractors who need it to operate the service. No security measure is perfect — if you discover a vulnerability, please report it to support@nexusflag.com.

5. Cookies and Tracking

NexusFlag uses cookies and similar technologies to:

  • Keep you logged in across sessions
  • Remember your preferences
  • Measure aggregate usage patterns (via privacy-friendly analytics)

We do not use third-party advertising cookies. You can disable cookies in your browser settings, but doing so will prevent you from staying logged in.

6. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data. You can:

  • Update your account information from the dashboard
  • Request deletion of your account and data by emailing support@nexusflag.com
  • Unsubscribe from marketing emails using the link in any email

We will respond to verifiable requests within 30 days. We may need to verify your identity before fulfilling a request.

7. Contact

Questions about this policy? Email us at support@nexusflag.com. NexusFlag is operated by Prompt Critical, LLC, PO Box 524133, Bronx, NY 10452.

Terms of ServiceBack to NexusFlag