Privacy Policy
NEXA
PRIVACY POLICY
Last Updated: February 10, 2026
Effective Date: February 10, 2026
This Privacy Policy explains how Beijing Guixin Yanghang Technology Co., Ltd. (北京硅芯扬航科技有限公司) (“Nexa,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the Nexa Service.
By using the Service, you consent to the practices described in this Privacy Policy.
1. Scope
This Privacy Policy applies to information we collect through:
• the Nexa mobile apps (iOS/Android),
• our community Feed, creation tools, and messaging,
• customer support communications,
• and any other services that link to this Privacy Policy.
It does not apply to third-party websites, services, or SDKs that may be integrated into Nexa (e.g., advertising networks). Those third parties have their own privacy policies.
2. Information We Collect
Because Nexa has no guest mode, we collect certain information to register and provide the Service.
Account information
• Phone number (for login/verification)
• Username
• Profile photo/avatar
• Date of birth (for age-gating and account eligibility)
• Phone number (for login/verification) and SMS verification codes (temporary verification codes sent by Twilio for login/verification, not stored for a long time)
Content you create or share
• Uploaded photos (e.g., portraits, old photos, ID photos, outfit images)
• Prompts, instructions, and inputs for AI generation
• AI-generated outputs (images)
• Feed posts, captions, hashtags, comments
• Likes, follows, favorites/saves, reports, blocks
Messages and communications
• Private messages you send and receive (content may be encrypted)
• Metadata (e.g., sender/recipient, timestamps, delivery status)
• Support communications (emails, in-app tickets, feedback)
Transactions
• Purchase and subscription information (e.g., product type, price tier, transaction IDs/receipts, subscription status)
• Flux balance and consumption records (like a “ledger”)
2.2 Information Collected Automatically
Device and network information
• Device model, OS version, language, time zone
• IP address (approximate location derived from IP)
• App version, crash logs, performance data
• Unique device identifiers and similar identifiers
Advertising identifiers
• On iOS: IDFA (if you allow tracking) and/or other device identifiers
• On Android: Android Advertising ID (AAID) and/or other device identifiers
Usage and analytics
• Feature usage (which tools/templates you use, session duration, clicks)
• Events for fraud prevention, security, and debugging
2.3 Information from Third Parties
We may receive information from:
• Apple/Google (purchase verification, subscription status)
• Advertising partners (ad delivery and measurement signals)
• Service providers (e.g., cloud hosting, analytics, security) to help us operate the Service
• Twilio Inc. (SMS verification code sending status, delivery receipt and other transaction data related to SMS verification service)
2.4 Special Notice Regarding Face Data
To provide a clear understanding of how we handle facial images in compliance with app store privacy guidelines, please note the following:
• Data Collection: When you use AI features (such as AI portraits, old photo restoration, expression correction, or ID photo generation), we collect the photographs you choose to upload. These photos may contain human faces ("Face Data"). We do not collect true biometric data (like Face ID depth maps) for identification purposes.
• Purpose of Use: Your Face Data is used strictly and exclusively to provide the core AI image generation and editing services you request. We do not use Face Data for identity verification, targeted advertising, tracking, or building user profiles.
• Data Sharing: To process your requests, your Face Data is securely transmitted to our partnered third-party AI model service providers. These providers only use the data to process your specific generation task and are strictly prohibited from using your Face Data to train their own generalized AI models or for any other independent purposes.
• Data Retention: Face Data processed by our third-party AI providers is permanently deleted from their servers immediately after the generation process is complete. On Nexa's servers, your uploaded photos and generated outputs are temporarily retained in your account history so you can access them across devices. You can manually delete these images at any time within the app(). If you delete your account, all associated Face Data is permanently erased from our active servers within 90 days().
3. How We Use Information
We use information to:
1. Provide the Service
• create and manage your account
• verify eligibility (13+), prevent fraud
• process your Inputs and generate Outputs
• store and sync your creations and history
• enable Feed publishing, discovery, and “create similar”
• We use the phone number you provide and the SMS verification code transaction data received from Twilio to complete the security verification of your account registration, login and other operations; we will not use the above data for any other purposes such as personalization, advertising, or service improvement, and will not store the temporary SMS verification code for a long time (the verification code will be automatically invalidated after the verification is completed or the time limit expires).
2. Personalization and recommendations
• recommend templates, prompts, creators, and content
• rank and display Feed posts
3. Moderation, safety, and compliance
• enforce Terms and Community Guidelines
• prevent CSAM, harassment, hate, violence, and other prohibited content
• investigate reports, scams, abuse, and security incidents
• comply with legal obligations and lawful requests
4. Advertising and marketing
• show ads in the app (including interest-based ads where allowed)
• measure ad effectiveness and prevent ad fraud
• communicate service updates and promotions (where permitted)
5. Service improvement
• analyze usage and performance
• improve template hit rate using de-identified and aggregated statistics
• maintain reliability and security
4. How We Share Information
We do not
sell your personal information for money.
We may share information as follows:
4.1 With Service Providers (Processors)
We share information with vendors who help us operate the Service, such as:
• cloud storage and hosting providers
• AI model and inference service providers (to process Inputs and generate Outputs)
• analytics and crash reporting services
• customer support tools
• push notification services
• security/fraud prevention providers
They are permitted to use information only to provide services to us and must protect it.
SMS service providers (e.g., Twilio Inc.): We share your phone number with Twilio only for the purpose of sending SMS verification codes for account security verification. Twilio is required to process the shared information only for the above-stated purpose, and to take reasonable security measures to protect the information from unauthorized access, use or disclosure. Twilio is prohibited from sharing your phone number with any third party or using it for any other purpose without our prior written consent and your explicit authorization.
4.2 With Advertising Networks and Measurement Partners
We work with advertising partners (e.g., AdMob, AppLovin) that may collect or receive:
• advertising identifiers (IDFA/AAID) and device identifiers,
• IP address, device and app information,
•
ad interaction events (impressions, clicks),
for ad delivery, personalization (where
allowed), and measurement.
In some U.S. states, sharing identifiers for cross-context behavioral advertising may be considered “sharing” under privacy laws. You may have the right to opt out (see Section 8).
4.3 With Other Users and the Public
If you post to the Feed or make content public:
• your Public Content, username, avatar, and related interactions may be visible to other users and the public (depending on settings),
• your content may be searchable, recommended, and re-displayed.
4.4 For Legal, Safety, and Rights Protection
We may disclose information if we believe it is necessary to:
• comply with law, regulation, or legal process,
• respond to lawful requests by authorities,
• protect rights, safety, and security of Nexa, users, or the public,
• investigate and prevent fraud or abuse.
If we are involved in a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.
4.6 De-Identified / Aggregated Information
We may share de-identified and aggregated information (that does not identify you) to improve the Service, analytics, and template performance.
5. Data Retention
We retain information as follows:
• Uploaded photos (Inputs): retained in your account until you delete them.
• Generated results (Outputs): stored in the cloud to provide history and cross-device access; you may delete at any time.
• Public Feed content: retained until you delete the post, subject to backup retention.
• Private messages: retained to provide the messaging service, subject to deletion tools and technical limitations; metadata may be retained longer for security and abuse prevention.
• Account deletion: if you request account deletion, we will delete your personal information within 90 days (“hard delete”), unless we must retain certain information for legal compliance, fraud prevention, dispute resolution, or security.
We may retain de-identified information for longer.
6. Security
We use reasonable administrative, technical, and organizational safeguards, including encryption in transit and encryption at rest for certain data stores. We also use encryption protections for chat data and may implement E2EE for certain contexts. No system is 100% secure, so we cannot guarantee absolute security.
7. Children’s Privacy (COPPA)
Nexa is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If we learn we collected information from a child under 13, we will take steps to delete it.
8. Your Rights and Choices
• You can access and update certain account information in the app.
• You can delete uploaded photos, generated results, and Feed posts.
• You can request account deletion, after which we delete information within 90 days.
• You may request to stop receiving SMS verification codes sent by Twilio on our behalf by emailing [email protected] with the subject "Stop SMS Verification Service" and your account identifiers; we will process your request within a reasonable time (generally within 7 working days). Please note that stopping the SMS verification service may affect your normal account login and identity verification
You can limit or reset advertising identifiers via device settings:
• iOS: App Tracking Transparency (ATT) permission, “Allow Apps to Request to Track”
• Android: Ads personalization controls and reset AAID
8.3 U.S. State Privacy Rights (California and Other States)
Depending on where you live, you may have rights to:
• access/know what data we collect,
• delete data,
• correct data,
• obtain a copy of your data (portability),
• opt out of targeted advertising / “sale” / “sharing” (as defined by law),
• appeal certain decisions (in some states).
California residents: You may have the right to opt out of the sale or sharing of personal information. California defines “sharing” as disclosure for cross-context behavioral advertising. You may submit an opt-out request by:
• emailing [email protected] with subject “Do Not Sell/Share Request”.
We will not discriminate against you for exercising privacy rights.
9. Data Storage Location
We currently store and process your information primarily in Singapore, . We take steps designed to protect your information consistent with this Privacy Policy and applicable law. We commit that regardless of where your data is stored, your privacy rights under the applicable law—including the rights to access, deletion, and opt-out of sale/sharing—remain fully protected and unaffected.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice (e.g., in-app). The “Last Updated” date indicates when it was last revised.
11. Contact
Privacy
& Support: [email protected]
Company: Beijing Guixin
Yanghang Technology Co., Ltd. (北京硅芯扬航科技有限公司)
Address: 3501, Block A, Xinghe Shiji Building, Futian District, Shenzhen,
Guangdong, China