Privacy Policy
NEXA
PRIVACY POLICY
Last Updated: February 10, 2026
Effective Date: February 10, 2026
This Privacy Policy explains how Beijing Guixin Yanghang Technology Co., Ltd. (北京硅芯扬航科技有限公司) (“Nexa,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the Nexa Service.
By using the Service, you consent to the practices described in this Privacy Policy.
1. Scope
This Privacy Policy applies to information we collect through:
• the Nexa mobile apps (iOS/Android),
• our community Feed, creation tools, and messaging,
• customer support communications,
• and any other services that link to this Privacy Policy.
It does not apply to third-party websites, services, or SDKs that may be integrated into Nexa (e.g., advertising networks). Those third parties have their own privacy policies.
2. Information We Collect
Because Nexa has no guest mode, we collect certain information to register and provide the Service.
Account information
• Username
• Profile photo/avatar
• Date of birth (for age-gating and account eligibility)
• Phone number (for login/verification) and SMS verification codes (temporary verification codes sent by Twilio for login/verification, not stored for a long time)
Content you create or share
• Uploaded photos and videos that you choose to submit to the Service.
• Selected templates, styles, effects, and prompt information associated with your AI generation or editing request.
• AI-generated outputs (images and, where supported, videos).
• Feed posts, captions, hashtags, comments.
• Likes, follows, favorites/saves, reports, and blocks.
For AI generation features, the original uploaded photo is used only to fulfill the request you initiate. We do not retain the original uploaded photo in your account history or on our servers after the requested processing is completed. We do retain the generated output in your account so that you can view, manage, and access it in the app until you delete it.
Messages and communications
• Private messages you send and receive (content may be encrypted)
• Metadata (e.g., sender/recipient, timestamps, delivery status)
• Support communications (emails, in-app tickets, feedback)
Transactions
• Purchase and subscription information (e.g., product type, price tier, transaction IDs/receipts, subscription status)
• Flux balance and consumption records (like a “ledger”)
2.2 Information Collected Automatically
Device and network information
• Device model, OS version, language, time zone
• IP address (approximate location derived from IP)
• App version, crash logs, performance data
• Unique device identifiers and similar identifiers
Advertising identifiers
• On iOS: IDFA (if you allow tracking) and/or other device identifiers
• On Android: Android Advertising ID (AAID) and/or other device identifiers
Usage and analytics
• Feature usage (which tools/templates you use, session duration, clicks)
• Events for fraud prevention, security, and debugging
2.3 Information from Third Parties
We may receive information from:
• Apple/Google (purchase verification, subscription status)
• Advertising partners (ad delivery and measurement signals)
• Service providers (e.g., cloud hosting, analytics, security) to help us operate the Service
• Twilio Inc. (SMS verification code sending status, delivery receipt and other transaction data related to SMS verification service)
2.4 Special Notice Regarding Face Data
To provide a clear understanding of how we handle face-related content, please note the following:
• Face Data Collected. When you use face-based AI image generation or editing features, we process the photo you choose to upload. That photo may contain a human face ("Face Data"). We do not collect Face ID depth maps and we do not use Face Data to identify who you are.
• Data Sent to Third-Party AI Provider. To fulfill your request, we transmit only your uploaded photo together with the selected template, style, effect, or prompt associated with your request to Google’s Gemini service. Google Gemini, a generative AI service provided by Google LLC.
• Purpose of Sharing. Google’s Gemini service processes this data solely for the purpose of generating or editing the image you requested.
• Third-Party Storage. Google’s Gemini service does not store your uploaded photo and does not store the generated output.
• Nexa Storage. Nexa does not store the original uploaded photo after the requested processing is completed. Nexa does store the generated output in your account so that you can view, manage, and access it in the app.
• User Deletion Controls. You may delete generated outputs at any time from your personal profile or other in-app management tools. If you request account deletion, associated personal information will be deleted from our active systems within 90 days, subject to limited exceptions for legal compliance, fraud prevention, dispute resolution, and security.
• No Identification or Training. We do not use Face Data for identity recognition, targeted advertising, or user profiling. We do not use your uploaded photos or private messages to train Nexa’s proprietary AI models.
• Community Safety Review. If you choose to publish generated content to the community, the content may be automatically reviewed by our safety systems to detect prohibited content, including but not limited to pornography, terrorism-related content, and other unlawful or harmful material, in order to maintain platform safety and enforce our policies.
3. How We Use Information
We use information to:
1. Provide the Service
• create and manage your account
• verify eligibility (13+), prevent fraud
• process your Inputs and generate Outputs
• store and sync your creations and history
• enable Feed publishing, discovery, and “create similar”
• We use the phone number you provide and the SMS verification code transaction data received from Twilio to complete the security verification of your account registration, login and other operations; we will not use the above data for any other purposes such as personalization, advertising, or service improvement, and will not store the temporary SMS verification code for a long time (the verification code will be automatically invalidated after the verification is completed or the time limit expires).
• transmit your uploaded photo and selected template, style, effect, or prompt to Google’s Gemini service solely to fulfill the AI generation or editing request you initiate;
2. Personalization and recommendations
• recommend templates, prompts, creators, and content
• rank and display Feed posts
3. Moderation, safety, and compliance
• enforce Terms and Community Guidelines
• prevent CSAM, harassment, hate, violence, and other prohibited content
• investigate reports, scams, abuse, and security incidents
• comply with legal obligations and lawful requests
• automatically review content that users choose to publish to the community in order to detect prohibited content, including pornography, terrorism-related content, and other unlawful or harmful material, and to maintain platform safety and enforce our policies;
4. Advertising and marketing
• show ads in the app (including interest-based ads where allowed)
• measure ad effectiveness and prevent ad fraud
• communicate service updates and promotions (where permitted)
5. Service improvement
• analyze usage and performance
• improve template hit rate using de-identified and aggregated statistics
• maintain reliability and security
4. How We Share Information
We do not
sell your personal information for money.
We may share information as follows:
4.1 With Service Providers (Processors)
We share information with vendors that help us operate the Service, subject to contractual or comparable confidentiality and data-protection obligations, including:
• Google’s Gemini service: when you use AI generation or editing features, we share only your uploaded photo and the selected template, style, effect, or prompt associated with your request so that the provider can generate or edit the requested output;
• cloud storage and hosting providers: to store account data and generated outputs;
• analytics and crash reporting services;
• customer support tools;
• push notification services;
• security and fraud prevention providers; and
• SMS service providers (e.g., Twilio Inc.): We share your phone number with Twilio only for the purpose of sending SMS verification codes for account security verification. Twilio is required to process the shared information only for the above-stated purpose, and to take reasonable security measures to protect the information from unauthorized access, use or disclosure. Twilio is prohibited from sharing your phone number with any third party or using it for any other purpose without our prior written consent and your explicit authorization.
These service providers may use the shared data only to perform services for us and not for their own unrelated purposes.
4.2 With Advertising Networks and Measurement Partners
We work with advertising partners (e.g., AdMob, AppLovin) that may collect or receive:
• advertising identifiers (IDFA/AAID) and device identifiers,
• IP address, device and app information,
•
ad interaction events (impressions, clicks),
for ad delivery, personalization (where
allowed), and measurement.
In some U.S. states, sharing identifiers for cross-context behavioral advertising may be considered “sharing” under privacy laws. You may have the right to opt out (see Section 8).
4.3 With Other Users and the Public
If you post to the Feed or make content public:
• your Public Content, username, avatar, and related interactions may be visible to other users and the public (depending on settings),
• your content may be searchable, recommended, and re-displayed.
4.4 For Legal, Safety, and Rights Protection
We may disclose information if we believe it is necessary to:
• comply with law, regulation, or legal process,
• respond to lawful requests by authorities,
• protect rights, safety, and security of Nexa, users, or the public,
• investigate and prevent fraud or abuse.
If we are involved in a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.
4.6 De-Identified / Aggregated Information
We may share de-identified and aggregated information (that does not identify you) to improve the Service, analytics, and template performance.
5. Data Retention
We retain information as follows:
• Uploaded photos used for AI generation: not retained after the requested processing is completed.
• Generated results (Outputs): stored in your account so that you can access, view, manage, and use them across devices until you delete them or request account deletion.
• Public Feed content: retained until you delete the post, subject to backup retention.
• Private messages: retained to provide the messaging service, subject to deletion tools and technical limitations; metadata may be retained longer for security and abuse prevention.
• Safety review records: where necessary, we may retain limited logs or review records related to content moderation, abuse prevention, and enforcement actions for security, compliance, and dispute resolution purposes.
• Account deletion: if you request account deletion, we will delete your personal information within 90 days (“hard delete”), unless we must retain certain information for legal compliance, fraud prevention, dispute resolution, or security.
We may retain de-identified information for longer where permitted by law.
6. Security
We use reasonable administrative, technical, and organizational safeguards, including encryption in transit and encryption at rest for certain data stores. We also use encryption protections for chat data and may implement E2EE for certain contexts. No system is 100% secure, so we cannot guarantee absolute security.
7. Children’s Privacy (COPPA)
Nexa is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If we learn we collected information from a child under 13, we will take steps to delete it.
8. Your Rights and Choices
• You can access and update certain account information in the app.
• You can delete generated outputs and Feed posts in the app.
• Uploaded photos used for AI generation are not kept in your account history after processing is completed.
• You can request account deletion, after which we delete information within 90 days.
• You may request to stop receiving SMS verification codes sent by Twilio on our behalf by emailing [email protected] with the subject "Stop SMS Verification Service" and your account identifiers; we will process your request within a reasonable time (generally within 7 working days). Please note that stopping the SMS verification service may affect your normal account login and identity verification
You can limit or reset advertising identifiers via device settings:
• iOS: App Tracking Transparency (ATT) permission, “Allow Apps to Request to Track”
• Android: Ads personalization controls and reset AAID
8.3 U.S. State Privacy Rights (California and Other States)
Depending on where you live, you may have rights to:
• access/know what data we collect,
• delete data,
• correct data,
• obtain a copy of your data (portability),
• opt out of targeted advertising / “sale” / “sharing” (as defined by law),
• appeal certain decisions (in some states).
California residents: You may have the right to opt out of the sale or sharing of personal information. California defines “sharing” as disclosure for cross-context behavioral advertising. You may submit an opt-out request by:
• emailing [email protected] with subject “Do Not Sell/Share Request”.
We will not discriminate against you for exercising privacy rights.
9. Data Storage Location
We currently store and process your information primarily in Singapore. We take steps designed to protect your information consistent with this Privacy Policy and applicable law. We commit that regardless of where your data is stored, your privacy rights under the applicable law—including the rights to access, deletion, and opt-out of sale/sharing—remain fully protected and unaffected.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice (e.g., in-app). The “Last Updated” date indicates when it was last revised.
11. Contact
Privacy
& Support: [email protected]
Company: Beijing Guixin
Yanghang Technology Co., Ltd. (北京硅芯扬航科技有限公司)
Address: 3501, Block A, Xinghe Shiji Building, Futian District, Shenzhen,
Guangdong, China