Nexus is a web service that helps tattoo artists, illustrators, and other creators manage their bookings, clients, and the conversations they have on Instagram. This policy explains what data we collect, why, and what we do with it.

Who we are

Nexus is operated from the United Kingdom. You can contact us at support@nexus-app.uk for any privacy questions or requests.

What data we collect

Account information

When you create a Nexus account, we collect:

  • Your email address
  • A hashed password (we never store your password in plain text)
  • The display name you choose

Data you enter into Nexus

While using Nexus, you create records about your own clients. This may include:

  • Client names, pronouns, email addresses
  • Notes about tattoo ideas, placement, size, pricing
  • Booking dates and reference images you save to a client's gallery
  • Quick replies, flash gallery items, and waitlist entries

This data is stored in our database (hosted on Supabase) and tied only to your account. Other Nexus users cannot see it.

Authentication tokens

When you sign in, we issue a session token (JWT) that is stored locally in your browser. It is used to identify you when the app talks to our backend. It is not shared with anyone.

Instagram chat identifiers

If you use the Nexus browser extension while viewing an Instagram Direct Message thread, it reads the chat ID from the URL (e.g. instagram.com/direct/t/…) so it can load the matching client record. We do not read, store, or transmit the content of your messages.

Images you drag into Nexus

If you drag an image from an Instagram DM into the Nexus side panel, the image is fetched from Instagram's CDN and saved to your account's private gallery. Only you can see images you saved.

What we do not collect

  • We do not read the contents of your Instagram messages
  • We do not collect information about your Instagram clients without you typing it in yourself
  • We do not track your browsing history, mouse movement, keystrokes, or activity on other websites
  • We do not collect location, health, or financial data
  • We do not use third-party advertising, analytics, or tracking SDKs
No ads No trackers No data sales No AI training

How we use your data

We use the data above only to:

  • Provide the Nexus service to you (sign you in, load your client records, sync bookings, send confirmation/cancellation/review emails to your clients on your behalf)
  • Operate and improve the service (debug errors, prevent abuse)
  • Send transactional emails (e.g. password reset)

We do not sell your data. We do not use it to train AI models. We do not share it with advertisers.

Emails sent on your behalf

When you confirm or cancel a client's booking — or after a completed session, if you've enabled the review request — Nexus sends an email to the client email address you entered. If you've added a Google review link in your settings, that email includes a button linking to it. These emails are sent via Resend on our infrastructure and identify you (the artist) as the sender's name.

Who we share data with

We use the following service providers to run Nexus:

  • Supabase — database and file storage
  • Resend — transactional email delivery
  • Railway — server hosting

These providers process data on our behalf and are bound by their own privacy commitments. We do not share data with anyone else except where required by law.

Data retention

We keep your data for as long as your account exists. You can delete your account at any time from Settings → Danger zone → Delete account. Deletion is permanent and removes all of your bookings, clients, intakes, gallery items, and waitlist entries within 30 days.

Your rights

If you are in the UK, EU, or another region with data-protection laws, you have the right to:

  • Request a copy of the personal data we hold about you
  • Ask us to correct or delete that data
  • Withdraw consent and close your account

Email support@nexus-app.uk to exercise any of these rights.

Security

Passwords are hashed with bcrypt. All communication between the app and our servers uses HTTPS. Session tokens are stored locally in your browser and expire after 30 days.

Children

Nexus is not intended for use by anyone under 18.

Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email.

Got a privacy question?

Email support@nexus-app.uk — we read every message ourselves.