NEXUS Trading we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Chrome extension and associated services.
1. Information We Collect
1.1 Account Information
- Email Address: Required for account creation and authentication
- Authentication Data: Password hash (never stored in plaintext), Google OAuth tokens
1.2 Wallet Information
- Wallet Addresses: Public blockchain addresses you add to the extension
- Private Keys: Encrypted with AES-256-GCM using your master password (we cannot decrypt these without your password)
- Wallet Names: Custom labels you assign to your wallets
1.3 Transaction Data
- Transaction History: Records of trades executed through our platform
- Token Balances: Cached balance information for performance
- Trading Preferences: Slippage settings, gas preferences, quick-buy amounts
1.4 Technical Information
- Extension Version: For compatibility and update notifications
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account Authentication | Email, Password Hash, OAuth Tokens | Contract Performance |
| Execute Trades | Wallet Addresses, Private Keys (encrypted) | Contract Performance |
| Display Balances | Wallet Addresses, Token Data | Contract Performance |
| Security Monitoring | Session Data | Legitimate Interest |
| Service Improvement | Anonymized Usage Data | Legitimate Interest |
3. Data Security
Private Key Encryption
Your private keys are encrypted using industry-standard AES-256-GCM encryption with your master password. We use PBKDF2 with 100,000 iterations for key derivation. We cannot access your private keys without your master password.
3.1 Security Measures
- All data transmitted over HTTPS (TLS 1.3)
- Passwords hashed with bcrypt (12 rounds)
- Session tokens hashed with SHA-256 before storage
- Rate limiting on all API endpoints
- Two-factor authentication (TOTP) available
- Automatic session expiration after 24 hours
- Account lockout after failed login attempts
3.2 Data Storage
- Server Location: Secure data centers with SOC 2 compliance
- Database: MongoDB with encryption at rest
- Local Storage: Extension settings stored in Chrome's secure storage
4. Third-Party Services
We integrate with the following third-party services to provide our functionality:
| Service | Purpose | Data Shared |
|---|---|---|
| DexScreener | Token prices and pair data | Token addresses (public blockchain data) |
| Blockchain Networks | Transaction execution | Transaction data, wallet addresses |
| Google OAuth | Optional sign-in method | Email, profile (with your consent) |
| RPC Providers | Blockchain connectivity | Transaction requests, balance queries |
We do not sell your data to any third parties.
5. Data Retention
- Account Data: Retained until account deletion
- Transaction History: Retained for your reports untill manually cleared by user
- Session Data: Automatically deleted after 24 hours
- Security Logs: Retained for 90 days
- Deleted Wallets: Permanently removed on deletion
6. Your Rights
Depending on your location, you may have the following rights:
6.1 Access & Portability
You can request a copy of all data we hold about you. Contact us to receive your data in a machine-readable format.
6.2 Correction
You can update your account information at any time through the extension settings.
6.3 Deletion
You can request complete deletion of your account and all associated data. This action is irreversible.
6.4 Restriction
You can request that we limit how we use your data while we address any concerns.
6.5 Objection
You can object to processing based on legitimate interest at any time.
How to Exercise Your Rights
Send your request to privacy@nexus-aio.com with your registered email address. We will respond within 24 hours.
7. Cookies and Local Storage
The NEXUS extension uses Chrome's local storage API to store:
- Authentication tokens (encrypted)
- User preferences and settings
- Cached wallet data for performance
- UI state (panel position, last selected chain)
We do not use third-party tracking cookies. No advertising or analytics cookies are used.
8. Children's Privacy
NEXUS Trading is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
9. International Data Transfers
Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) where applicable
- Data processing agreements with all service providers
- Encryption of all data in transit and at rest
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting a notice in the extension
- Sending an email to your registered address
- Updating the "Last Updated" date above
Continued use of the extension after changes constitutes acceptance of the updated policy.
11. Contact Us
Privacy Inquiries
For any questions or concerns about this Privacy Policy or our data practices:
- Email: privacy@nexus-aio.com
- Support: support@nexus-aio.com
- Website: https://nexus-aio.com
We aim to respond to all inquiries within 24 hours.