Privacy Policy

1. Introduction

NEXNEEL TOOLS, a division of NEXNEEL LLC ("we," "us," or "our"), operates OBMAT at obmat.nexneel.tools. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using OBMAT, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Information you provide directly:

• Account information: name, email address, password (hashed)
• Billing information: processed and stored by Stripe — we never store card numbers
• WooCommerce credentials: encrypted with AES-256 at rest
• Store data: orders, products, customers, posts synced from your WooCommerce store
• Communications: support emails, feedback

Information collected automatically:

• Usage data: pages visited, features used, timestamps
• Device information: browser type, operating system, IP address
• Authentication tokens stored in secure HTTP-only cookies

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To process payments and manage subscriptions
• To sync your WooCommerce store data
• To send transactional emails (receipts, password resets, team invitations)
• To provide AI-powered features using anonymized prompts
• To detect and prevent fraud and abuse
• To comply with legal obligations

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted service providers necessary to operate the Service:

5. Data Security

We implement industry-standard security measures including:

• AES-256 encryption for WooCommerce API credentials at rest
• bcrypt hashing for all passwords
• HTTPS/TLS encryption for all data in transit
• HTTP-only, SameSite=Strict session cookies
• JWT session tokens with 15-minute expiry
• Redis-based session blocklist on logout
• Comprehensive audit logging for all sensitive actions

Despite these measures, no system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours.

6. Data Retention

We retain your data for as long as your account is active. Upon account termination:

• You may request a data export within 30 days of termination
• After 30 days, your account data is permanently deleted
• Billing records are retained for 7 years as required by law
• Audit logs are retained for 1 year

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing

To exercise these rights, contact legal@nexneel.tools. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies only — no advertising or tracking cookies. Our cookies include:

• obmat.session-token: Secure authentication cookie (HTTP-only, 7-day expiry)

We do not use Google Analytics, Facebook Pixel, or any third-party tracking services.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, contact us at legal@nexneel.tools.

10. International Transfers

Your data is stored and processed in the United States (Supabase — North Virginia region, Vercel — US East). If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests: