Nuxara.ai LLC ("Nuxara," "we," "our," or "us") operates the Nuxara software-as-a-service platform (the "Service"), which provides autonomous AI-driven marketing, lead generation, and client communication tools to businesses in the wellness industry, including medical spas, day spas, salons, and wellness clinics ("Subscribers" or "Clients"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit nuxara.ai, register for the Service, or otherwise interact with us.
This Policy applies to (a) Subscribers who contract with Nuxara to use the Service; (b) employees, agents, and authorized representatives of Subscribers; (c) prospective customers and visitors to our website; and (d) end-users whose information is processed through the Service on behalf of Subscribers ("End-Users"). We process End-User information primarily as a service provider or processor on behalf of Subscribers; the Subscriber is the controller of that information. End-Users with questions about how their information is processed should contact the Subscriber directly.
• Account Information. Business name, owner name, business address, email address, telephone number, billing contact, EIN or tax identification number, and login credentials.
• Payment Information. Payment card data and billing details processed by our payment processor (Stripe). We do not store full payment card numbers on our systems.
• Communications. Messages, voice recordings, transcripts, and other content you submit when contacting us, participating in webinars, completing onboarding, or interacting with our AI agents.
• Marketing & Onboarding Inputs. Information you provide about your business, services, pricing, staff, and target customers used to configure the Service.
• Usage Data. Pages viewed, features used, clicks, session duration, referring URLs, and similar analytics.
• Device & Technical Data. IP address, browser type and version, operating system, device identifiers, and language preferences.
• Cookies & Similar Technologies. See Section 7 (Cookies and Tracking Technologies).
In providing the Service to Subscribers, we process information about End-Users that Subscribers, their integrated platforms, or End-Users themselves submit to the Service. This may include:
• Names, telephone numbers, and email addresses of End-Users.
• Appointment history, service preferences, and booking activity.
• SMS and email communications between Subscribers (or our AI agents acting on Subscribers' behalf) and End-Users.
• Inbound and outbound voice call recordings, transcripts, and metadata where the Subscriber has enabled AI voice features.
• Information that End-Users provide when they engage with a Subscriber's booking widget, lead capture form, or AI agent.
Subscribers are responsible for obtaining all necessary consents and providing all required notices to End-Users for the collection and processing of End-User information through the Service.
We may receive information from third-party sources, including (a) integrated platforms that Subscribers connect to the Service (such as booking software and customer relationship management tools); (b) marketing data providers used for prospect outreach; (c) public business directories; and (d) social media platforms.
We use the information described above for the following purposes:
• To provide, operate, maintain, and improve the Service.
• To onboard Subscribers, configure AI agents, and integrate third-party platforms.
• To process payments, send invoices, and administer subscriptions, including the trial structure described in our Terms.
• To communicate with Subscribers about their accounts, the Service, security alerts, and support requests.
• To send marketing and promotional communications to prospective Subscribers (subject to applicable opt-out rights).
• To train, evaluate, and improve our internal AI workflows and prompt libraries, using only aggregated or de-identified data unless otherwise authorized.
• To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms.
• To comply with legal obligations, including tax, accounting, and regulatory requirements.
• To enforce our agreements and protect the rights, property, and safety of Nuxara, our Subscribers, and others.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation ("GDPR") and equivalent laws:
• Contract. To perform our contract with you (or the Subscriber on whose behalf we process your data) and to take pre-contractual steps at your request.
• Legitimate Interests. For our legitimate interests in operating, securing, and improving the Service, conducting business-to-business marketing, and preventing fraud, where those interests are not overridden by your rights.
• Consent. Where we have obtained your consent, including for certain cookies and electronic marketing communications.
• Legal Obligation. To comply with legal and regulatory obligations.
We do not sell personal information. We share information in the following circumstances:
We use the following categories of third-party service providers to operate the Service. Each provider is contractually obligated to safeguard information and use it only for the purposes for which we engage them.
• Twilio Inc. — Telephony, SMS, and voice infrastructure, including A2P 10DLC compliance.
• ElevenLabs, Inc. — AI voice synthesis and conversational voice agent infrastructure.
• Anthropic, PBC — Large language model API used to generate AI responses, content, and analysis.
• Stripe, Inc. — Payment processing, subscription billing, and invoicing.
• HighLevel, LLC (GoHighLevel) — Customer relationship management, lead pipeline, and contract administration.
• Make.com (Celonis SE / Celonis s.r.o.) — Workflow automation and integration orchestration.
• Airtable, Inc. — Structured data storage for prompt libraries, metrics, and configuration data.
• Cloudflare, Inc. — Edge compute (Workers), object storage (R2), database (D1), content delivery, video streaming, and DDoS protection.
• Boulevard, Inc. (where integrated by Subscriber) — Booking and practice management integration.
• HeyGen Labs, Inc. — AI-generated video personalization for marketing communications.
• Google LLC — Business profile management, advertising, and analytics, where applicable.
• Meta Platforms, Inc. — Advertising and lead generation, where applicable.
We may add, remove, or replace subprocessors as our infrastructure evolves. Material changes affecting Subscriber Data will be communicated to Subscribers in accordance with the Client Service Agreement.
If you are an End-User of a Subscriber, we share your information with that Subscriber as part of providing the Service.
We may share or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, or in negotiations of any of the foregoing.
We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms; (c) protect the rights, property, or safety of Nuxara, our users, or others; or (d) detect or prevent fraud or security incidents.
We may share information for any other purpose disclosed to you and with your consent
.
Subscribers and prospective Subscribers who provide their telephone number to Nuxara consent to receive transactional and marketing SMS messages from Nuxara at the number provided. Message and data rates may apply. Message frequency varies. Reply STOP to opt out and HELP for help. SMS programs operated by Nuxara comply with applicable wireless carrier requirements, including A2P 10DLC registration with The Campaign Registry.
Calls placed to or by Nuxara, including calls handled by our AI voice agents, may be recorded and transcribed for quality assurance, training, fraud prevention, and service improvement. Where required by law, callers will be notified at the start of the call. The Commonwealth of Virginia is a one-party consent jurisdiction; for calls involving parties in two-party consent jurisdictions, additional notice will be provided.
Subscribers using the Service's SMS and voice features to communicate with their End-Users are solely responsible for obtaining all required consents from those End-Users (including, where applicable, prior express written consent under the Telephone Consumer Protection Act, 47 U.S.C. § 227, and equivalent state laws) and for honoring opt-out requests. Subscribers must not use the Service to send messages or place calls in violation of applicable law.
We and our service providers use cookies, web beacons, pixels, and similar technologies to operate, secure, and analyze the website and Service. Categories of cookies we use include:
• Strictly Necessary. Required for the website and Service to function (such as authentication and load balancing).
• Functional. Remember your preferences and personalize your experience.
• Analytics. Help us understand how visitors use the website (such as Google Analytics).
• Advertising. Used by us and our partners to deliver, measure, and improve advertising (such as Meta and Google advertising pixels).
You can control cookies through your browser settings and through any cookie preferences interface we provide on the website. Disabling certain cookies may impair website functionality.
We retain information for as long as necessary to fulfill the purposes described in this Policy, including providing the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements. Specific retention periods vary based on the type of information and the purpose for which it was collected:
• Account Information. Retained for the duration of the subscription plus seven (7) years for tax and accounting purposes.
• Subscriber Data and End-User Data. Retained for the duration of the subscription. Following termination, retained in accordance with the Client Service Agreement and Data Processing Addendum, after which it is deleted or de-identified.
• Voice Recordings and Transcripts. Retained for ninety (90) days unless a longer retention period is required by law, requested by the Subscriber, or required for an active investigation or dispute.
• Marketing Prospect Data. Retained until the prospect opts out, requests deletion, or three (3) years of inactivity, whichever occurs first.
• Aggregated and De-identified Data. May be retained indefinitely.
We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of data in transit using TLS, encryption of data at rest by our infrastructure providers, role-based access controls, secret management through Cloudflare Workers, audit logging, and regular review of access privileges. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
You may access, update, or correct certain account information by signing into your Nuxara account or contacting us at support@nuxara.ai. You may opt out of marketing emails by following the unsubscribe link in any marketing message and may opt out of marketing SMS by replying STOP.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), provides you with the following rights, subject to certain exceptions:
• The right to know what personal information we collect, use, disclose, and sell or share, and to receive a copy of that information.
• The right to request deletion of personal information we have collected from you.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of personal information. Nuxara does not sell personal information and does not share personal information for cross-context behavioral advertising in a manner that would require an opt-out under CPRA, except as may be triggered by use of advertising cookies described in Section 7. You may opt out by adjusting your cookie preferences or by submitting a request to support@nuxara.ai.
• The right to limit the use and disclosure of sensitive personal information.
• The right to non-discrimination for exercising your rights.
To exercise these rights, contact us at support@nuxara.ai. We will verify your request using information we already maintain about you. You may designate an authorized agent to make a request on your behalf.
If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR and equivalent laws, subject to certain exceptions:
• The right of access to your personal data.
• The right to rectification of inaccurate personal data.
• The right to erasure ("right to be forgotten").
• The right to restriction of processing.
• The right to data portability.
• The right to object to processing, including processing based on legitimate interests and processing for direct marketing.
• The right to withdraw consent at any time, where processing is based on consent.
• The right to lodge a complaint with a supervisory authority in the EEA, UK, or Switzerland.
To exercise these rights, contact us at support@nuxara.ai. If you are an End-User of a Subscriber, please direct your request to the Subscriber, who is the controller of your information.
Nuxara is based in the United States, and our service providers are located in the United States and other jurisdictions. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries that may not provide the same level of data protection as your jurisdiction. Where required by applicable law, we rely on appropriate transfer mechanisms, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.
The Service is intended for use by businesses and is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under thirteen (13) in the United States or under the applicable age of consent in other jurisdictions. If we learn we have collected such information, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this Policy reflects the most recent revision. Material changes will be communicated to Subscribers via email or through the Service. Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the updated Policy.
For questions, requests, or complaints about this Privacy Policy or our privacy practices, contact us at:
Nuxara.ai LLC
Attention: Privacy
Email: support@nuxara.ai
Telephone: (757) 348-6315
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.