Privacy Policy

• The text of prompts you send through a relay tunnel.
• The text of model responses returned to you.
• File contents, source code, or any task payload.
• The Donor's Claude session cookies or API keys.

The tunnel is end-to-end encrypted between requester sandbox and donor daemon; NexVora forwards ciphertext frames and only ever observes metadata (size, latency, exit code).

• Account: email, hashed password, display name.
• Coin wallet history (counter-based ledger).
• Relay metadata: timestamps, byte counts, latency, model tier requested, settlement amounts.
• IP address at the auth boundary (for rate limiting + Sybil detection). Retained 30 days.
• GDPR/DPDP-mandated audit log: who logged in, who changed config, who initiated a refund.

Postgres + Redis hosted in ap-south-1 (Mumbai) for Indian residents, eu-central-1 (Frankfurt) for EEA residents, and us-east-1 for everyone else. Data is never replicated across these zones except for aggregate metrics used for the public Observatory.

You may request a portable export of your account data or full deletion at any time. Deletion is irreversible and severs your wallet balance and reputation history. Reach privacy@nxvora.online — we respond within 30 days as required by DPDP / GDPR / CCPA.

Two HttpOnly cookies: nv_access (short-lived JWT) and nv_refresh (rotating refresh token). No third-party analytics, no advertising trackers, no cross-site identifiers. One Plausible script for aggregate page-view stats (no PII, EU data residency).