NexcurAI
Talk to us Start a project
L1 Legal · Privacy

Privacy, plainly.

We do not sell your data. We do not run retargeting ads at you. We do not share what you tell us with Anthropic or any other third party beyond what is operationally necessary. This page explains the specifics, in plain English first and legalese second.

Last updated: April 2026 · Version 1.0

Plain English version

What we collect

  • Your name, company, email, role, and project details when you submit the intake form or email us.
  • Basic website analytics: pages viewed, referring source, rough location (country), device type. Aggregated, not tied to you personally.
  • Content you share during an engagement: documents, code, access tokens, interview notes. These are covered by the engagement NDA.

What we do with it

  • Intake data goes to the operator inbox. One human reads it. It is stored in our CRM (Attio) for 36 months then deleted unless you become a client.
  • Analytics help us understand which essays are read and which pages drive engagement. We use Plausible (cookieless, privacy-respecting).
  • Engagement content is used only to deliver the engagement. It is stored in engagement-specific repositories accessible only to operators named in the SOW.

What we never do

  • We never sell your data, your project details, or your handbook content.
  • We never use your engagement content to train any model, ours or anyone else's.
  • We never share your identifiable data with Anthropic. Claude usage runs under contextual inputs, not fine-tuning. Your data does not become training data.
  • We never send marketing emails to you unless you explicitly subscribe. Transactional emails only.

Your rights

You can ask us to delete your data at any time. Email hello@nexcur.ai with your email address. We respond within 7 business days. GDPR, CCPA, and Canadian PIPEDA rights apply wherever you are.

Legalese version

Data controller

NexcurAI Inc., a Canadian company, is the data controller for personal data collected through this website and engagement workflows. Contact: hello@nexcur.ai.

Legal basis for processing

We process your personal data under: (a) your consent (when you submit forms); (b) contractual necessity (to perform an engagement); (c) legitimate interest (to operate and improve our website and services, insofar as these do not override your fundamental rights).

Categories of data

Contact data (name, email, company, role); project data (descriptions, timelines, budgets you share); engagement data (content shared under NDA during a delivered engagement); technical data (IP address, device, referrer, anonymized for analytics).

Third-party processors

  • Anthropic (Claude API): processes engagement content on a per-request basis per Anthropic's Commercial Terms of Service and Privacy Policy. Zero retention option is enabled where applicable.
  • Attio: CRM for intake and client relationships.
  • Plausible: privacy-respecting website analytics, cookieless.
  • GitHub: engagement repositories (private).
  • Google Workspace: email and document collaboration.
  • Stripe: invoicing and payment processing (for billing data only).
  • Notion: client-facing handbook delivery when elected.

Data retention

  • Intake form data not converted to engagement: 36 months from last contact, then deleted.
  • Engagement content: for the life of the engagement plus 24 months, unless the SOW specifies otherwise.
  • Financial records (invoices, contracts): 7 years for tax and audit compliance.
  • Website analytics: 24 months, aggregated.
  • Subscriber email list: until you unsubscribe, then deleted within 14 days.

International transfers

We are a remote-first company with operators in Canada and contractors in the United States. Data is stored in cloud services with data centers in the United States and Canada. For EU/UK data subjects, we rely on Standard Contractual Clauses with our processors.

Your rights (GDPR, CCPA, PIPEDA)

  • Right to access: request a copy of the personal data we hold on you.
  • Right to rectification: ask us to correct inaccurate data.
  • Right to erasure: ask us to delete your data.
  • Right to portability: ask us to provide your data in a machine-readable format.
  • Right to object: opt out of processing based on legitimate interest.
  • Right to withdraw consent: any time, no penalty.

To exercise any right, email hello@nexcur.ai. We respond within 30 days (GDPR) or 45 days (CCPA).

Cookies

We use exactly zero marketing cookies. We set one first-party session cookie for the contact form CSRF token. We use Plausible analytics, which is cookieless.

Changes

We post a changelog at the top of this page. Material changes (new processors, new data categories, new purposes) are announced 30 days before they take effect. Subscribers get an email.

Contact

Privacy questions: hello@nexcur.ai.
Security reports: hello@nexcur.ai (see /security).
EU representative: available on request if required.

This document is maintained in version control at github.com/nexcur/legal. Past versions available on request.

L1.1 Further reading

What we actually do with your data.

The policy above is the contract. The library below is the working reality: how Claude is embedded, what we produce, how we test it before it reaches you.

Essays

All writing

Guides

All guides

Samples

All samples