ProductsAboutServicesStudioFAQStart a Project
Legal · Privacy

Your data, handled with care.

This policy explains what information Nexobe collects when you use our products and websites, how we use it, who we share it with, and the rights you have. We try to write it in plain language. Where we can't, we tell you why.

Effective1 January 2026
Last updated1 January 2026
Applies toNexobe & all products
Reading time≈ 7 min
01

At a glance.

If you only read one section, read this one. The rest of the document is the detail.

  • We collect the minimum we need to make our products work and to charge you correctly.
  • We do not sell your personal information. We do not rent it. We do not trade it for ad inventory.
  • We use a small set of vetted processors to run infrastructure, payments, and analytics. They process data on our behalf, never independently.
  • You can request access, correction, deletion, and export of your information at any time by emailing privacy@nexobe.com.
  • We retain data only for as long as we need it for the purpose you gave it to us — or as long as the law requires.
One company, several products.Nexobe is the parent. Otteri, Nuqsaf, AirDrv, Pikcel, Snap.Photo, Vepery, and Caviti are products operated by Nexobe under this same policy. Where a product has additional, product-specific terms (for example Nuqsaf's regulated banking disclosures), those will be linked from the product itself.
02

Scope of this policy.

This policy covers personal information processed by Nexobe Limited ("Nexobe", "we", "us") through our marketing websites at nexobe.com and product domains, our consumer and business products, and any related services.

It does not cover third-party websites we link to, or services operated by partners under their own terms (for example, regulated financial services performed by a banking-as-a-service partner). Where third parties are involved, we link to their policies in the relevant section.

03

What we collect.

Information you give us

  • Account information: name, email, password (hashed), profile photo, country of residence.
  • Billing information: billing address, last four digits of payment card and card type. Full card numbers are handled by our payment processor and never touch our servers.
  • Content you create: documents, prompts, voice recordings, generated images, headshots, and any other content you submit to our products.
  • Communications: messages you send us via support, sales, or any contact form.
  • Identity verification (Nuqsaf only): government-issued ID and selfie biometrics, processed by our regulated KYC partner. Required by law for financial services.

Information we collect automatically

  • Device and log data: IP address, browser type, operating system, referring URL, pages viewed, timestamps.
  • Usage data: features used, frequency, errors encountered, performance metrics. We use this to find bugs and to make products better.
  • Cookies and similar: see our cookie notice in section 05.

Information from third parties

  • Identity providers if you sign in with Google, Apple, or another OAuth provider — we receive your email and basic profile.
  • Payment processors confirm successful charges and provide fraud signals.
  • Banking partners (Nuqsaf only) provide transaction data, balances, and compliance flags.
04

How we use it.

We process personal information for these specific purposes, and no others:

  1. Provide the products you've signed up for — render generated content, route a voice call, settle a card transaction, store your prompt library.
  2. Operate accounts and billing — authenticate you, charge you, send receipts, prevent payment fraud.
  3. Communicate with you — service updates, security notices, replies to support requests. Marketing email only with consent and always with one-click unsubscribe.
  4. Improve our products — measure performance, fix bugs, evaluate model quality. We use aggregated and where possible anonymised data for this.
  5. Train AI models — only with explicit, opt-in consent, and never on confidential content (Nuqsaf transactions, AirDrv healthcare calls, identity documents). For other products we may use de-identified content unless you opt out in your settings.
  6. Comply with the law — anti-money-laundering, sanctions screening, tax reporting, and responding to lawful requests from authorities.
What we don't do.We don't sell your information. We don't show you ads inside our products based on your content. We don't use your private content to train models for other customers.
05

Who we share with.

We share personal information with a small set of vetted processors who help us run Nexobe. They are bound by contract to use the information only for the purposes we specify, to keep it secure, and to delete it when their work for us ends.

  • Cloud infrastructure — Cloudflare, Vercel, AWS (depending on the product). Hosting, storage, networking.
  • AI model providers — Anthropic, OpenAI, Replicate, and other foundation-model APIs. Content you submit to a product may be sent to these providers to fulfil your request, under contractual no-training and short-retention terms.
  • Payment processors — Stripe and, for regulated financial products, our banking-as-a-service and card-issuing partners.
  • Identity verification — KYC and AML providers, used only by Nuqsaf and only where required by law.
  • Email and notifications — providers that deliver transactional and marketing email on our behalf.
  • Analytics — privacy-respecting analytics that do not use cross-site tracking. We do not use ad-network tracking pixels on our marketing pages.
  • Customer support — tools that store the content of your support conversations with us.

We may also share information when legally required, when needed to protect rights and safety, or as part of a corporate transaction. In a merger, acquisition, or sale of assets, your information may transfer as part of that transaction, subject to this policy.

06

How long we keep it.

We keep personal information only as long as we need it for the purposes set out in this policy. The defaults below apply unless the law tells us otherwise.

  • Account information: while your account is active, plus 30 days after deletion to allow recovery.
  • Content you create: until you delete it, or 30 days after account closure, whichever comes first.
  • AirDrv call recordings and transcripts: 90 days by default, extendable by the practice for clinical record-keeping.
  • Nuqsaf transaction records and KYC files: retained for the period required by financial regulation in the relevant jurisdiction (typically 5–7 years after account closure).
  • Billing and tax records: retained for the period required by tax law (typically 7 years).
  • Server logs: 30 days, except for security investigation purposes.
07

Your rights.

Wherever you live, you have rights over your personal information. Depending on your jurisdiction these may include:

  • Access — request a copy of the information we hold about you.
  • Correction — ask us to fix inaccurate or incomplete information.
  • Deletion — ask us to delete your information, subject to legal retention obligations.
  • Portability — receive your information in a structured, machine-readable format.
  • Objection and restriction — object to certain processing, including marketing.
  • Withdraw consent — for any processing we do based on consent (for example, model training opt-in).
  • Complain — to your local data protection authority. We'd like the chance to fix things first — please email us before you do.

To exercise any of these rights, email privacy@nexobe.com. We respond within 30 days. If we need more time, we'll tell you why.

08

Security.

We use industry-standard controls to protect personal information: encryption in transit (TLS 1.2+) and at rest, scoped access controls with audit logging, regular third-party penetration testing, and an incident response plan. No system is perfectly secure — if a breach affects you, we'll notify you and the relevant authority within the deadlines required by law.

Help us help you: use a unique password, enable two-factor authentication where it's offered, and don't share your login credentials.

09

International transfers.

Nexobe operates studios in Pakistan and Oman, with infrastructure on global cloud providers and customers in many countries. Personal information is processed in the regions where our infrastructure runs and where our staff and processors operate.

Where we transfer personal information outside your country, we rely on legally recognised transfer mechanisms — for EU/UK residents, primarily Standard Contractual Clauses with supplementary measures where required.

10

Children.

Our products are not directed at children under 13 (or under 16 where local law requires a higher age). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we'll delete it.

11

Changes to this policy.

We'll update this policy when our practices change or the law requires it. The "Last updated" date at the top of the document tells you when. For material changes — anything that meaningfully affects your rights — we'll notify you via email or in-product notice before the change takes effect.

12

Contact.

Privacy questions, rights requests, complaints, anything: privacy@nexobe.com.

For postal mail, write to: Nexobe Limited, Faisalabad, Pakistan. We'll respond by email.

Have a question about this policy?

We read every email. Real human, no ticket queue.

privacy@nexobe.com

Looking for the terms of service?

Read the terms →