Privacy Policy

1. Data Minimization & Stateless Processing

NexuDesk AI Summary ("we", "our", or "us") is built with a "Privacy-First" architecture focused on minimizing retained support data. We process ticket content only as needed to provide ticket analysis and reply drafting, and we do not store raw ticket bodies, raw customer comments, or full raw conversation text on our servers after processing.

Key Privacy Principle: transient processing, minimal server-side retention, and browser-local caching of AI output whenever possible.

2. How Your Data is Handled

2.1 Local Storage Only

AI-generated summaries and suggested replies are cached in your local browser storage for faster reuse in the same Zendesk account, ticket, and agent context. This means:

• AI output is primarily reused from your browser on the same device
• Cached entries are isolated by Zendesk subdomain, ticket ID, and agent ID
• Once you clear browser storage or the cache expires, cached AI output is removed from the browser
• NexuDesk does not use this browser cache as a shared cross-user history store

2.2 PII Desensitization

Before ticket content is sent from NexuDesk to the configured AI provider, our service can apply PII (Personally Identifiable Information) scrubbing to mask sensitive details:

• Email addresses
• Phone numbers
• Credit card numbers
• Social security numbers
• Physical addresses

This desensitization is controlled by the app's Privacy Shield setting and is enabled by default. When enabled, masking is applied during NexuDesk's server-side processing before content is forwarded to the AI provider.

2.3 AI Processing

Ticket content is transmitted via encrypted HTTPS/TLS channels to NexuDesk for transient processing and then, when needed, to the configured AI processing provider. Important safeguards:

• Raw ticket text is processed to generate the requested analysis and draft reply, but is not stored server-side as raw ticket content after processing
• When Privacy Shield is enabled, supported PII is masked before content is sent from NexuDesk to the AI provider
• AI-generated output is returned to the app and cached in the browser for later reuse on the same ticket and agent context
• NexuDesk stores only limited operational identifiers and audit metadata needed to operate the service

2.4 What We Actually Collect

We collect limited operational identifiers and metadata for service operation, license enforcement, troubleshooting, and billing:

• Installation ID
• Zendesk subdomain
• Account ID, ticket ID, and agent ID
• Model name, usage status, and latency or processing metadata
• License and subscription status information

We do NOT intentionally store: raw ticket bodies, raw customer comments, customer names, customer email addresses, customer phone numbers, physical addresses, agent names, or agent email addresses in our service database.

3. License and Account Information

For subscription management and customer support, we collect:

• Email address (for license delivery and support)
• License key and activation status
• Purchase date and payment method type
• Subscription plan and usage limits

4. Custom SOP Library (Optional Feature)

If you choose to use the custom SOP library feature, we store:

• SOP titles and content you upload
• SOP categories and tags
• SOP matching preferences and configurations

Note: Your SOP library is stored on our servers to enable account-level configuration and cross-device access. This feature is optional, and you can use the core ticket analysis workflow without uploading SOP content.

5. How We Use Information

The limited information we collect is used solely for:

• License validation and activation
• Billing and subscription management
• Providing customer support
• Sending important service updates or security notifications
• Improving extension performance and reliability

We will never sell, rent, or share your information with third parties for marketing purposes.

6. PII Desensitization

Our PII desensitization system automatically detects and can mask:

• Email addresses
• Phone numbers
• Credit card numbers
• Social security numbers
• Physical addresses
• IP addresses
• Other personally identifiable information

When the PII filter is enabled, supported PII patterns are masked before content is sent from NexuDesk to the AI provider. Because ticket content is first transmitted to NexuDesk for service processing, you should not interpret this feature as a guarantee that original content never reaches NexuDesk.

7. Data Retention

We retain different types of data for varying periods:

• Ticket Content: Processed transiently to provide the service and not stored by NexuDesk as raw ticket text after processing
• AI Summaries and Reply Drafts: Cached in your browser local storage and removable by clearing browser storage or waiting for cache expiry
• SOP Library: Retained while your license is active (optional feature)
• Usage and Audit Metadata: Retained for operational, billing, abuse prevention, and support purposes, subject to applicable legal and business requirements
• Account Data: Retained while license is active, plus 2 years for legal/accounting purposes

8. Third-Party Services

8.1 AI Processing Providers

We use OpenAI-compatible AI processing providers to generate ticket analysis and reply drafts. Provider selection may vary based on NexuDesk configuration. Data handling by those providers is governed by their own terms and privacy commitments. Where available, NexuDesk uses business-grade API offerings intended for application integration rather than public consumer chat products.

• NexuDesk sends only the content needed to fulfill the requested analysis workflow
• When enabled, Privacy Shield masks supported PII before provider submission
• You should review the applicable provider privacy terms for provider-specific retention and processing details

8.2 Payment Processing

Payments are processed through Creem.io and Stripe. We do not store full credit card information.

8.3 Zendesk Integration

We access Zendesk data through their official API. Your relationship with Zendesk is governed by their privacy policy.

9. Data Security

We implement industry-standard security measures:

• HTTPS/TLS encryption for app-to-service and service-to-provider communication
• Local browser caching of AI output instead of shared server-side content history
• Optional PII masking before AI provider submission
• Secure API authentication and authorization
• Operational access controls for service components

10. Your Rights

You have the right to:

• Access your account data and SOP library
• Request correction of inaccurate information
• Delete your account and associated data
• Export your SOP library in portable format
• Ask what account and subscription information NexuDesk stores about your workspace
• Clear local browser cache at any time to remove all AI summaries

To exercise these rights, contact [email protected].

11. GDPR Compliance

For users in the European Economic Area (EEA):

• We process data based on contractual necessity, legitimate interests, or other lawful bases that apply to the service relationship
• You have the right to lodge a complaint with your supervisory authority
• Where required, cross-border transfers are handled using contractual, organizational, or other legally recognized safeguards
• You may contact NexuDesk to request more information about privacy and data handling for your account

12. Children's Privacy

NexuDesk AI Summary is not intended for individuals under 18. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or requests:

Email: [email protected]

15. Disclaimer

NexuDesk AI Summary is not affiliated with, sponsored by, or endorsed by Zendesk, Inc. or OpenAI. This Privacy Policy applies only to NexuDesk AI Summary services.