privacy policy.

This policy explains what we collect, why, who we share it with, and your choices. We collect the minimum we need to run cuehq for your brand, and we never sell your personal information. Questions: privacy@cuehq.social.

In this policy, “personal information” means information that identifies or relates to an identifiable person.

1. who is responsible.

cuehq is operated by Nxera LLC (see our terms for entity details). We are the controller of the account and usage data we hold about you. When we process data on your behalf to provide cuehq (for example, your brand knowledge base), we act as your processor, and our data processing addendum applies.

2. what we collect.

• Account data: your name, email, and profile basics, including what we receive when you sign in with Google.
• Brand data you provide or authorize us to gather: your website content, uploaded files, social handles, competitor lists, and the brand knowledge base built from them.
• Public social content: posts, threads, comments, and related public signals that our data providers return for the topics and accounts relevant to your brand.
• Product data: drafts generated for you, the opportunities surfaced, and which ones you act on or skip.
• Billing data: your plan, billing status, and the last digits and type of your card. Full card details are handled by Stripe; we do not store them.
• Technical data: device, browser, IP address, and usage logs, including data from essential and security cookies (see our cookie policy).

3. why we use it.

We use this information to provide and operate cuehq (scan, score, draft, deliver digests), to authenticate you, to bill you, to provide support, to keep the service secure and prevent abuse, to improve and develop features, and to meet legal obligations. Our legal bases, where required, are performance of our contract with you, our legitimate interests in running and improving cuehq, your consent (where we ask for it), and compliance with law.

4. who we share it with.

We share data with service providers that help us run cuehq, only as needed and under contract. These include: Supabase (database, authentication, file storage), Anthropic (AI models that generate voice profiles, scores, and drafts), Apify and TwitterAPI.io (social data providers), Resend (email delivery), Stripe (payments), Vercel (hosting), Cloudflare (security and bot protection), and Google (sign-in). A current list lives in our data processing addendum. We may also share data to comply with law, enforce our terms, protect rights and safety, or as part of a merger, acquisition, or sale of assets. We do not sell your personal information and do not share it for cross-context behavioral advertising.

5. AI processing.

To build voice profiles, score opportunities, and draft replies, we send relevant brand data and public content to our AI provider. That provider processes it to return output to us and, under our agreement, does not use it to train its models.

6. how long we keep it.

We keep personal information while your account is active and as needed for the purposes above. When you delete your account or ask us to, we delete or de-identify your personal information within a reasonable period, except where we must keep records for legal, tax, security, or dispute reasons. De-identified, aggregated data may be kept and used without limitation.

7. your rights.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict your personal information, to object to certain processing, and to withdraw consent. California residents have rights to know, delete, correct, and to opt out of sale or sharing (we do neither), and not to be discriminated against for exercising them. To exercise any right, email privacy@cuehq.social. We may need to verify your identity. You can also complain to your local data protection authority.

8. international transfers.

We operate from the United States and may process data there and in other countries. Where required, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, for transfers from the EEA, UK, or Switzerland.

9. security.

We use reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls, and bot protection. No method is perfectly secure, and we cannot guarantee absolute security.

10. children.

cuehq is for businesses and is not directed to anyone under 18, and we do not knowingly collect personal information from children.

11. changes.

We may update this policy. If changes are material, we will give reasonable notice. The “last updated” date above shows the current version.

12. contact.

privacy@cuehq.social.