Nexus Glass is operated by Nexus Quant (“Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, store, and protect information when you use the Nexus Glass platform at nexusglass.live (the “Platform”), including our REST APIs, WebSocket feeds, and associated services.

By accessing or using the Platform, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and authentication credentials (stored in hashed form). If you sign in through a third-party authentication provider (e.g., Google OAuth), we receive the profile information that provider shares with us, typically your name and email address.

1.2 API Key Data

When you generate API keys through your account, we store metadata associated with those keys including creation date, tier level, and usage statistics. We log API request metadata (endpoint, timestamp, response code, IP address) for rate limiting, security monitoring, and abuse prevention. We do not log request or response payloads.

1.3 Usage Data

We automatically collect information about how you interact with the Platform, including:

• Pages visited, features used, and dashboard configurations
• Timestamps and session duration
• Device type, browser type, and operating system
• IP address and approximate geographic location derived from IP
• Referral source (how you arrived at the Platform)

1.4 Analytics

We use Google Analytics 4 (GA4) to collect aggregate usage statistics. GA4 uses cookies to distinguish unique users and track sessions. GA4 data is used solely for understanding usage patterns and improving the Platform. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

1.5 Cookies and Local Storage

Nexus Glass uses the following types of cookies and browser storage:

• Essential cookies: Required for authentication, session management, and tier-based access control. These cannot be disabled without breaking core Platform functionality.
• Analytics cookies: Used by Google Analytics 4 as described above. These can be opted out of.
• Preference storage: We use browser local storage to save your dashboard layout preferences, theme settings, and selected symbols. This data remains on your device and is not transmitted to our servers.

We do not use advertising cookies, tracking pixels from third-party ad networks, or cross-site tracking technologies. For a detailed list of all cookies and instructions on managing them, see our Cookie Policy.

1.6 Paper Trading Data

If you use the paper trading simulation feature, we store your simulated trade history, strategies, and performance metrics. This data is associated with your account and is used solely to provide the paper trading service.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Platform operation: To authenticate your identity, manage your account, enforce tier-based access controls, and deliver the services you request
• Security and abuse prevention: To enforce rate limits, detect and prevent unauthorized access, monitor for suspicious activity, and protect the integrity of our infrastructure
• Performance improvement: To analyze usage patterns, identify performance bottlenecks, fix bugs, and improve Platform features
• Communication: To send service updates, security alerts, billing notifications, and respond to support requests
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not sell your personal information to third parties. We do not use your data to build advertising profiles. We do not share individual usage data with other users.

3. Data Sharing and Third-Party Services

We share data with third parties only in the following limited circumstances:

3.1 Service Providers

We use the following third-party services that process data on our behalf under contractual obligations:

• Hetzner Online GmbH: Infrastructure hosting (servers located in the European Union)
• Cloudflare, Inc.: Content delivery, DDoS protection, and DNS management
• Google LLC (Analytics): Aggregate usage statistics via GA4

Each provider processes data in accordance with their own privacy policies and our data processing agreements.

3.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request. We may also disclose information to protect the rights, property, or safety of Nexus Quant, our users, or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you via email or prominent notice on the Platform before your data is subject to a different privacy policy.

4. Data Storage and Security

Your data is stored on dedicated infrastructure hosted in the European Union (Hetzner, Germany). We implement the following security measures:

• All connections encrypted via TLS 1.2+
• Authentication credentials stored using industry-standard hashing algorithms
• Database access restricted to internal service network with ACL-based authentication
• Redis cache secured with TLS and access control lists
• Rate limiting at both application and infrastructure layers
• Honeypot endpoints for intrusion detection with automatic IP banning
• Non-root container execution for all application services
• Regular security monitoring and automated health checks

No system is perfectly secure. While we take reasonable and industry-standard measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and API keys.

5. Data Retention

• Account information: Retained for as long as your account is active
• API usage logs: Retained for 90 days, then automatically purged
• Analytics data: Retained in aggregate form for up to 26 months (GA4 default)
• Paper trading data: Retained for as long as your account is active
• Security logs: Retained for 12 months for incident investigation and compliance

If you delete your account, we will remove your personal information within 30 days. Aggregated, anonymized data that cannot be linked back to you may be retained indefinitely for analytical and statistical purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

6.1 General Rights (All Users)

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Withdrawal of consent: Withdraw consent for non-essential data processing at any time

6.2 European Economic Area (EEA) Users — GDPR

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is: contract performance (to provide the Platform services), legitimate interest (security, fraud prevention, Platform improvement), and consent (analytics cookies).

6.3 California Users — CCPA

If you are a California resident, you have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at the address below.

To exercise any of these rights, contact us at support@nexusglass.live. We will respond to verified requests within 30 days.

7. International Data Transfers

Our servers are located in the European Union. If you access the Platform from outside the EU, your data will be transferred to and processed in the EU. By using the Platform, you consent to this transfer. We ensure that data transfers comply with applicable data protection laws, including the use of appropriate safeguards where required.

8. Children’s Privacy

Nexus Glass is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a person under 18, please contact us immediately at support@nexusglass.live and we will delete it promptly.

9. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. Because there is no industry-standard interpretation of DNT signals, the Platform does not currently respond to DNT signals. However, you can manage your privacy preferences through the cookie and analytics opt-out options described in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and make reasonable efforts to notify you via email or a prominent notice on the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

11. Contact Information

For questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern:

Nexus Quant
Data Protection Contact: support@nexusglass.live
Platform: nexusglass.live