Log in
Sign up

Privacy

Last updated: 12 February 2026

1. Introduction

Nerzo (“Nerzo”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you access or use our website, applications, platform, tools, and related services (collectively, the “Services”).

We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation where applicable, the Data Protection Act 2018, and other applicable data protection legislation. We are committed to principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

 

2. Data Controller

For the purposes of applicable data protection law, Nerzo acts as the data controller in respect of personal data collected and processed through the Services.

As data controller, we determine the purposes and means of processing personal data. Where we engage third-party service providers, they act as data processors under contractual obligations consistent with applicable data protection laws.

If you have questions regarding this Privacy Policy or the processing of your personal data, you may contact us at:

team@nerzo.ai

 

3. Scope of This Policy

This Privacy Policy applies to personal data collected when:

  • You create or manage a Nerzo account
  • You subscribe to a paid plan
  • You interact with the platform’s features
  • You contact support
  • You visit our website
  • You engage with marketing communications
  • This Policy does not apply to third-party services that may be linked from our platform. Such services are governed by their own privacy policies.

 

4. Categories of Personal Data Collected

We collect personal data necessary to operate the Services and fulfil contractual obligations. The categories of data we may collect include:

 
4.1 Account Information

When you create an account, we may collect:

  • Full name
  • Email address
  • Password credentials (securely hashed)
  • Profile information
  • Subscription plan details

This information is necessary to provide access to the Services and authenticate users.

 
4.2 Billing and Payment Data

Payments are processed via Stripe. We do not store full payment card details. We may receive limited billing metadata, such as:

  • Billing status
  • Subscription identifiers
  • Payment confirmation
  • VAT-related information where required

Stripe acts as an independent data controller in relation to payment processing.

 
4.3 Usage and Technical Data

We may collect information about how you access and use the Services, including:

  • IP address
  • Device type
  • Browser type
  • Operating system
  • Usage logs
  • Feature interaction data
  • Timestamp data

This data supports system security, fraud prevention, and service improvement.

 
4.4 User-Generated Content

You may upload, input, or generate business-related content within the platform. This may include project names, business plans, brand concepts, workflow tasks, campaign information, and AI prompts.

We process such content solely for the purpose of providing and improving the Services.

Users are responsible for ensuring that any personal data included in uploaded content complies with applicable law.

 

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

Contractual Necessity

Processing is necessary for the performance of a contract between you and Nerzo, including:

  • Account creation and authentication
  • Subscription management
  • Platform functionality
  •  Customer support
Legitimate Interests

We may process data where necessary for legitimate business interests, provided such interests do not override your fundamental rights. These interests include:

  • Platform security and fraud prevention
  • Service improvement
  • System performance monitoring
  • Direct marketing to existing customers
 
Legal Obligations

We may process data to comply with legal obligations, including accounting, tax, regulatory, and fraud prevention requirements.

Consent

Where required by law, we rely on consent for certain activities, including non-essential cookies and certain marketing communications. Consent may be withdrawn at any time.

 

6. AI and Automated Processing

The Services include AI-assisted features that process user inputs to generate outputs.

You acknowledge that:

  • Inputs may be processed through automated systems
  • Outputs are generated algorithmically
  • Outputs may contain inaccuracies
  • Outputs are not legal, financial, or professional advice

We do NOT claim ownership of your inputs or outputs. However, AI-generated outputs may be similar to outputs generated for other users.

Users are responsible for reviewing and validating outputs before relying upon them.

 

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.

Retention periods may vary depending on:

  • Active account status
  • Subscription duration
  • Legal and tax requirements
  • Legitimate operational needs

When accounts are deleted, personal data is removed from active systems. Certain data may remain in secure backups for a limited period before permanent deletion.

We apply storage limitation principles consistent with applicable law.

 

8. Data Sharing and Processors

We engage third-party service providers to operate the Services. These may include:

  • Supabase (database infrastructure)
  • Stripe (payment processing)
  • Hosting providers
  • Analytics services
  • Email communication services

All processors operate under written data processing agreements requiring confidentiality, security safeguards, and lawful processing.

We do NOT sell personal data to third parties.

 

9. International Transfers

Where personal data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Contractual data protection measures

We take reasonable steps to ensure data remains protected in accordance with applicable law.

 

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encrypted HTTPS connections
  • Access controls
  • Authentication safeguards
  • Database-level permissions
  • Secure hosting infrastructure
  • Backup systems
  • Monitoring and logging

No system can guarantee absolute security. Users are responsible for maintaining account credential confidentiality.

 

11. Your Data Protection Rights

Subject to applicable law, you have the right to:

  • Request access to your personal data
  • Request rectification of inaccurate data
  • Request erasure where legally permissible
  • Request restriction of processing
  • Object to processing
  • Request data portability
  • Withdraw consent

To exercise your rights, contact team@nerzo.ai.

We may require identity verification before responding.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

 

12. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects without human review.

 

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, regulation, or platform functionality. Material changes will be communicated appropriately.

Continued use of the Services constitutes acceptance of the revised Policy.

 

14. Contact

team@nerzo.ai

Install on macOS

Tap Share
Tap Share
Add to Dock
Add to Home Screen
Tap Add
Confirm Add

Install on iOS

Tap Share
Tap Share
Add to Home Screen
Add to Home Screen
Tap Add
Confirm Add