Privacy Policy

1. Who we are

NexuvoLearn is operated by a New Zealand sole trader. We provide an AI-powered study platform for Microsoft certification exam preparation. By using the service, you agree to this privacy policy. Our practices are governed by the New Zealand Privacy Act 2020.

2. Information we collect

We collect the following categories of personal information when you use NexuvoLearn:

• Account information — your name, email address, and hashed password when you register.
• Usage data — questions answered, scores, session history, bookmarks, and study activity to power your personalised study experience.
• Payment information — credit card details are processed by Stripe. We do not store raw card numbers; only transaction metadata and credit balances are stored on our servers.
• Technical data — IP address, browser type, device information, and cookies as described in section 5.

3. How we use your information

We use the information we collect to provide, maintain, and improve NexuvoLearn. Specifically:

• To authenticate your account and maintain session security.
• To generate personalised AI study questions from official Microsoft Learn content tailored to your progress and weak domains.
• To manage your credit balance, process payments, and issue daily credit refreshes during the beta period.
• To send transactional emails such as password resets, daily study reminders, and important service notices.

We do not sell your personal information. We do not use your data for advertising purposes or share it with third parties for their marketing.

4. Third-party processors

We work with the following sub-processors, each bound by data processing agreements appropriate to their role:

5. Cookies

We use essential cookies only. These are strictly necessary to operate the service — specifically, your authentication session token. We do not use analytics cookies, advertising cookies, or any third-party tracking pixels. You can block cookies in your browser settings, but this will prevent you from logging in.

6. Data retention

We retain your account data and study history for as long as your account is active. If you request account deletion:

• Your account is deactivated immediately.
• Your personal data is permanently deleted within 30 days.
• Anonymised, aggregated usage statistics may be retained indefinitely as they cannot identify you.

7. Your rights

Under the New Zealand Privacy Act 2020, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — request that we correct inaccurate or incomplete information.
• Deletion — request that we delete your account and associated personal data.
• Portability — request your study history and account data in a portable format.

If you are located in the European Economic Area, you may also have additional rights under the GDPR, including the right to object to processing and the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact us at privacy@nexuvolearn.com.

8. Data security

We take the security of your personal information seriously and implement the following measures:

• All data in transit is encrypted using HTTPS/TLS.
• User data is stored in Supabase with row-level security policies enforced at the database layer.
• Passwords are hashed using bcrypt — we never store plaintext passwords.
• Payment data is handled entirely by Stripe, which maintains PCI-DSS Level 1 compliance.

No security system is impenetrable. In the event of a data breach that is likely to cause serious harm, we will notify affected users and the New Zealand Privacy Commissioner as required by law.

9. Contact

For privacy-related questions, requests, or complaints, please contact us at privacy@nexuvolearn.com. If you are unsatisfied with our response, you may also contact the Office of the New Zealand Privacy Commissioner.

← Back to home