Privacy Policy
Shown on Google sign-in when you connect Gmail. Cookie Policy, DPA, and other policies are linked below.
Last updated: June 29, 2026
Effective Date: June 29, 2026 · Last Updated: June 29, 2026
Introduction
This Privacy Policy describes how VerixLab ("we," "us," or "our"), operating the Nexis service, collects, uses, discloses, and protects personal information when you visit our website, create an account, or use the Nexis application (collectively, the "Service").
We are committed to handling personal information in a manner consistent with fair information practices and Canadian privacy expectations, including principles similar to those found in the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. This Policy does not constitute legal advice.
By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Service.
About Nexis
Nexis is a productivity and lead-management workspace designed for real estate agents and similar business users. With your permission, Nexis may connect to your Gmail account and, where enabled, WhatsApp Business so you can view lead-related conversations, organize contacts, review communication history, and generate AI-assisted draft replies. Nexis does not automatically send emails or messages on your behalf — you must review and send communications yourself.
The Service is operated by VerixLab from Ontario, Canada.
Sensitive information from email and WhatsApp
Nexis may read and process sensitive information from connected Gmail and WhatsApp accounts only after the user grants permission through account login and the relevant connection or authorization flows.
We do not access, read, or retain email or WhatsApp information without that permission. When access is granted, we process and retain information only as needed to provide the Service, as described in this Policy and our Data Retention Policy, until the user disconnects integrations, requests deletion, or closes the account.
Use of Nexis after granting such access is also subject to our Terms of Use, including limitations of liability for losses arising from use of the Service after permission is granted.
Information We Collect
Depending on how you use the Service, we may collect the following categories of information:
Account and profile information
Name and display name
Login email address and password (stored in hashed form, not plain text)
Gmail address and phone/WhatsApp contact details you provide during onboarding or in Settings
Account preferences, plan selection, and setup status
Lead, contact, and workspace data
Lead and prospect names, email addresses, phone numbers, and related contact details
Lead source, status, tags, notes, pipeline stage, follow-up dates, and reminders
Property interest markers, summaries, and dashboard insights derived from your communications
Communication metadata and content needed to display threads and history in your workspace
Gmail and Google account data
When you choose to connect Gmail, we collect and process Google account-related information as described in the "Gmail and Google Account Data" section below.
WhatsApp data
When you connect WhatsApp Business through our integration, we may process message content, sender identifiers, timestamps, display names, phone numbers, and related metadata needed to show WhatsApp conversations in your unified inbox.
Technical, usage, and support information
Device and browser type, IP address, and general log data
Error logs, performance data, and security event records
Authentication session identifiers (for example, secure cookies used to keep you signed in)
Communications with support, feedback, and troubleshooting records
Cookie and similar technology data as described below
Payment information
If you subscribe to a paid plan, payment details are processed by our payment processor (for example, Stripe, when enabled). We do not store your full credit card number on our servers.
Gmail and Google Account Data
Nexis only accesses Gmail data after you authorize access through Google's OAuth consent screen. You choose whether to connect Gmail, and you can disconnect or revoke access at any time.
With your authorization, Nexis may access, read, process, and organize information from your Gmail account that is relevant to real estate workflows, including:
Emails related to leads, prospects, clients, property inquiries, showings, offers, and follow-up
Email metadata such as sender and recipient addresses, subject lines, timestamps, and thread identifiers
Message content, snippets, and bodies needed to display communication history
Attachment metadata; attachment content only where needed to provide inbox features you request
Information used to detect, classify, summarize, or prioritize real-estate-related conversations
We use Gmail-related data only to provide Service features, such as:
- Lead detection and contact organization
- Unified inbox and communication history
- Follow-up queues, reminders, and dashboard insights
- Composing or sending email only after you review and approve a message in Nexis
- AI-assisted draft suggestions based on thread context
- Security, troubleshooting, and service reliability
- We do not sell your Gmail data or customer personal information. We do not use Gmail data for advertising, ad targeting, or marketing profiling.
Limited human access: We do not allow employees or contractors to read your emails except in limited circumstances, such as when you request support and authorize access, when we reasonably believe review is necessary to investigate security incidents or abuse, to comply with law, or to protect the rights, safety, and integrity of the Service and its users.
Google API Services User Data Policy: Nexis's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How We Use Information
We use personal information to:
- Provide, operate, maintain, and improve the Service
- Authenticate users and secure accounts
- Connect and sync authorized Gmail and WhatsApp channels
- Display leads, conversations, summaries, statuses, and follow-up workflows
- Generate AI-assisted draft replies and contextual suggestions
- Send service-related emails (such as account notices, password reset, or administrative alerts)
- Process subscriptions and payments through third-party processors
- Monitor performance, prevent fraud, and protect against misuse
- Comply with legal obligations and enforce our agreements
- Communicate with you about updates, support, beta programs, or security matters
- We process personal information based on your consent, contractual necessity, legitimate interests (where permitted), and legal obligations, depending on the context.
AI-Assisted Features
Nexis may use artificial intelligence providers (such as OpenAI or similar services) to generate draft replies, summaries, or other suggestions based on conversation context you choose to process.
AI outputs are suggestions only and may be inaccurate, incomplete, outdated, or inappropriate.
Nexis does not automatically send emails or messages based on AI output.
You are responsible for reviewing, editing, verifying, and approving any draft before sending or relying on it.
AI features are not legal, financial, real estate, tax, brokerage, marketing, or professional advice.
How We Share Information
We do not sell personal information. We may share information only in these circumstances:
Service providers: With vendors that help us host, store, secure, analyze, or operate the Service, subject to appropriate safeguards and contractual obligations
At your direction: When you send a message, connect an integration, or otherwise instruct the Service to act
Legal and safety: When required by law, regulation, legal process, or to protect rights, safety, and security
Business transfers: In connection with a merger, acquisition, restructuring, or sale of assets, subject to this Policy
With your consent: Where you have given explicit permission
Third-Party Service Providers
We rely on third-party providers to operate Nexis. Depending on your use of the Service, these may include:
Google / Gmail / OAuth — email access, authentication, and sending on your approval
Meta / WhatsApp Business — WhatsApp messaging integration where enabled
Vercel — application hosting and delivery
Supabase — database, storage, and backend infrastructure
OpenAI (or another AI provider) — AI-assisted drafts and summaries when enabled
Resend (or similar) — transactional email such as password reset or account notices
Stripe (or similar) — subscription billing and payment processing when enabled
Analytics providers — only if and when analytics tools are enabled on our website or application
These providers process information according to their own privacy policies and our agreements with them. We require service providers to use personal information only to perform services for us, subject to appropriate confidentiality and security obligations.
Payments and Subscriptions
If paid plans are offered, subscription fees, taxes, trial terms, and renewal details will be presented at checkout or in your account. Payments are processed by third-party payment processors such as Stripe. We do not store full credit card numbers on our servers. Payment processors may collect billing name, email, payment method details, and transaction records according to their policies.
Cookies and Analytics
We use cookies and similar technologies as described in our dedicated Cookie Policy. Summary:
Essential cookies — such as secure session cookies that keep you signed in
Preference cookies — such as theme, layout, or sidebar settings stored in cookies or browser storage
Third-party technologies— such as scripts loaded when you connect WhatsApp through Meta's embedded signup flow
Analytics — if we enable analytics tools in the future, we will describe them here and, where required, request consent before non-essential tracking
You can control cookies through your browser settings. Disabling certain cookies may affect sign-in or preferences. Where required by law (for example, for visitors in certain jurisdictions), we will provide appropriate cookie notices or consent mechanisms.
Data Storage and International Processing
Personal information may be stored or processed in Canada, the United States, or other countries where our service providers operate (for example, where Vercel, Supabase, Google, Meta, OpenAI, or Stripe maintain infrastructure). Data protection laws in those jurisdictions may differ from those inCanada.
Where required, we take reasonable steps to ensure appropriate safeguards for cross-border processing, such as contractual protections with service providers.
Data Retention
See our Data Retention Policy for a detailed schedule. Summary:
We retain personal information only for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce our agreements, and maintain security logs.
Retention periods may vary by data type. For example, we may retain account information while your account is active, Gmail- or WhatsApp-derived data while your integrations remain connected, and certain logs for a limited period for security and troubleshooting. When you request deletion or disconnect integrations, we will delete or de-identify information within a reasonable period, subject to lawful exceptions (such as backup retention, fraud prevention, or legal hold requirements).
Security Safeguards
We use reasonable technical and organizational safeguards designed to protect personal information. These may include, where appropriate:
HTTPS encryption in transit
Secure, httpOnly session cookies for authentication
Hashed password storage
Access controls and restricted administrative access
Secure handling of OAuth tokens and refresh tokens
Database access restrictions and row-level security configurations
Logging and monitoring for security and operational purposes
No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for protecting your account credentials and devices.
Privacy Breaches and Incident Response
If we become aware of a privacy or security incident affecting personal information under our control, we will assess the incident, take reasonable steps to contain and remediate it, and notify affected individuals and/or regulators where required by applicable law.
User Choices and Rights
Subject to applicable law, you may have rights to request access to, correction of, or deletion of your personal information, and to withdraw consent for certain processing where consent is the legal basis.
You may also:
- Update account details in Settings where available
- Download a copy of your data from Settings → Privacy & data
- Disconnect Gmail or WhatsApp integrations
- Revoke Google OAuth access through your Google Account security settings
- Delete your account from Settings, or contact us for assistance
- Opt out of non-essential marketing communications where applicable
- We may need to verify your identity before responding to certain requests. We may decline requests where permitted or required by law.
Disconnecting Gmail and Revoking Access
You can stop Nexis from accessing Gmail data by:
- Using disconnect or reconnect controls in Nexis Settings, where available
- Revoking Nexis's access in your Google Account at myaccount.google.com/permissions
- Contacting us to request deletion of stored Gmail-derived data
- After disconnection, we will stop collecting new Gmail data. Previously stored Gmail-derived data will be deleted according to our retention practices and your deletion requests, subject to lawful exceptions.
Deleting Your Data
You may delete your account and associated workspace data from Settings → Privacy & data in the Nexis app. Depending on your request, we delete account credentials, lead records, conversation history, integration tokens, and related data within a reasonable period, subject to legal retention requirements and backup cycles.
You may also request deletion or correction by contacting us at verixlabsai@gmail.com. If you are a platform administrator deleting a user account through internal admin tools, similar deletion or wipe processes may apply according to our internal procedures.
Legal Requirements and Safety
We may preserve or disclose information if we believe in good faith that it is reasonably necessary to comply with law, respond to lawful requests, enforce our Terms of Use, protect the safety of users or the public, or detect and prevent fraud, abuse, or security issues.
Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, incorporation into a corporation, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law and notice where required. Any successor entity will be bound by commitments consistent with this Policy or will notify you of material changes.
Children's Privacy
The Service is intended for business and professional users. It is not directed to children under the age of 16 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can take appropriate steps.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on this page and update the "Last Updated" date. Where required by law, we will provide additional notice. Your continued use of the Service after an update means you accept the revised Policy, subject to applicable law.
Contact Us
For privacy questions, access requests, correction requests, deletion requests, or complaints, contact:
Business Name: VerixLabEmail: verixlabsai@gmail.comMailing Address: Ontario, Canada — contact verixlabsai@gmail.com for our current business mailing addressProvince/Country: Ontario, Canada
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario, as applicable.
See also our Terms of Use, Cookie Policy, Data Retention Policy, Refunds & Cancellation Policy, and our Data Processing Agreement (DPA).
This document is provided for transparency and operational purposes. It is not legal advice. Consider having a qualified lawyer in Ontario review this document before public launch.