Privacy Policy

1. Personal Data Collected

Neexis Render collects only the personal data necessary to provide and improve our services. The data we may request or generate when you use our platform include:

• Identification data: name and email address, collected when you create an account or register. If you sign in via Google (or another external provider), we obtain your name and associated email from that provider for authentication purposes.
• User content and images: any 3D files, images or other files you upload, as well as renders generated by our tools. Such content may constitute personal data if it allows you to be identified (e.g. models containing people or identifying information).
• Usage data and electronic identifiers: technical information derived from your navigation of the application or website. This includes your IP address, browser, operating system, pages visited, date and time of access and other usage data. We also use cookies and similar technologies (see "Cookies" below).
• Payment data: information necessary to process your purchases or paid subscriptions. Neexis Render does not store your full payment-card details; these are securely handled by our payment provider (Stripe). We may retain certain transaction data (amount, date, status and, where applicable, the last four digits of your card) for billing, proof of payment and fraud prevention.

2. Purpose and Legal Basis for Processing

The data collected will be processed for specific, explicit and legitimate purposes, and will not be used in a manner incompatible with those purposes. Below we describe each purpose and the corresponding legal basis under the GDPR:

• Service provision and account management, basis: performance of a contract. Use: creating your user profile, enabling sign-in, generating and storing your renders, and personalizing your experience.
• Image and content processing, basis: performance of a contract. Use: providing the core functionality of Neexis Render (processing uploads, applying transformations, AI-generated content).
• Payments and billing, bases: performance of a contract and compliance with legal obligations. Use: communicating payment data to Stripe to process payments; retaining proof of transactions for fiscal and accounting purposes.
• User communications and support, bases: performance of a contract and/or our legitimate interest. Use: sending service confirmations, important platform updates, support-ticket responses and technical notifications.
• Service improvement and analytics, basis: legitimate interest, and, where non-essential cookies are involved, your explicit consent. Use: aggregated statistical analysis (including cookie analytics) to optimize performance, interface and security.
• Marketing communications, basis: your prior consent (or, for existing customers, possibly our legitimate interest under applicable law, respecting your opt-out rights). Use: newsletters, product updates or promotions, with an unsubscribe link in every email.
• Security and fraud prevention, basis: legitimate interest. Use: monitoring IPs, device identifiers and activity logs to detect unauthorized access, malicious automation or policy violations.
• Legal-obligation compliance, basis: legal obligation. Use: retaining data to fulfill anti-fraud, tax, court or public-authority requirements.

Should we later process your personal data for any purpose not listed above, we will inform you in advance and, if required, obtain your consent.

3. Use of Your Content to Train AI Models

Neexis Render does NOT use your uploads or the renders generated by the platform to train AI models, either our own or third-party models. We also do not share your content with AI providers for them to use as training data.

When we process your files through third-party generative-model providers (e.g. Google's Gemini API), we do so in inference mode only, under contracts that prohibit using the content for subsequent training. This policy is reflected in our Terms of Service and is maintained as a binding commitment.

4. Third-Party Services Used

To provide our services efficiently and securely, Neexis Render relies on trusted third-party providers, acting either as data processors under our instructions or, in some cases, as joint controllers. The main services are:

• Google Cloud Platform (GCP): cloud hosting and storage of user files (including uploaded and generated images). We use EU-based data centers (europe-west9, Paris) whenever possible and apply standard contractual clauses for any transfer outside the EEA.
• Stripe (payment gateway): secure payment processing. Card data is transmitted directly to Stripe via encrypted connections; Neexis Render does not access full card numbers. Stripe complies with PCI-DSS and uses legal mechanisms to protect EU users' data in international transfers.
• Google (authentication and analytics): option to sign in with a Google account (OAuth), accessing only the profile data you authorize. Google Analytics is used, where applicable, for anonymized aggregated statistics and only with your explicit consent.
• Google (generative AI models): AI image generation is performed via Google APIs (Gemini) under contracts prohibiting use of content for training. Your content is processed in inference mode and is not retained beyond the time needed to return the result.
• Brevo (transactional and marketing email): sending transactional emails (confirmations, reminders) and, with your consent, marketing communications. Brevo processes email and name, never authentication tokens.
• Other providers: large-file storage services, embedded modules, etc. We vet all vendors for GDPR compliance and ensure adequate safeguards for any transfers outside the EU.

All third parties process personal data only according to our instructions and for the purposes described. We regularly audit their security measures and require them to be maintained.

5. Minors

Our services are intended for users aged 18 or older. Users aged 14–17 may register only with verifiable parental or guardian consent. We do not knowingly process data of children under 14; if unauthorized accounts are detected, they will be deleted without delay.

6. User Rights

Under the GDPR you have the following rights regarding your personal data held by Neexis Render:

• Right of access: obtain a copy of the data we hold about you and information on processing.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): request deletion when data are no longer needed, consent is withdrawn or processing is unlawful.
• Right to restriction: temporarily suspend processing in certain circumstances.
• Right to portability: receive your data in a structured, common format and transmit it to another controller.
• Right to object: oppose processing based on legitimate interest or direct marketing at any time.
• Right to withdraw consent: revoke consent for cookies or marketing without affecting past processing.
• Right not to be subject to automated decisions: we do not use solely automated decision-making with legal or similarly significant effects. If this changes, you will be informed and can request human intervention.

To exercise any right, write to [email protected]. We may request identity verification and will respond free of charge within one month (extendable by a further month for complex cases). You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es, although we encourage you to contact us first for an amicable resolution.

7. Data Retention Periods

• Active users: we retain account data, content and preferences while your account is active.
• Deleted accounts: upon deletion, most personal data are erased or anonymized, except those required by law (e.g. tax records kept 4–6 years, security logs up to 12 months).
• Legal holds: certain data may be retained longer for legal compliance or dispute resolution, then permanently deleted when no longer required.

8. Security Measures

We implement appropriate technical and organizational safeguards to protect data against unauthorized access, alteration, loss or destruction, including:

• TLS 1.3 encryption for data in transit.
• AES-256 encryption for data at rest, including uploads and renders.
• Access controls and strong authentication for systems containing personal data (MFA for staff, principle of least privilege).
• Encrypted storage and multi-tenant isolation: each user has their own storage bucket, isolated from other users.
• Firewalls, IDS/IPS and proactive monitoring.
• Encrypted backups stored in separate locations.
• Staff training and internal privacy/security policies.

In the unlikely event of a breach affecting your rights, we will notify authorities and affected users within the legally mandated timeframe. For full details, see our Security Policy.

9. Third-Party Links

Our platform may contain links to external sites. When you leave Neexis Render, this Privacy Policy no longer applies. We recommend reviewing each third party's privacy policy, as their practices may differ.

10. Account Deletion Procedure

You may delete your account at any time:

• Via the platform: go to your profile settings, select "Delete account" and confirm with your password.
• By email: send a request to [email protected] with your username or email. We may ask for identity verification before processing.

Once confirmed, your account will be deactivated and data deleted as described in the retention period. If you return within the legal hold period, reinstatement may be possible; otherwise, you must create a new account.

11. Cookies

Cookies are small text files stored on your device to facilitate site functionality, remember preferences or collect usage statistics.

• Necessary cookies: essential for core functions (session management, language preferences).
• Preference cookies: remember your interface and regional settings.
• Analytical cookies: collect aggregated, anonymous usage data (e.g. via Google Analytics) only after your explicit consent.
• Advertising cookies: not currently used; any future use will require your consent.

On first visit, a cookie banner lets you accept or reject non-essential cookies. You can change your preferences anytime via the banner or browser settings. Rejecting all cookies may impair certain features.

12. Contact

For any questions or requests regarding this Privacy Policy or your personal data, write to:

Email: [email protected]

Our data-protection team will respond as soon as possible within the legally required deadlines. Please include identifying information (e.g. your account email) so we can process your request securely.