Privacy Policy

Maher's LLC ("the Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Nexus AI platform ("the Service"). This policy applies to all users of the Service, including visitors, registered users, and API consumers.

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service. This Privacy Policy is incorporated into and subject to our Terms of Service.

1. Information We Collect

We collect information through several methods to provide, improve, and secure the Service. The types of information we collect include:

1.1 Information You Provide Directly

• Account Information: Name, email address, and authentication credentials when you create an account through our OAuth provider.
• Profile Information: Optional profile details such as display name, avatar, and communication preferences.
• Exchange Credentials: API keys and associated permissions for cryptocurrency exchange accounts you choose to connect. These are encrypted using AES-256-GCM before storage.
• Chat Content: Messages, prompts, and conversations you have with the AI assistant, including uploaded files, images, and documents.
• Trading Preferences: Risk tolerance settings, watchlists, trading strategies, position size preferences, and notification configurations.
• Support Communications: Information you provide when contacting our support team, including email correspondence and feedback submissions.
• Payment Information: If you purchase premium features, payment details are processed by our third-party payment processor (Stripe) and are not stored on our servers.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, buttons clicked, time spent on pages, and navigation patterns within the Service.
• Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
• Network Information: IP address, internet service provider, referring/exit pages, and general geographic location (city/region level).
• Performance Data: Page load times, error logs, crash reports, and system performance metrics.
• Cookies & Similar Technologies: Session cookies for authentication, preference cookies for user settings, and analytics cookies for usage tracking. See Section 8 for details.

1.3 Information from Third Parties

• Exchange Data: When you connect exchange accounts, we receive account balances, trade history, order status, and market data through exchange APIs.
• AI Model Providers: Responses generated by third-party AI models (OpenAI, Google, Anthropic, xAI, Mistral, Meta) in response to your queries.
• OAuth Provider: Basic profile information from the authentication provider used during sign-in.
• Market Data Providers: Real-time and historical market data, including prices, volumes, and order book information.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Provide, operate, and maintain the Nexus AI platform and all its features.
• Process and execute trades on your behalf through connected exchange accounts.
• Deliver AI-powered conversation, research, and analysis capabilities.
• Maintain per-user data isolation and personalized dashboards.
• Stream real-time market data and trading signals via WebSocket connections.
• Store and retrieve your chat history to provide conversation continuity.

2.2 Service Improvement

• Analyze usage patterns to improve the user interface and user experience.
• Evaluate the performance and accuracy of AI models and trading algorithms.
• Identify and fix bugs, errors, and performance issues.
• Develop new features and capabilities based on user behavior and feedback.
• Conduct internal research and development for autonomous intelligence systems.

2.3 Communication

• Send you notifications about market events, trade executions, and system updates.
• Respond to your support requests, questions, and feedback.
• Notify you of changes to our Terms of Service, Privacy Policy, or other legal documents.
• Send promotional communications (only with your explicit opt-in consent).

2.4 Security & Compliance

• Detect, prevent, and respond to fraud, unauthorized access, and security threats.
• Monitor for violations of our Terms of Service and Acceptable Use Policy.
• Comply with applicable legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements.
• Respond to lawful requests from law enforcement and government agencies.
• Maintain audit logs for regulatory compliance and internal governance.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you under the Terms of Service (account management, service delivery, trade execution).
• Legitimate Interests: Processing necessary for our legitimate business interests, including service improvement, fraud prevention, and security monitoring, balanced against your rights and freedoms.
• Consent: Processing based on your explicit consent, such as marketing communications and optional analytics. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations, including financial services regulations, tax reporting, and law enforcement requests.

4. Data Sharing & Third Parties

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, subject to strict data processing agreements:

• AI Model Providers: OpenAI, Google (Gemini), Anthropic (Claude), xAI (Grok), Mistral, Meta (LLaMA), Perplexity, and DeepSeek. Your conversation inputs are processed by these providers to generate AI responses. Each provider has its own privacy policy governing data handling.
• Cryptocurrency Exchanges: Gemini, Coinbase, Kraken, and Binance. Trading data flows between our platform and the exchanges you connect. Each exchange has its own privacy policy.
• Cloud Infrastructure: We use cloud hosting providers for server infrastructure, data storage, and content delivery.
• Payment Processor: Stripe processes payment transactions. We do not store credit card numbers or bank account details on our servers.
• Analytics: We use analytics services to understand usage patterns and improve the Service.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

• Court orders, subpoenas, or search warrants.
• Requests from law enforcement or regulatory agencies.
• To protect the rights, property, or safety of Maher's LLC, our users, or the public.
• To comply with anti-money laundering, sanctions, and financial reporting obligations.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

5. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption at Rest: All sensitive data, including exchange API keys, is encrypted using AES-256-GCM encryption before storage.
• Encryption in Transit: All data transmission between your browser and our servers uses TLS 1.3 encryption (HTTPS).
• Access Controls: Role-based access controls limit employee access to personal data on a need-to-know basis.
• Infrastructure Security: Our servers are hosted in SOC 2 Type II certified data centers with physical security, redundant power, and environmental controls.
• Self-Healing Systems: Our infrastructure includes automated integrity monitoring, anomaly detection, and self-healing capabilities that detect and respond to security incidents in real-time.
• Per-User Isolation: Each user's data (chat history, trading records, exchange credentials) is logically isolated from other users' data.
• Regular Audits: We conduct regular security audits, penetration testing, and vulnerability assessments.
• Incident Response: We maintain a documented incident response plan and will notify affected users within 72 hours of discovering a data breach, as required by applicable law.

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to take steps to protect your account credentials.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods include:

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your account and associated personal data, subject to legal retention requirements.
• Disconnect Exchanges: Disconnect exchange accounts and have API keys permanently removed from our systems at any time.
• Export: Request export of your chat history, trading records, and account data in a machine-readable format.
• Opt-Out: Opt out of promotional communications at any time by clicking the unsubscribe link or updating your notification preferences.

7.2 EEA/UK Residents (GDPR)

• Right to Restriction: Request restriction of processing of your personal data in certain circumstances.
• Right to Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests, including profiling.
• Right to Withdraw Consent: Withdraw consent for processing at any time, without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, the business purposes, and the third parties with whom we share it.
• Right to Delete: Request deletion of personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Direct us to limit the use of sensitive personal information to purposes necessary to provide the Service.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law.

8. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We do not use advertising cookies or third-party tracking pixels for targeted advertising.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from the laws of your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with all service providers, and encryption of data in transit and at rest. By using the Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

10. Children's Privacy

The Service is not intended for use by anyone under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our systems. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected].

11. AI-Specific Data Practices

Given the AI-powered nature of our Service, we want to be transparent about how your data interacts with artificial intelligence systems:

• Conversation Processing: Your chat messages are sent to third-party AI model providers for processing. These providers may retain conversation data according to their own privacy policies and data retention practices.
• Model Training: We do not use your personal conversations to train our own AI models without your explicit consent. However, third-party AI providers may use anonymized data for model improvement according to their terms.
• Autonomous Actions: The AI may autonomously analyze your trading data, market conditions, and conversation history to generate insights and trading signals. These autonomous processes operate within the boundaries you configure in your risk settings.
• Self-Evolution: The Black Falcon System's self-evolution capabilities may change how your data is processed over time as the system adapts and improves. Material changes to data processing will be communicated through Privacy Policy updates.
• Cross-Model Processing: Your queries may be processed by multiple AI models simultaneously for cross-validation. Each model provider receives only the information necessary to generate a response.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no industry standard for how to respond to DNT signals, we do not currently alter our data collection and use practices in response to DNT signals. We will update this policy if a uniform DNT standard is adopted.

13. Data Protection Officer

For questions about our data protection practices or to exercise your privacy rights, you may contact our Data Protection Officer:

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email notification to registered users or through a prominent notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us: