Skip to main content
Legal

Privacy Policy

How we collect, use, and protect your information on the Nexertise platform.

Last updatedApril 23, 2026EffectiveApril 23, 2026

1. Introduction

This Privacy Policy describes how Yisrael Gottlieb, an individual doing business as "Nexertise" ("we," "our," or "us"), collects, uses, and protects information when you use the Nexertise platform, including the nexertise.com website, the NexAds advertising product, and the NexFeed professional content platform (collectively, the "Platform").

Nexertise is a B2B Verified-Engagement Advertising network connecting identity-verified professionals with advertisers who want their attention. By using the Platform, you agree to the practices described in this policy.

!
Pilot notice. Nexertise is currently operating in a limited pilot phase. Data practices may evolve; we will notify you of material changes as described in Section 11.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, phone number (optional), and account preferences.
  • Professional Profile: Industry, role, expertise areas, work history, and public-facing profile content.
  • Identity Verification: Government-issued photo ID, a live selfie, and verification metadata, processed by Stripe Identity (see Section 4.2).
  • Payment and Payout Information: Bank account or debit card details for payouts (collected and stored by Stripe Connect, not by us). For advertisers: card details and billing address (collected by Stripe Checkout).
  • Biometric Authentication Credentials: If you enroll a passkey or biometric sign-in (WebAuthn), your fingerprint, face, or other biometric data never leaves your device. We store only the public cryptographic credential returned by your device.
  • Campaign Content: For advertisers, the pitch content, images, quiz questions, and any other campaign materials you submit.
  • NexFeed Content: Posts, comments, votes, and follows you create on NexFeed.
  • Insights: Ratings, recommend/not-recommend flags, and written feedback you provide after engaging with a NexAd.
  • Support Communications: Messages you send us through support chat, email, or feedback forms.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, actions taken, campaigns engaged with, time spent on the Platform, and navigation patterns.
  • Device Information: Browser type and version, operating system, device type, screen resolution, language, and timezone.
  • IP Address and Network Data: Your IP address, approximate geolocation derived from it, and network information used for security and fraud prevention.
  • Device Fingerprint: We generate a device fingerprint from non-identifying device characteristics (screen resolution, timezone, language, installed fonts, and similar signals). The fingerprint is stored exclusively as a one-way cryptographic hash and cannot be reversed to identify your device or you personally.
  • Cookies and Local Storage: We use essential cookies and browser storage for authentication, session management, and preferences. See Section 8.

2.3 Proof-of-Attention Telemetry (NexAd Engagements)

When you engage with a NexAd, the Platform runs an anti-fraud system we call Proof-of-Attention. This system is designed to detect automated engagement, AI impersonation, and attempts to game the comprehension-verification system. We collect:

  • Reading time and focus events: Whether the NexAd tab was active, when it lost focus, and how long you spent on each section.
  • Interaction telemetry: Scroll position, pointer movement patterns, keystroke timing (dynamics, not content), paste events, and right-click attempts.
  • Reading-pattern signals: Aggregate patterns that help distinguish human reading from automated scraping.
  • Invisible content markers ("canary"): Hidden text injected into NexAd content to detect copy-and-paste into external tools.
  • Response-timing analysis: How quickly you answer comprehension questions, measured to detect automated answering.
  • Canvas rendering: Some NexAd content is rendered to an HTML canvas; we record whether the canvas was actually painted on your device.
  • Optional biometric attention challenges: Some engagements may present a WebAuthn presence challenge. You complete it with your device's built-in authenticator; no biometric data is transmitted to us.

Proof-of-Attention telemetry is used solely to detect fraud and determine whether a NexAd engagement qualifies for compensation. It is not shared with advertisers and is not used for advertising targeting.

Proof-of-Attention is one layer of the Iron Dome, the Nexertise verification architecture that keeps the professional network authentic. The full set of verification layers is described on our Security page.

2.4 Information from Third Parties

  • Stripe Identity: Identity verification results (pass/fail), verified name, verified date of birth, and verification metadata.
  • Stripe and Stripe Connect: Payment and payout status, dispute/chargeback notifications, and Connect account status.
  • Email providers (Resend): Delivery status, bounce, and complaint data for transactional emails.

3. How We Use Your Information

We use the information we collect to:

  • Create and operate your account and keep you signed in.
  • Verify your identity and maintain the trust tier of the professional network.
  • Match you with NexAds relevant to your industry and tier.
  • Process payments and payouts and calculate platform fees.
  • Calculate your Reputation Score (RS), tier, and daily engagement limits.
  • Detect and prevent fraud, abuse, Sybil accounts, AI impersonation, and attempts to game the comprehension system.
  • Issue, appeal, and expire strikes against your account under our Strike System.
  • Provide advertisers with aggregated, anonymized engagement results (see Section 4.1).
  • Send transactional emails (account, campaign, payout, security).
  • Improve Platform reliability, performance, and safety.
  • Comply with legal obligations, respond to law-enforcement requests, and enforce our Terms of Service.
We do not sell your personal information and we do not use your data to train third-party large language models. Internal automated systems (including AI-assisted moderation and quality review) may process your content to enforce Platform rules.

4. Information Sharing

4.1 With Advertisers

When you complete a NexAd engagement, the advertiser receives:

  • Your insights (rating, recommend/not-recommend flag, and free-form feedback).
  • Your tier (T1–T5) and the industry and role listed on your profile.
  • Aggregated comprehension results across the campaign.

We never share your name, email address, phone number, physical address, IP address, government ID, biometric credentials, or Proof-of-Attention telemetry with advertisers.

4.2 With Service Providers

We share information with trusted third parties who operate parts of the Platform on our behalf:

  • Supabase: Database, authentication, and file storage (hosted in the United States).
  • Stripe, Stripe Connect, and Stripe Identity: Payment processing, payouts, and identity verification.
  • Vercel: Website hosting and edge infrastructure.
  • Resend: Transactional email delivery.
  • Sentry: Application error monitoring and crash reporting. Sentry may receive partial request data (URL, user-agent, and error context) when an error occurs.
  • Google Analytics 4: Aggregated website analytics. We use standard GA4 with IP anonymization; we do not enable advertising features or cross-site tracking.
  • Anthropic and OpenAI (as applicable): AI model providers used for internal moderation, content-quality review, and support tooling. Content sent to these providers is not used to train their public models under their API terms.

Each provider is bound by its own data protection obligations and is only authorized to use your information to perform services for us.

4.3 For Legal and Safety Reasons

We may disclose your information when we reasonably believe disclosure is necessary to:

  • Comply with applicable law, subpoena, court order, or government request.
  • Enforce our Terms of Service, including fraud and abuse investigations.
  • Protect the rights, property, or safety of Nexertise, our users, or the public.
  • Detect, prevent, or address security, fraud, or technical issues.

4.4 Business Transfers

If Nexertise is acquired, merged, or sold — or if a successor entity is formed (for example, when the current sole-proprietorship incorporates) — your information may be transferred to the acquiring or successor entity subject to the same protections described in this policy.

5. Data Retention and Account Deletion

We retain personal information for as long as your account is active or as needed to provide services. Financial records (payouts, invoices, tax reporting) are retained for a minimum of seven (7) years as required by tax regulations.

You may delete your account at any time from your account settings. Upon account deletion, any remaining balance in your wallet, including pending earnings and escrowed advertiser funds, is permanently forfeited and cannot be recovered. We recommend withdrawing all available funds before deleting your account.

After deletion, we retain a cryptographically hashed record of your email address and IP address (using HMAC-SHA256) for fraud prevention. These hashes cannot be reversed to recover the original values. Retention periods:

Clean accounts
1 year
No policy violations
With strikes or ban
2 years
Active strikes at deletion
Financial records
7 years
Required by tax law

6. Your Rights

6.1 Rights Under GDPR (EU / EEA / UK Residents)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data (subject to legal retention obligations).
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: restrict processing in certain circumstances.
  • Object: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent at any time for processing based on consent.
  • Lodge a complaint: with your local data protection authority.

Our lawful bases for processing are (a) contract performance, (b) legitimate interests in fraud prevention and Platform integrity, (c) your consent for optional features, and (d) compliance with legal obligations. To exercise these rights, email privacy@nexertise.com.

6.2 Rights Under CCPA / CPRA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share about you.
  • Delete personal information we have collected, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt-out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Limit use of sensitive personal information.
  • Non-discrimination for exercising your rights.

We do not offer financial incentives for personal information. To exercise your rights, email privacy@nexertise.com. We will verify your identity before fulfilling your request.

6.3 Data Processing Agreement

Advertisers who transfer personal data of EU/EEA/UK data subjects through the Platform may request a Data Processing Agreement by emailing privacy@nexertise.com.

7. Data Security and Breach Notification

7.1 Security Measures

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

  • Encryption in transit (HTTPS / TLS 1.2+).
  • Encryption at rest for sensitive data stored in Supabase.
  • HMAC-SHA256 hashing of identifiers in deletion records.
  • Row-level security (RLS) policies enforcing per-user access in the database.
  • Access controls and least-privilege principles for internal tooling.
  • Audit logging of administrative actions.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7.2 Data Breach Notification

If we become aware of a security incident that has resulted in, or is reasonably likely to result in, unauthorized access to or disclosure of your personal information, we will:

  • Investigate and contain the incident as quickly as practicable.
  • Notify affected users without undue delay, by email to the address associated with your account and, where appropriate, by prominent notice within the Platform.
  • For incidents affecting EU / EEA / UK residents, notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Articles 33 and 34.
  • For incidents affecting New Jersey and other U.S. state residents, provide notification in the manner and within the timeframes required by applicable state breach-notification laws (including N.J.S.A. 56:8-163).
  • Include in our notice, where known: a description of the incident, the categories of information affected, the likely consequences, steps we are taking in response, and steps you can take to protect yourself.

We will not delay notification to investigate or evaluate liability. If a law enforcement agency determines that notification would impede an active criminal investigation, we may delay notification only to the extent and for the period they require in writing.

To report a suspected security issue or vulnerability, email security@nexertise.com.

8. Cookies and Similar Technologies

We use the following categories of cookies and local storage:

  • Essential: authentication tokens, session state, and CSRF protection. These cannot be disabled while using the Platform.
  • Preference: UI preferences (theme, layout, dismissed banners).
  • Analytics: Google Analytics 4 cookies for aggregate usage analytics.
  • Fraud prevention: Stripe sets fraud-prevention cookies on payment pages.

We do not use advertising or cross-site tracking cookies. You can disable non-essential cookies through your browser settings; the Platform will continue to function.

9. Children's Privacy

The Platform is intended only for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a user under 18, we will delete it promptly.

10. International Transfers

Your information may be stored and processed in the United States and in other countries where our service providers operate. For transfers of personal data out of the EU/EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or a prominent notice on the Platform at least seven (7) days before the change takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise your privacy rights, contact:

Privacy
privacy@nexertise.com
DPO
dpo@nexertise.com
Security
security@nexertise.com
Legal
legal@nexertise.com

A mailing address for legal notices will be added when a registered business address is available; until then, email notice to legal@nexertise.com is sufficient.

Read the Terms of Service·The Iron Dome: our verification layers