Privacy Policy

Nexrizen LLC privacy policy — how we collect, use, and protect your information.

Effective Date: April 12, 2026 Last Updated: April 14, 2026

Key Points Summary

  • We collect personal, financial, and payment data to deliver our services and process ACH and credit card payments via Stripe.
  • Bank account information (routing and account numbers) is encrypted and stored securely per NACHA and Stripe requirements.
  • We share data only with Stripe (our payment processor), analytics providers, and required legal authorities — we never sell your data.
  • We use cookies and analytics tools to improve our website. You can opt out at any time.
  • You may request access, correction, or deletion of your data by contacting team@nexrizen.com.
  • We retain transaction records for 7 years and ACH authorizations for 2 years after the last transaction.

1. Introduction and Scope

Nexrizen LLC (“Nexrizen,” “we,” “our,” or “us”) is a custom AI and software development company registered in San Juan, Puerto Rico. We build AI-powered automation tools, chatbots, document processing systems, and software solutions primarily for law firms, fintech companies, and other professional services clients.

This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you (a) use our website at www.nexrizen.com (the “Site”), (b) engage us for professional services (the “Services”), or (c) make or receive payments processed through our payment infrastructure. It also explains your rights regarding your personal information and how to exercise them.

This Policy applies to all individuals who interact with Nexrizen, including prospective clients, current clients, website visitors, and individuals whose information we process as part of delivering services. It does not apply to data we process on behalf of our clients as their data processor — in that context, our data processing obligations are governed by our agreements with those clients.

By using our Site or Services, or by providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us, including:

  • Identity Information: full name, job title, company name, and government-issued identification when required for compliance.
  • Contact Information: email address, mailing address, phone number.
  • Financial and Payment Information: bank account numbers, routing numbers, account type (checking or savings), payment card numbers (last four digits retained; full card numbers processed by Stripe and not stored by us), billing address, and transaction amounts. For ACH debit payments, we collect and retain ACH authorization records as required by NACHA Operating Rules.
  • Business Information: company registration details, tax identification numbers (EIN or SSN where required), and business descriptions provided during client onboarding.
  • Communications: messages, inquiries, and other content you send to us via email, contact forms, or other channels.
  • Marketing Preferences: your consent to receive promotional communications and your opt-out choices.

2.2 Information Collected Automatically

When you visit our Site, we and our service providers automatically collect:

  • Usage Data: pages visited, time and date of visits, referring URLs, features accessed, and time spent on the Site.
  • Device and Technical Data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Cookies and Tracking Technologies: see Section 8 (Cookies and Analytics) for a complete description.
  • Behavioral Data: click patterns, scroll depth, and interaction data collected by analytics tools.

2.3 Information from Third Parties

We receive information about you from:

  • Stripe, Inc.: Stripe collects and shares with us transaction data, payment outcomes, fraud signals, and behavioral data (such as typing patterns and mouse movements used in fraud detection). Stripe also acts as an independent data controller for some of the data it collects — see Section 7 for more detail.
  • Identity Verification Services: third-party providers used to verify your identity during onboarding.
  • Publicly Available Sources: professional profile information such as LinkedIn, business directories, and public regulatory filings, used for business development purposes.
  • Referral Partners: contact information provided to us by partners or existing clients who refer you to our Services.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: to provide, operate, maintain, and improve the AI and software development services you engage us for, including communicating project updates and delivering deliverables.
  • Payment Processing: to process ACH debit and credit card payments through Stripe, verify bank account ownership, execute and confirm transactions, and handle refunds or disputes.
  • ACH Authorization: to obtain, record, and maintain your authorization for ACH debit transactions per NACHA Operating Rules and Stripe’s requirements.
  • Fraud Prevention and Security: to detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities, including through Stripe’s fraud detection tools.
  • Legal and Regulatory Compliance: to comply with applicable law, including tax reporting obligations, anti-money laundering requirements, NACHA rules, and responses to lawful government requests.
  • Identity Verification: to verify your identity and the accuracy of the information you provide during onboarding.
  • Marketing Communications: to send you newsletters, promotional content, service updates, and other marketing materials where you have consented or where we have a legitimate interest in doing so. You may opt out at any time — see Section 9.
  • Analytics and Site Improvement: to analyze website traffic and usage patterns, understand how our Site and Services are used, and make improvements.
  • Business Operations: for internal recordkeeping, auditing, accounting, and administrative purposes.
  • Contract Performance and Dispute Resolution: to manage our contractual relationships and resolve any disputes that may arise.

For individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar requirements, we process your personal data on the following legal bases:

  • Contract Performance: processing necessary to fulfill our contractual obligations to you, including delivering services and processing payments.
  • Legal Obligation: processing required to comply with applicable law, including tax law, financial regulations, NACHA rules, and anti-money laundering obligations.
  • Legitimate Interests: processing for our legitimate business interests, including fraud prevention, network security, internal analytics, and business development, where those interests are not overridden by your rights and interests.
  • Consent: where we rely on your consent (e.g., for marketing emails or non-essential cookies), you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

5. ACH Debit Authorization and Payment Terms

5.1 Authorization Requirement

Before we initiate any ACH debit from your bank account, we will present you with a written authorization that clearly identifies: (a) Nexrizen LLC as the company authorized to debit your account; (b) the bank account to be debited; (c) the amount or method of calculating the amount; (d) the timing and frequency of debits; and (e) the method for revoking authorization. No ACH debit will be initiated without your prior written or electronic authorization.

NACHA Authorization Notice: By authorizing an ACH debit, you authorize Nexrizen LLC to debit the bank account you specify for any amount owed for charges arising from your engagement of Nexrizen LLC’s services, pursuant to your agreement with Nexrizen LLC and this Privacy Policy, until this authorization is revoked. You may revoke this authorization at any time by providing Nexrizen LLC with 30 (thirty) days’ written notice. Revocation of authorization does not cancel any outstanding payment obligations.

5.2 Recurring ACH Debits

If you authorize recurring ACH debits, we will notify you at least 7 calendar days before any change in the amount, frequency, or timing of your scheduled payments. You will receive email confirmation of each authorization, including the authorization date, your name, the name of your financial institution, your routing number, and the last four digits of your account number.

5.3 Data Collected for ACH Transactions

For ACH transactions, we collect and process: your full bank account number and routing number (transmitted to Stripe for processing; stored in encrypted or tokenized form per NACHA and Stripe requirements), account type, account holder name, and transaction amount. Bank account numbers are rendered unreadable when stored — they are encrypted, tokenized, or truncated and never stored in plain text.

5.4 Failed Payments and NSF

If an ACH debit is returned due to insufficient funds (NSF) or for another reason, we reserve the right to re-initiate the debit up to two additional times within 180 days of the original return, as permitted by NACHA Operating Rules. You will be notified of any returned payment.

5.5 Authorization Records

We retain all ACH authorization records for a minimum of two (2) years after the date of the last transaction associated with that authorization, consistent with NACHA Operating Rules. These records may be provided to our ODFI (Originating Depository Financial Institution), Stripe, or applicable regulators upon request.

6. Stripe: Our Payment Processor

We use Stripe, Inc. (“Stripe”) as our payment processing partner for ACH debit, ACH credit, and credit and debit card transactions. When you make a payment through our Services, your payment information is transmitted directly to Stripe.

Stripe operates as both a data processor on our behalf (processing your payment data according to our instructions) and as an independent data controller (collecting and using data for its own purposes, including fraud prevention, compliance, and network security). As an independent controller, Stripe may collect behavioral data such as typing patterns and mouse movements through its Stripe Radar fraud detection system.

Stripe’s privacy practices are governed by Stripe’s own Privacy Policy, available at https://stripe.com/privacy. We encourage you to review Stripe’s Privacy Policy to understand how Stripe collects, uses, and protects your information.

If we use Stripe Financial Connections for bank account verification, you will be presented with an explicit consent flow disclosing the purpose of accessing your financial data before any access occurs. Financial data accessed through Stripe Financial Connections is used solely for payment verification purposes and is not sold.

7. How We Share Your Information

We do not sell your personal information. We share personal information only as described below:

  • Stripe, Inc. (Payment Processor): we share financial and identity information with Stripe to process payments, verify bank accounts, and prevent fraud. Stripe is located in the United States. See Section 6 for details.
  • The ACH Network and Financial Institutions: to execute ACH transactions, transaction data is transmitted through the ACH network, which involves your bank or financial institution and intermediary financial institutions.
  • Analytics Providers: we share website usage data with analytics providers (including Google Analytics) to understand how our Site is used. See Section 8 for details and opt-out instructions.
  • Email Marketing Providers: we use third-party email marketing platforms to send newsletters and promotional communications to subscribers who have consented to receive them.
  • Cloud Infrastructure Providers: we use cloud hosting and infrastructure services. Your data may be stored on servers operated by these providers.
  • Identity Verification Services: we may share identity information with third-party verification services during client onboarding.
  • Professional Advisors: we may share information with attorneys, accountants, and other advisors under obligations of confidentiality.
  • Government and Regulatory Authorities: we may disclose information when required by law, court order, subpoena, or governmental authority, or when we believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of individuals.
  • Business Transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this Policy.
  • With Your Consent: we may share information with third parties when you have given us your explicit consent to do so.

8. Cookies and Analytics Technologies

8.1 What We Use

We use cookies and similar tracking technologies (web beacons, pixel tags, and local storage) on our Site. Cookies are small text files placed on your device that allow us to recognize you and your preferences across visits.

8.2 Categories of Cookies We Use

  • Essential Cookies: required for the Site to function. They enable core features such as session management and security. These cannot be disabled without impairing Site functionality. No consent is required for these cookies.
  • Analytics Cookies: we use Google Analytics (including cookies _ga, ga*, and _gid) to collect aggregated, anonymized data about how visitors use our Site, including pages viewed, time on site, and referral sources. Google Analytics data is processed by Google LLC under their own privacy policy at https://policies.google.com/privacy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-On at https://tools.google.com/dlpage/gaoptout.
  • Functional Cookies: these cookies remember your preferences (such as language or display settings) to provide a more personalized experience.
  • Marketing and Advertising Cookies: if we use advertising or retargeting tools, they may place cookies to track your visits across websites and serve relevant advertisements. Where required by law, we obtain your consent before placing these cookies.

When you first visit our Site, you will be presented with a cookie consent banner. Essential cookies are always active. For all other cookie categories, you may accept or decline at the time of the banner, or change your preferences at any time by contacting us at team@nexrizen.com. California residents may also exercise their opt-out rights under the CCPA by clicking “Do Not Sell or Share My Personal Information” on our Site. We honor Global Privacy Control (GPC) browser signals as an opt-out of data sharing.

9. Marketing Communications

With your consent, or where we have a legitimate interest in doing so, we may send you promotional emails about our Services, new offerings, case studies, and industry news.

You can opt out of marketing communications at any time by: (a) clicking the “Unsubscribe” link included in every marketing email, (b) emailing us at team@nexrizen.com with the subject line “Unsubscribe,” or (c) updating your communication preferences through your account settings if applicable. We will process opt-out requests within 10 business days in compliance with the CAN-SPAM Act.

Opting out of marketing communications does not affect your receipt of transactional communications, including payment confirmations, service updates, security alerts, and other communications necessary to the performance of our services. We will continue to send those communications to current clients.

We do not sell, rent, or share your email address with unaffiliated third parties for their own marketing purposes.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, and business requirements. The following retention periods apply:

  • Transaction Records and Payment History: 7 years from the date of the transaction, to comply with tax law and financial regulatory requirements.
  • ACH Authorization Records: 2 years after the date of the last transaction associated with that authorization, per NACHA Operating Rules.
  • Client Account Information: for the duration of the client relationship, plus 5 years after the relationship ends, for legal and audit purposes.
  • Marketing Consent Records: for the duration of your subscription to marketing communications, plus an indefinite suppression list entry if you unsubscribe (to ensure we honor your opt-out).
  • Website Analytics Data: up to 13 months of data retention in Google Analytics, per Google’s default settings.
  • Cookie Consent Records: retained for as long as necessary to demonstrate compliance, typically 3 years.
  • Business Communications: generally retained for 3 to 7 years depending on the nature of the communication and applicable legal requirements.

When retention periods expire, we securely delete or anonymize your personal information in accordance with our data deletion procedures.

11. Data Security

We implement and maintain reasonable technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. Our security practices include:

  • Encryption in transit: all data transmitted between your browser and our Site, and between our systems and Stripe, is encrypted using TLS 1.2 or higher.
  • Encryption at rest: sensitive financial data, including bank account information, is encrypted using AES-256 or equivalent encryption when stored.
  • Access Controls: access to personal and financial information is restricted to authorized personnel on a need-to-know basis, using multi-factor authentication where applicable.
  • ACH Data Security: bank account numbers and routing numbers are rendered unreadable when stored electronically, through encryption, tokenization, or truncation, in compliance with NACHA’s data security rules.
  • Vendor Security: we require third-party service providers who handle personal information to maintain appropriate security standards.
  • Incident Response: we maintain an incident response plan and will notify affected individuals and applicable regulators of data breaches as required by law.

No method of data transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

12. International Data Transfers

Nexrizen LLC is based in the United States, and your personal information is primarily processed and stored in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

Where we transfer personal data of individuals in the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States or other third countries, we do so in compliance with applicable data transfer requirements, including through Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

Payment data processed through Stripe may be transferred to Stripe’s servers in the United States and other countries where Stripe operates. Stripe’s international data transfer practices are governed by Stripe’s Data Processing Agreement and Privacy Policy.

13. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

13.1 Rights Available to All Users

  • Right to Access: you may request a copy of the personal information we hold about you.
  • Right to Correction: you may request that we correct inaccurate or incomplete personal information.
  • Right to Deletion: you may request that we delete your personal information, subject to our legal and contractual obligations to retain certain records.
  • Right to Opt Out of Marketing: you may opt out of marketing communications at any time as described in Section 9.

13.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: the right to know what categories of personal information we collect, the purposes for collection, the categories of third parties we share it with, and the specific pieces of personal information we hold about you.
  • Right to Opt Out of Sale or Sharing: we do not sell your personal information. If we ever engage in sharing for cross-context behavioral advertising, you may opt out by clicking “Do Not Sell or Share My Personal Information” on our Site, or by activating a Global Privacy Control (GPC) browser signal, which we will honor.
  • Right to Limit Use of Sensitive Personal Information: you may request that we limit the use and disclosure of your sensitive personal information (including financial account details) to what is necessary to perform the services you requested.
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us at team@nexrizen.com or write to us at the address in Section 18. We will respond within 45 days, with a possible extension of an additional 45 days where necessary.

13.3 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Right of Access (Article 15): the right to obtain a copy of your personal data and information about how it is processed.
  • Right to Rectification (Article 16): the right to have inaccurate or incomplete personal data corrected.
  • Right to Erasure (Article 17): the right to request deletion of your personal data under certain circumstances.
  • Right to Restriction of Processing (Article 18): the right to restrict how we process your personal data in certain situations.
  • Right to Data Portability (Article 20): the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: you have the right to lodge a complaint with your local supervisory authority. In the EU, a list of supervisory authorities is available at https://edpb.europa.eu.

13.4 Rights Available Under Other State Laws

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Delaware, and other states with comprehensive privacy laws may have rights similar to those described above, including the right to access, correct, delete, and opt out of certain processing activities. To exercise these rights, please contact us at team@nexrizen.com.

14. Children’s Privacy

Our Services are directed to businesses and professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EEA/UK). If we discover that we have inadvertently collected personal information from a child under the applicable age, we will promptly delete that information. If you believe we may have collected information from a child, please contact us immediately at team@nexrizen.com.

15. Financial Privacy Notice (Gramm-Leach-Bliley Act)

To the extent that Nexrizen LLC constitutes a “financial institution” under the Gramm-Leach-Bliley Act (GLBA), or processes nonpublic personal financial information (NPI) on behalf of entities subject to GLBA, the following financial privacy disclosures apply:

15.1 Types of NPI We Collect

We collect nonpublic personal information including: bank account numbers and routing numbers, payment card information, transaction history, income or financial information provided during onboarding, and tax identification numbers.

15.2 Categories of NPI Disclosed

We disclose NPI to: Stripe (payment processing and fraud prevention), financial institutions and the ACH network (to execute transactions), professional advisors under confidentiality obligations, and government authorities when required by law.

15.3 Former Clients

We continue to handle the NPI of former clients in accordance with this Privacy Policy and our data retention schedule. Former clients may contact us at any time to exercise their rights.

15.4 Security

We maintain a written information security program that includes administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of NPI. Our program is reviewed and updated on a regular basis.

15.5 Opt-Out

To the extent GLBA provides opt-out rights regarding the disclosure of your NPI to non-affiliated third parties, you may exercise that right by contacting team@nexrizen.com. Note that opt-out rights under GLBA do not apply to disclosures required by law or necessary to complete a transaction you have authorized.

16. State-Specific Disclosures

California — “Do Not Sell or Share My Personal Information”

We do not sell your personal information. If we engage in data sharing practices that constitute “selling” or “sharing” under California law, you have the right to opt out by contacting us at team@nexrizen.com or by activating a Global Privacy Control (GPC) signal in your browser. We honor GPC signals as a valid opt-out mechanism.

Categories of sensitive personal information we collect include: government identification numbers (where provided), financial account numbers, and precise geolocation data (only if collected through device permissions). We use sensitive personal information only to the extent necessary to provide our Services.

Texas Residents

Texas residents are not subject to GLBA exemptions under Texas privacy law. Accordingly, we apply the rights and disclosures described in this Policy to Texas residents in full, including rights to access, correct, delete, and opt out of processing.

Virginia, Colorado, Connecticut, Oregon, and Other State Residents

Residents of states with comprehensive privacy laws effective in 2025 or 2026 have rights to access, correct, delete, and opt out of sale, targeted advertising, and profiling that produces legal or similarly significant effects. To exercise these rights, contact team@nexrizen.com. We will respond within 45 days (or as otherwise required by applicable law).

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Policy;
  • Post the updated Policy prominently on our Site at www.nexrizen.com/privacy/; and
  • Where required by law or where changes materially affect how we use your information, notify current clients by email to the address associated with their account.

Your continued use of our Services after the effective date of a revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Nexrizen LLC Privacy and Data Protection Inquiries Email: team@nexrizen.com Website: www.nexrizen.com Registered Address: 1500 Ave. Los Romeros, Apt. 1207, San Juan, PR 00926

For California residents: you may also submit privacy rights requests by emailing team@nexrizen.com with the subject line “Privacy Rights Request.”

For EEA/UK residents: if you have a complaint about our handling of your personal data that we are unable to resolve, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.

This Privacy Policy was prepared for Nexrizen LLC. It does not constitute legal advice. Nexrizen recommends periodic review by qualified privacy counsel to ensure ongoing compliance with applicable law.