Legal

Privacy Policy

Effective date: June 7, 2026

1. Overview

This Privacy Policy explains how Nectory ("Nectory," "we," "us," or "our") collects, uses, shares, retains, and protects information when you access or use our website, applications, documentation tools, dashboards, public wiki pages, APIs, and related services (collectively, the "Service").

This policy applies to account holders, organization members, administrators, visitors to public Nectory pages, people who submit comments or feedback, and people who communicate with us. By using the Service, you acknowledge the practices described in this Privacy Policy.

2. Information You Provide

We collect information you provide directly to us when you create an account, configure an organization, build a wiki, upload media, invite members, contact support, submit feedback, comment on a public page, configure integrations, or pay for a subscription.

  • Account information, such as name, username, email address, profile image, email verification status, password authentication data, two-factor authentication status, and account preferences.
  • Organization and member information, such as organization names, slugs, logos, roles, invitations, invited email addresses, member activity, permissions, and administrative settings.
  • Content and configuration, such as spaces, pages, page titles, slugs, text, editor content, published content, drafts, media files, filenames, alt text, custom domains, theme settings, layout settings, SEO settings, custom CSS, comments, feedback, and webhook settings.
  • Billing information, such as Stripe customer IDs, subscription IDs, price IDs, plan, billing status, renewal period, and payment-related records. Full payment card details are processed by Stripe and are not stored by Nectory.
  • Communications, such as support requests, emails, abuse reports, feature requests, and other messages you send to us.

3. Information Collected Automatically

When you use the Service, we may automatically collect technical, usage, and diagnostic information needed to operate, secure, debug, analyze, and improve Nectory.

  • Device and connection information, such as IP address, browser type, operating system, user agent, approximate location derived from IP address, pages requested, timestamps, referring pages, and error logs.
  • Authentication and session information, such as session identifiers, session creation and expiration times, active organization information, IP address, user agent, and two-factor verification state.
  • Usage information, such as pages viewed, features used, searches, editor activity, comments, feedback submissions, administrative actions, webhook deliveries, media actions, analytics settings, and subscription events.
  • Public wiki analytics, such as visits, pageviews, referrers, devices, browsers, operating systems, and event data collected through Umami when analytics are enabled for a space.

4. Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to keep you signed in, maintain security, remember preferences, support authentication, and operate the Service. Some cookies are essential and cannot be disabled without affecting core functionality.

Nectory does not use advertising cookies or sell cross-site behavioral advertising profiles. Public wiki analytics are designed to be privacy-conscious and may be provided through Umami, which is intended to operate without traditional tracking cookies.

You can configure your browser to block or delete cookies, but parts of the Service may not work correctly if you do.

5. How We Use Information

We use information to provide, maintain, secure, support, and improve the Service and to communicate with users. We use personal information only for legitimate business purposes, with consent where required, or as otherwise permitted by law.

  • Create and manage accounts, sessions, organizations, spaces, pages, media libraries, comments, feedback, webhooks, and public wiki pages.
  • Authenticate users, verify email addresses, support OAuth login, enable two-factor authentication, enforce permissions, and prevent unauthorized access.
  • Process subscriptions, manage plans, handle billing events, detect payment issues, and provide invoices or billing portal access.
  • Deliver product emails, account emails, invitation emails, password reset emails, verification emails, comment notifications, weekly digests, support replies, and important service notices.
  • Provision and manage analytics for public wiki spaces and internal platform analytics.
  • Detect, investigate, prevent, and respond to fraud, abuse, security incidents, spam, service misuse, policy violations, and legal claims.
  • Debug errors, monitor performance, improve features, develop new functionality, and understand how users interact with the Service.
  • Comply with legal obligations, enforce our Terms of Service, resolve disputes, and protect the rights, safety, and property of Nectory, users, visitors, and others.

6. Legal Bases for Processing

Where privacy laws require a legal basis for processing personal information, we rely on one or more of the following bases: performance of a contract when we provide the Service to you; legitimate interests such as security, service improvement, fraud prevention, and customer support; consent where we ask for it; and compliance with legal obligations.

You may withdraw consent where processing is based on consent, but withdrawal does not affect processing that occurred before withdrawal and may limit your ability to use some features.

7. How We Share Information

We do not sell your personal information. We may share information only as needed to operate the Service, comply with law, protect rights and safety, complete business transactions, or with your direction.

  • Service providers and subprocessors that host infrastructure, store files, send email, process payments, provide analytics, support authentication, monitor errors, or help us operate the Service.
  • Organization owners and administrators who manage organizations, members, spaces, billing, content, comments, feedback, analytics, settings, and activity within their organization.
  • Public visitors when you publish public spaces, pages, comments, media, logos, profile information, or other content that is intended to be visible publicly.
  • Third-party integrations you configure, such as Discord webhooks or generic webhooks, which may receive event payloads based on your settings.
  • Legal, safety, and compliance recipients when we believe disclosure is required by law, subpoena, court order, government request, legal process, security investigation, abuse report, or to protect rights, safety, and property.
  • Successors in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar business transaction.

8. Third-Party Services

Nectory may use third-party services to operate key parts of the Service. These providers process information according to their own terms, privacy policies, and data processing commitments.

  • Stripe for payment processing, subscription management, checkout, billing portal access, invoices, tax handling, fraud prevention, and payment events.
  • Neon or another managed database provider for database hosting and backups.
  • AWS S3 or local storage infrastructure for media uploads, file storage, and file delivery.
  • Resend or another email provider for account emails, notifications, invitations, password resets, verification emails, support messages, and digests.
  • Discord OAuth for optional social login and Discord webhooks when configured by users.
  • Umami for privacy-conscious analytics on public wiki spaces and internal platform usage analytics when configured.
  • Hosting, deployment, logging, monitoring, security, and infrastructure providers needed to run the application.

9. Public Pages, Comments, and Feedback

Nectory is built to publish documentation. Public spaces and pages can be viewed by anyone and may include content, media, metadata, comments, feedback widgets, page titles, author-related information, and analytics scripts depending on settings.

If you submit a comment or feedback on a public wiki, we may collect your name, email address, message, page, space, timestamp, and related metadata. Space owners and authorized members may view, moderate, approve, delete, or respond to comments and feedback.

Information published publicly may be copied, indexed, archived, or retained by third parties outside our control.

10. Webhooks and External Integrations

If an organization configures webhooks or integrations, Nectory may send event payloads to the configured endpoint. Payloads may include information about pages, spaces, organizations, actors, event types, timestamps, and related metadata.

Organization administrators are responsible for ensuring webhook destinations are secure, authorized, and appropriate for the information they receive.

11. Data Retention

We retain personal information for as long as needed to provide the Service, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain security, and support legitimate business purposes.

Account, organization, page, media, comment, feedback, webhook, billing, and activity data may remain while the account or organization is active. Deleted spaces and pages may be retained temporarily in backups, logs, or soft-delete states before permanent deletion.

When you request deletion or close an account, we will delete or de-identify personal information within a reasonable period unless we need to retain it for legal, security, financial, backup, fraud prevention, dispute, or compliance purposes.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These measures may include access controls, encrypted transport, restricted credentials, authentication controls, backups, monitoring, and separation of server-only secrets from browser-exposed settings.

No method of transmission or storage is completely secure. You are responsible for using strong passwords, protecting your devices, managing member access, reviewing public visibility settings, and enabling available security features such as two-factor authentication.

13. International Data Transfers

Nectory and our service providers may process and store information in the United States and other countries. These countries may have privacy laws that differ from the laws where you live.

When required, we use appropriate safeguards for international transfers, such as contractual commitments or other mechanisms recognized by applicable law.

14. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent or appeal a privacy decision.

You can update some account, organization, space, notification, and billing settings directly in the Service. For requests that cannot be completed in the Service, contact us at hello@nectory.app. We may need to verify your identity and authority before fulfilling a request.

Some information may be controlled by an organization rather than by Nectory directly. If your account is managed by an organization, we may direct your request to the relevant organization owner or administrator.

15. U.S. State Privacy Notices

Certain U.S. state privacy laws provide residents with rights regarding personal information, including rights to know, access, correct, delete, obtain a portable copy, opt out of certain sharing, and avoid discrimination for exercising privacy rights.

Nectory does not sell personal information for money. We also do not knowingly sell or share personal information of children under 16. If our practices change, we will update this policy and provide any required opt-out controls.

16. European and United Kingdom Users

If you are in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws. These may include rights of access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority.

Where Nectory processes personal information on behalf of an organization customer, that organization may be the controller of the information and Nectory may act as a processor or service provider. Where Nectory determines the purposes and means of processing for account administration, billing, security, analytics, and service operations, Nectory acts as a controller.

17. Children's Privacy

Nectory is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact us at hello@nectory.app and we will take appropriate steps to delete it.

If you are under the age of majority where you live, you should use the Service only with involvement and consent from a parent or legal guardian.

18. Email and Communications

We may send service-related emails such as verification messages, password reset emails, account security notices, billing notices, organization invitations, comment notifications, weekly digests, support replies, and important policy or product updates.

You can manage certain notification preferences in the Service. You cannot opt out of transactional or security-related emails that are necessary to provide and protect the Service.

19. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will take reasonable steps to notify users, such as posting the updated policy, changing the effective date, sending email, or displaying an in-app notice.

The updated policy will apply from the effective date shown unless otherwise stated. Your continued use of the Service after the effective date means you acknowledge the updated policy.

20. Contact

Questions, requests, or complaints about this Privacy Policy or our privacy practices may be sent to hello@nectory.app.