Privacy Policy

Last updated: June 3, 2026

nqzai ("nqzai", "we", "us") is an AI-powered go-to-market assistant for outbound cold email and inbound SEO. This policy explains what we collect, how we use it, and the choices you have. By using nqzai you agree to this policy.

1. Information we collect

Account data — your email address and authentication credentials (managed by our auth provider).
Product & campaign data — your website URL, product brief, personas, email signature, sending settings, standing instructions, and SEO site URL that you provide.
Contacts you create or upload — names, email addresses, companies, titles, and enrichment data for the leads you research or import.
Usage data — chat messages to the assistant, tool actions, and token/API consumption used to meter your plan.
Connected-service data — when you connect a third-party account (e.g. Google, Slack), the data described in Section 3.

2. How we use information

To operate the service — find and verify leads, draft and send emails, run sequences, and produce SEO research.
To meter usage and bill tokens against your plan.
To maintain security, debug errors, and improve the product.

We do not sell your personal data, and we do not use your contacts or connected-account data for advertising.

3. Google user data (Search Console & Analytics)

If you connect Google, you grant nqzai read-only access to your Google Search Console and Google Analytics (GA4) data via OAuth, using these scopes:

webmasters.readonly — read search performance (clicks, impressions, positions, queries).
analytics.readonly — read traffic metrics (sessions, users, channels).

We use this data solely to display your search and traffic performance back to you inside nqzai and to enrich your SEO audits. We store only an encrypted OAuth refresh token (AES-GCM at rest); access tokens are short-lived and never persisted. You can revoke access anytime from the Connectors panel or at myaccount.google.com/permissions.

Limited Use disclosure. nqzai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or use Google user data for serving ads, and we do not allow humans to read it except as needed for security, to comply with law, or with your explicit consent.

4. Service providers (sub-processors)

We share data only with vendors that help us run the service, under their own terms:

Cloudflare — application hosting.
Nhost / Hasura — database & authentication.
OpenRouter — large-language-model inference for drafting and research.
Lead & verification providers (e.g. Apify, Icypeas, api.market, MillionVerifier) — finding and verifying contacts.
SEO data providers (e.g. SearchApi, Apify, Common Crawl) — search and backlink data.
Email delivery — your own connected sending provider (BYOK) and/or Mailtrap for transactional mail.
Sentry — error monitoring.

5. Email sending

nqzai sends email through your own connected provider (bring-your-own-keys). You are responsible for the content of messages you send and for complying with anti-spam laws (see our Terms).

6. Data retention & deletion

We retain your data for as long as your account is active. You can delete contacts and disconnect integrations at any time in-app. To delete your account and associated data, email us at palash@nqz.ai.

7. Security

Connector secrets and OAuth tokens are encrypted at rest with AES-GCM. Access is restricted to your account. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your data.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Contact us to exercise them.

9. Changes

We may update this policy. Material changes will be reflected by the "Last updated" date above.

Contact

Questions about this policy or your data? Email palash@nqz.ai.