◈ Shaman Nexus

Privacy Policy

Last updated: 12 June 2026

This Privacy Policy explains how Shaman Nexus ("Nexus", "we", "us"), a product operated under ShamanTech, collects, uses, and protects your personal data when you use the Nexus website and AI gateway service at nexus.shamantech.co. We process personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

1. Data we collect

  • Account data: email address, and authentication identifiers (including Google sign-in identifiers if you choose Google login).
  • Billing data: credit balance and transaction ledger. Card payments are processed by Stripe; we do not store your full card details.
  • Usage data: API requests you make through the hosted gateway — model used, token counts, timestamps, and cost — used for metering and billing.
  • Content data: the prompts and completions that pass through the hosted gateway, to the extent needed to provide and meter the service.
  • Technical data: IP address, device/browser information, and logs for security and abuse prevention.

BYOM (Bring Your Own Model) requests do not pass through our servers — your own provider key stays on your device and that traffic is not collected by us.

2. Why we use it (lawful basis)

  • To provide, meter, and bill the AI gateway service (performance of contract).
  • To operate accounts, authentication, and customer support.
  • To prevent fraud, abuse, and secure the service (legitimate interest).
  • To comply with legal and tax obligations.

3. Sharing & sub-processors

We share data only with service providers needed to run Nexus:

  • Supabase — database, authentication, and hosting (data stored in Singapore).
  • Cloudflare — the gateway runtime and network security.
  • Vercel — website hosting.
  • OpenRouter and the underlying AI model providers — to fulfil hosted inference requests.
  • Stripe — payment processing.
  • Google — if you use Google sign-in.

Some of these providers process data outside Thailand. We rely on appropriate safeguards for such cross-border transfers under the PDPA.

4. Retention

We keep account and billing records for as long as your account is active and as required for tax and legal purposes. Usage logs are retained for operational and security purposes. You may request deletion of your account and associated personal data (subject to records we must keep by law).

5. Your rights under the PDPA

You have the right to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact us at info@shamantech.co.

6. Security

We use industry-standard measures: encrypted transport (HTTPS), row-level access controls on your data, hashed API keys, and a money ledger isolated behind server-side controls. No method of transmission or storage is perfectly secure, but we work to protect your data.

7. Children

Nexus is not directed to children under the age required by applicable law. We do not knowingly collect data from children without parental consent.

8. Changes

We may update this policy. Material changes will be posted on this page with a new "last updated" date.

9. Contact

For any privacy question or to exercise your rights: info@shamantech.co