Legal
Privacy Policy
Effective June 23, 2026
This policy explains what Nuvio collects, why we collect it, and the choices you have. We try to keep it short and human — no walls of legalese.
1. Who we are
Nuvio (“Nuvio”, “we”, “us”) is a bio automation service for X (Twitter). You connect data sources such as Stripe, Google Analytics 4, and Google Search Console; Nuvio fetches live metrics and keeps your X bio updated from templates you control. This policy describes how we handle personal data when you visit our website or use the product.
2. Information we collect
Account information
When you sign up we receive your email address and any profile details you choose to share (such as your name). We use a third-party authentication provider (Supabase Auth) to securely store credentials — we never see or store your password.
Bio and integration settings
You may configure bio templates, product names, sync schedules, and which metrics appear in each connected X account’s bio. If you connect third-party services, we store the settings needed to use them (for example, which GA4 property or Search Console site you selected).
Third-party credentials and tokens
When you connect integrations, we store encrypted credentials or OAuth tokens so Nuvio can fetch metrics and update your bio on your behalf:
- Google: OAuth refresh and access tokens, plus your chosen GA4 property ID and Search Console site URL.
- Stripe: a restricted API key you provide, used only to read revenue totals.
- X (Twitter): OAuth authorization you approve so Nuvio can read and update the bio on accounts you connect.
These secrets are encrypted at rest. We do not display full API keys or tokens in the product after you save them.
Metrics we fetch on your behalf
On your chosen sync schedule (or when you manually sync), Nuvio reads aggregate metrics from connected services and inserts them into your bio template. We fetch only summary totals — not individual customers, queries, pages, or user-level analytics:
- Google Analytics 4: total sessions for the last 30 days for the property you select.
- Google Search Console: total clicks and impressions for the last 28 days for the site you select.
- Stripe: gross revenue and charge count for the last 30 days.
We store the rendered bio text and sync history (timestamps, success or error status) so you can review what was posted.
Usage and device data
We collect basic logs (IP address, browser type, pages visited, timestamps) and product analytics (which features you use, error events). This helps us keep the service reliable and understand what to improve.
Cookies
We use a small number of strictly-necessary cookies for sign-in and session handling. We may also use privacy-respecting analytics that set a first-party cookie or local-storage entry. You can clear these at any time from your browser settings.
3. How we use Google data
If you connect Google, you initiate OAuth from our Integrations page. Nuvio requests read-only access to Google Analytics and Google Search Console. We use that access only for your account and only as described below. We do not sell Google data, use it for advertising, or share it with third parties except as needed to operate the service (see Section 5).
Google Analytics (`analytics.readonly`)
- List GA4 properties you have access to so you can choose which property to use.
- Read total session count for the last 30 days for your selected property.
- Display that number in your X bio when your template includes a
{sessions}variable.
Google Search Console (`webmasters.readonly`)
- List Search Console sites you have access to so you can choose which site to use.
- Read total clicks and impressions for the last 28 days for your selected site.
- Display those numbers in your X bio when your template includes
{clicks}or{impressions}variables.
You can disconnect Google at any time from Integrations. After disconnecting, we stop calling Google APIs with your tokens and delete stored Google credentials as part of removing that integration.
4. How we use information
- To operate and improve the Nuvio product.
- To fetch metrics from services you connect and update your X bio according to your templates and sync settings.
- To communicate with you about your account, billing, important changes, or support requests.
- To detect, prevent, and respond to fraud or abuse.
- To comply with legal obligations.
5. Sharing your information
We don’t sell your personal information. We share data only with service providers that help us run Nuvio, including:
- Hosting & database: Vercel and Supabase.
- Payments: Stripe, for subscription billing.
- Google: when you connect Google, our servers call Google APIs with your OAuth tokens to list properties or sites and read the aggregate metrics described above.
- Stripe (metrics): when you connect Stripe, our servers call the Stripe API with your key to read revenue totals for your bio.
- X (Twitter): when you connect an X account, we use your authorized OAuth tokens to read and update the bio on that account.
- Analytics & error monitoring: to keep the product fast and reliable.
We may also disclose information when required by law, in response to a valid legal process, or to protect the rights, property, or safety of Nuvio, our users, or others.
6. Data retention
We keep your account, integration settings, and sync history for as long as your account is active. If you disconnect an integration, we remove the associated encrypted credentials. If you delete your account we remove your personal data within 30 days, except where we’re required to retain it for legal reasons (for example tax records).
7. Security
We use encryption in transit (HTTPS/TLS) and at rest for sensitive integration credentials, role-based access controls, and follow industry-standard practices to protect your data. No system is perfectly secure — if you discover a vulnerability please report it to us at d@devkonic.com.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, export, or restrict our use of your personal information. You can disconnect integrations from your dashboard, or email us at d@devkonic.com. We’ll respond within 30 days.
9. International transfers
Nuvio is operated globally and your information may be processed in countries other than the one you live in. When we move data across borders we use safeguards such as standard contractual clauses to protect it.
10. Children
Nuvio isn’t intended for anyone under the age of 16. We don’t knowingly collect personal information from children. If you believe a child has given us their data, contact us and we’ll delete it.
11. Changes to this policy
If we make material changes we’ll update the “Effective” date at the top and, where appropriate, notify you by email or in the product. Continued use of Nuvio after a change means you accept the updated policy.
12. Contact
Questions, concerns, or requests? Drop us a line at d@devkonic.com and we’ll get back to you.