Privacy Policy

Last updated: May 9, 2026

This policy explains what data thyfwxit.com and the Nexus AI Terminal at thyfwxit.com/nexus collect, how it's used, and which third parties are involved. The site is operated solo by Xavier Scott (THYFWX). It is a personal project, not a commercial product.

What I collect from every visitor

• Standard server logs: IP address, browser user-agent, timestamp, page requested. Used for security, debugging, and basic analytics. Retained ~30 days.
• Approximate geolocation: derived from IP via ipinfo.io. Used to show region-appropriate content and helplines. Not stored long-term.
• Cookies: a single session cookie named nexus_session (HTTP-only, Secure, SameSite=None on HTTPS). Holds your sign-in state. Cleared when you sign out.

What I collect when you sign in with Google

• Your Google account name, email, and profile picture (via OAuth).
• A persistent ID linking your account to your saved settings (custom AI memory, leaderboard handle, image-generation history).

Email and profile picture stay on your device's localStorage. The server stores only an account ID hash plus your chosen leaderboard handle.

What I collect when you chat with the AI

• Every chat prompt and AI reply is forwarded to the AI provider (Groq, HuggingFace, or Google Gemini) to generate a response. I do not log the full text on our servers permanently — chats live in your browser's memory only and are cleared when you close the tab.
• If you trigger a critical-content moderation pattern (violence, CSAM, etc.), the offending prompt is forwarded to the operator's private Discord channel for review and a temporary lockout is applied. This is for safety enforcement, not advertising.
• Guests: chats are session-only. Closing the tab erases everything.
• Google-signed users: the last few messages per mode persist in your browser's localStorage so the AI can follow context. You can wipe them anytime via the AI Profile panel.

What I collect when you generate an image

• Your text prompt is sent to the image provider (Replicate, Pollinations, or Hugging Face). The generated image is base64-encoded and saved to your browser's storage so you can view your history. Images are NOT stored on our server.
• Quota tracking: a counter of how many images you've generated today is kept server-side, tied to your account ID hash, so we can enforce daily limits.

Third-party services

• Google AdSense (ads) — uses cookies and may collect anonymous usage data to show relevant ads. Opt out: adssettings.google.com. Google's policies: policies.google.com/technologies/partner-sites
• Google OAuth — sign-in only. I never receive your password.
• Groq, Hugging Face, Replicate, Google Gemini, Pollinations — AI inference providers. Your prompts and image requests are forwarded to them. Subject to their respective privacy policies.
• ipinfo.io — IP-to-region lookup. No personal data shared.
• Cloudflare Pages — frontend hosting. Standard CDN logs.
• Render.com — backend hosting.

Cookies

• nexus_session — session sign-in state. Set by Nexus. Lasts 30 days.
• AdSense cookies — set by Google when ads load. Used for ad personalization and frequency capping. Managed via Google's settings link above.
• No other tracking cookies.

Your rights

• Access / deletion: Email xavier@thyfwxit.com with your account email. Deletion is permanent and immediate.
• Sign out / forget: The avatar dropdown has Sign Out (clears session) and Forget All (wipes browser-stored memory).
• EU/UK/CA visitors: Google's funding-choices banner offers consent management for ad personalization.
• California (CCPA): I don't sell personal data.

Data retention

• Server logs: ~30 days then rotated.
• Account data (handle, image quota counter): until you request deletion or stop using the site for 12+ months.
• Generated images: 30 days max in your browser, then auto-deleted from your local history.

Children

Nexus is intended for users 18 and older. The Unfiltered chat mode in particular contains adult-oriented content and requires explicit confirmation. If I learn a child under 13 has provided personal data, I'll delete it on request.

Changes to this policy

If this policy changes meaningfully, the new version is posted here and the "Last updated" date above is bumped. Major changes are also announced in the changelog (/changelog).

Contact

Xavier Scott (THYFWX) — xavier@thyfwxit.com