Privacy Policy
Last updated: December 3, 2025
At Nexosly Blog, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.
1. Information We Collect
We may collect the following types of information:
1.1 Personal Information
When you create an account on our blog, we collect:
- Email address: Required for account creation and authentication
- Name: Optional, displayed with your articles
- Password: Stored securely using bcrypt hashing (never in plain text)
- Account metadata: Account creation date, last update date, user role (Admin/Editor)
1.2 Content You Create
When you create content on our platform:
- Articles: Title, content, excerpt, featured images, publication status, dates
- Categories and Tags: Content organization data you create
- Metadata: Creation dates, modification dates, publication dates
1.3 Usage Data (with consent)
If you consent to analytics cookies, we may collect:
- Page views: Which pages you visit on our website
- Referrer information: The website that referred you to us
- Browser information: User agent string (browser type and version)
- Geographic data: Country information (if available from your IP address)
- IP address: Hashed for privacy protection (we never store your actual IP)
Note: Analytics data is only collected if you explicitly accept analytics cookies. You can manage your cookie preferences at any time in our Cookie Settings page.
1.4 Cookies
We use cookies to enhance your browsing experience. See our Cookie Policy below for more details.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Personalize your experience on our website
- Send you updates and communications (with your consent)
- Analyze website usage and trends
- Detect and prevent fraud or abuse
3. Cookie Policy
Cookies are small text files stored on your device when you visit our website. We categorize cookies as follows:
3.1 Essential Cookies
These cookies are necessary for the website to function properly and cannot be disabled. They include:
- Authentication cookies: Required for logging into your account (managed by NextAuth.js)
- Session cookies: Maintain your login session
- Security cookies: Protect against CSRF attacks
Storage: These cookies are stored in your browser and expire when you close your browser or log out.
3.2 Analytics Cookies
These cookies help us understand how visitors interact with our website. They collect information anonymously and include:
- Page view tracking: Which pages you visit
- Referrer information: Where you came from
- Browser and device information: User agent data
- Geographic data: Country information (if available)
Consent required: These cookies are only set if you accept analytics cookies. You can change your preferences at any time in our Cookie Settings page.
Storage: Cookie consent preferences are stored in your browser's localStorage.
3.3 Marketing Cookies
Currently, we do not use marketing cookies. If we implement marketing features in the future, we will update this policy and require your explicit consent.
3.4 Managing Your Cookie Preferences
You can manage your cookie preferences at any time:
- Visit our Cookie Settings page to customize your preferences
- Use your browser settings to control cookies (note: this may affect website functionality)
- Clear your browser's localStorage to reset your cookie preferences
4. Data Security and Storage
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
4.1 Security Measures
- Password Security: Passwords are hashed using bcrypt (10 rounds) and never stored in plain text
- HTTPS: All data transmission is encrypted using SSL/TLS
- Authentication: Secure session management using NextAuth.js with JWT tokens
- CSRF Protection: Built-in protection against cross-site request forgery attacks
- Input Validation: All user inputs are validated and sanitized before storage
- Database Security: Access to the database is restricted and secured
4.2 Data Storage
- Location: Data is stored in a secure PostgreSQL database hosted by our service provider
- Retention: We retain your data for as long as your account is active or as needed to provide services
- Deletion: When you delete your account, we will delete your personal data, except where we are required to retain it for legal purposes
- Backups: Regular backups are performed for data recovery purposes
4.3 Limitations
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining the highest standards of data protection.
5. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or other jurisdictions with similar data protection laws, you have the following rights regarding your personal information:
5.1 Right to Access
You have the right to request a copy of all personal data we hold about you. If you have an account, you can:
- Log into your account and view your profile information
- Export your data by accessing the "Export My Data" feature in your account settings (if available)
- Contact us to request a complete data export
5.2 Right to Rectification
You can update your personal information at any time:
- Log into your account and update your profile (name, email)
- Edit or delete your articles and content
- Contact us if you need assistance updating your information
5.3 Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data. You can:
- Delete your account and all associated data through your account settings (if available)
- Contact us to request account deletion
- Note: Some data may be retained for legal or legitimate business purposes (e.g., published articles may remain for content integrity)
5.4 Right to Object
You can object to the processing of your personal data for certain purposes:
- Opt-out of analytics tracking by declining analytics cookies
- Manage your cookie preferences at any time
- Contact us if you have concerns about how your data is being processed
5.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format. You can:
- Export your account data in JSON format (if available in your account settings)
- Contact us to request a data export
5.6 Right to Withdraw Consent
If you have given consent for data processing, you can withdraw it at any time:
- Change your cookie preferences in our Cookie Settings page
- Clear your browser's localStorage to reset cookie consent
- Contact us if you need assistance withdrawing consent
How to Exercise Your Rights: If you have an account, you can manage most of your data through your account settings. For additional requests or if you don't have an account, please contact us using the information provided in the "Contact Us" section below.
6. Third-Party Services
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.
7. Children's Privacy
Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically.
9. Contact Us
If you have any questions about this Privacy Policy, please contact us through our website or email.