Privacy policy

Draft — the technical data flow and operator details are filled in. Only the final processor list (incl. data-processing agreements), the search-partner name and concrete retention periods remain open. The German Datenschutzerklärung is the legally binding version. Please have this reviewed legally before launch.

1. Controller

Controller under the GDPR: Shio Ventures GmbH, Straßburger Straße 55, 10405 Berlin, Germany, email: kontakt@nx1-app.com. See also the imprint.

2. Principle: privacy-first, no account

NX1 works without an account or sign-in. Your bookmarks, history and settings are processed locally on your device by default. Only the data needed for a specific feature is sent to our servers. We use no advertising or tracking technologies.

3. Hosting

The web app, the API and this website are hosted via Cloudflare. For each request Cloudflare processes technically necessary connection data, in particular the IP address, to deliver the request and protect the services from abuse (Art. 6(1)(f) GDPR).

4. This website

The landing page is static, with no accounts and no tracking cookies. Fonts and icon symbols are self-hosted (no third-party CDNs) — visiting the page therefore transmits no personal data to third parties beyond the technically necessary hosting connection data in section 3.

5. The NX1 extension and web app

Local storage and permissions. Your configuration is stored locally. The extension only requires the “storage” permission at install; access to bookmarks, history, top sites and favicons is requested on demand and only after your explicit consent, and analyzed on your device.

AI personalization (extension only). At optional first-run setup, NX1 analyzes your history and bookmarks on your device. Only anonymized patterns (registrable domains and individual keywords — no full URLs, no directly identifying data) are sent to our server and an AI service to suggest topics (Art. 6(1)(a) GDPR).

Areas, content and news. Creating an area by AI sends the chosen topic label and rough region to our server and the AI service. For news, our server fetches the public RSS/Atom feeds of the sources you added.

Search and suggestions. Selected search providers open directly in your browser. Type-ahead suggestions may be requested via our server from a search partner, transmitting the entered query.

Wallpapers. Our server queries image services (Unsplash, Pexels and Pixabay) with a topic keyword and caches the images. Only the keyword is transmitted, not your history.

Screenshot help (gaming). Using screenshot help sends the pasted image to our server and an AI vision service (Anthropic). A daily allowance applies; a random install ID and the IP address are processed to enforce it (Art. 6(1)(a) GDPR).

Device sync. If you enable sync, settings, areas and tiles are stored server-side so you can share them across devices. No account or password is required: pairing uses a secret code (QR or 8-character code), and data is stored under a non-reversible key derived from it (Art. 6(1)(b) GDPR).

Install ID and abuse protection. To limit paid services (e.g. AI calls) and attribute referrals, we process a random install ID and, briefly, the IP address. These are not linked to your identity.

6. Processors and third parties

[PLACEHOLDER — to be completed before launch, including data-processing agreements and any transfer to the USA with appropriate safeguards]: Cloudflare, Anthropic, Unsplash, Pexels, Pixabay, [search partner].

7. Retention

Local data stays on your device until you delete it. Server-side sync data persists while sync is active; caches and rate-limit data have short expirations. [PLACEHOLDER: confirm concrete periods.]

8. Your rights

You have the rights of access, rectification, erasure, restriction, portability and objection (Art. 15–21 GDPR), and may withdraw consent at any time with future effect. Contact kontakt@nx1-app.com. You also have the right to lodge a complaint with a supervisory authority.

9. Status

Last updated: June 2026.