NextAura logo NextAura
← Back to NextAura

Privacy Policy

Last updated: March 26, 2026

1. Introduction

NextAura ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our software and services.

2. Information We Collect

NextAura operates as a local desktop application. We collect and process the following:

  • OAuth Credentials: When you connect provider accounts (GitHub, Slack, Google, etc.), we receive OAuth tokens that are stored securely in your operating system's keychain (macOS Keychain, Windows Credential Manager, or Linux SecretService).
  • Provider Data: We fetch metadata from your connected providers (e.g., repository names, PR counts, Slack channel lists) solely to display workflow eligibility and ROI estimates.
  • Local Configuration: Environment variables and settings you configure are stored locally in `.env.local` files and are never transmitted to our servers.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate you with third-party providers via OAuth
  • Determine which workflows are available based on your connected stack
  • Generate ROI estimates based on your actual provider activity
  • Generate deployment scaffolds configured for your environment

4. Data Storage and Security

All data stays on your machine. NextAura is a local-first desktop application. We do not transmit your credentials, tokens, or provider data to any external servers except when directly calling provider APIs on your behalf.

  • Tokens: Stored in your OS keychain using industry-standard encryption (keyring-rs library).
  • API Calls: All provider API calls are made directly from your machine to the provider's endpoints. We do not proxy or intercept these requests.
  • No Cloud Storage: We do not store your data in any cloud database or analytics platform.

5. Third-Party Providers

NextAura integrates with third-party services (GitHub, Slack, Google, Salesforce, etc.) via OAuth. Your use of these services is governed by their respective privacy policies and terms of service. We encourage you to review their policies to understand how they collect and use your data.

6. Data You Control

You have full control over your data in NextAura:

  • Disconnect Anytime: You can disconnect any provider from within the app, which revokes the OAuth token and removes it from your keychain.
  • Revoke Access: You can revoke NextAura's access from your provider account settings at any time.
  • Delete Local Data: All configuration and cached data is stored locally and can be deleted by removing the application and its data directory.

7. Children's Privacy

NextAura is not intended for users under the age of 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

10. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your information is your consent and our legitimate interest in providing functional software that integrates with your existing tools.

11. Your Rights (GDPR)

If you are a resident of the EEA, you have the right to access, rectify, delete, restrict, or object to our processing of your personal information. You also have the right to data portability. To exercise these rights, please contact us at the email above.