NEXUSPARTNERS

Privacy Policy

// Last updated: April 2026 — Version 3.1

// Summary

NexusPartners is a B2B motorsport sponsorship platform. We collect only what we need to match drivers and teams with potential sponsors, operate the Sponsor Marketplace, and deliver AI-powered outreach tools. We never sell your data. Under-18 users have additional safeguarding protections — all commercial contact goes to their registered guardian only.

1. Who We Are

NexusPartners ("we", "us", "our") is a software platform operated by NexusPartners Ltd. The platform enables motorsport drivers and racing teams to identify, approach and convert business sponsors using AI-assisted prospect discovery, pitch creation and marketplace listing.

For data protection purposes, NexusPartners Ltd is the Data Controller for all personal data collected through this platform. Our registered address and contact details are available on request at hello@nexuspartners.io.

2. Data We Collect

// Account data

When you register, we collect your name, email address, account type (driver or team), and the plan you select. This data is required to create and operate your account.

// Profile data

To use our AI matching and pitch tools, you may provide: your racing championship and series, your location (town/county), a personal or team story, a value proposition, social media handles, follower counts, sponsorship package descriptions and pricing, and profile photographs. All of this is voluntary — however, the more complete your profile, the better the AI matching accuracy.

// Date of birth (drivers only)

// Safeguarding — Under-18 Drivers

We require date of birth from all individual driver accounts. This is used solely to determine whether a user is under 18. Date of birth is never displayed publicly, never shared with sponsors, and never included in any profile visible to businesses on the Sponsor Marketplace.

If you are under 18, you are required to provide a parent or guardian's name, email address, and their explicit consent before your account can engage with commercial features. All enquiries from businesses — whether via the Sponsor Marketplace, the Partnership Assistant, or any pitch tools — are routed exclusively to your guardian's email. Your personal contact details are never shared with any business.

Guardian contact details are stored encrypted and are accessible only to the platform administrator and the guardian themselves. NexusPartners administrators review all marketplace enquiries directed at under-18 accounts before delivery.

// Lookalike and current sponsor data

You may optionally add current or previous sponsors and "lookalike" businesses to your profile. These are used by our AI system to improve prospect matching. Business names and URLs you provide are processed by our AI to identify similar companies — this processing happens server-side and the raw data is not shared with third parties.

// Usage data

We collect standard web server logs including IP address, browser type, pages accessed and timestamps. This data is used for security, abuse prevention and service improvement. Logs are retained for 90 days.

// AI interaction data

When you use our Partnership Assistant, Pitch Creator or LinkedIn Post Creator, your questions and the AI responses are processed by Anthropic's Claude API. We do not store the content of individual AI conversations beyond what is needed to generate the response. Anthropic's data processing terms apply to API interactions — see anthropic.com/privacy.

3. How We Use Your Data

Providing the service — operating your account, generating AI-powered prospect matches, creating pitch emails, producing partnership decks and running the Sponsor Marketplace.
Safeguarding — using date of birth to enforce under-18 protections, routing all commercial contact for minors through their registered guardian, and administrator review of relevant enquiries.
Prospect matching — your profile data (championship, location, story, value proposition, packages and lookalike partners) is passed to our AI systems to generate ranked prospect recommendations personalised to you.
Marketplace visibility — if you choose to list on the Sponsor Marketplace, your public profile information (excluding age, date of birth, and personal contact details) is displayed to businesses browsing the marketplace.
Service communications — we may send you transactional emails such as account confirmations, LinkedIn reminders you have scheduled through the platform, and security alerts.
Platform improvement — anonymised and aggregated usage data helps us improve AI accuracy and platform features. We do not use identifiable data for this purpose without your consent.

4. Legal Basis for Processing (UK GDPR)

Contract — processing your account and profile data to provide the service you have signed up for (Article 6(1)(b)).
Legitimate interests — usage logging, security monitoring, and AI prompt processing where this does not override your rights (Article 6(1)(f)).
Legal obligation — age verification and safeguarding measures for under-18 users, including guardian consent requirements (Article 6(1)(c) and special category protections for children).
Consent — optional profile features such as marketplace listing, and any marketing communications beyond the service itself (Article 6(1)(a)). You may withdraw consent at any time.

5. The Sponsor Marketplace

The Sponsor Marketplace allows businesses to discover and contact motorsport drivers and teams. When you activate your listing:

Your public profile — championship, location, story, social reach, and packages — is visible to registered business users browsing the marketplace.
Your personal email address and date of birth are never included in your public marketplace profile.
Businesses can submit an enquiry through the platform. You receive these enquiries in your dashboard. For under-18 drivers, all enquiries are sent to the registered guardian's email — not the driver.
You can pause or remove your listing at any time from the Sponsor Marketplace section of your dashboard. Removing your listing immediately removes your profile from business-facing search results.

// Your control over your listing

You are always in control. Your marketplace status (Live / Paused / Not Listed) is shown clearly in your dashboard. You can go live, pause, or permanently remove yourself at any time — no waiting period, no lock-in. Removing your listing does not delete your account or profile data.

6. Who We Share Data With

We do not sell, rent or trade your personal data. We share data only with the following categories of third parties, and only to the extent necessary to deliver the service:

Supabase — our database and authentication provider. Data is stored in EU-region servers under a Data Processing Agreement. See supabase.com/privacy.
Anthropic (Claude API) — your profile context and questions are sent to Anthropic's API to generate AI responses. Data is processed under Anthropic's API terms. See anthropic.com/privacy.
LinkedIn — if you choose to connect your LinkedIn account for the LinkedIn Post Creator or connection note features, LinkedIn's own OAuth and data terms apply. We store only your LinkedIn display name and profile photo for display purposes within the dashboard.
Platform administrators — NexusPartners administrators (specifically christurton87@gmail.com and daniellloydracing@gmail.com) have access to user account data for platform support, security review and safeguarding oversight of under-18 accounts.

We do not share data with business users browsing the Sponsor Marketplace beyond your explicitly chosen public profile content.

7. Data Retention

Active accounts — data is retained for the lifetime of your account plus 12 months after account closure, to allow for any billing disputes or legal requirements.
Date of birth — retained as long as your account is active. Deleted within 30 days of account closure.
Guardian details — retained only while an under-18 account is active. Deleted within 30 days of the user turning 18 or closing their account (whichever is sooner).
AI interaction logs — not retained beyond the API call. No conversation history is stored by NexusPartners beyond what appears in your dashboard session.
Press releases — press releases you create are stored until you delete them. Distribution records (who you sent to and when) are retained for 12 months.
Server logs — retained for 90 days for security purposes, then permanently deleted.

8. Your Rights (UK GDPR)

As a data subject under UK GDPR, you have the following rights:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — correct inaccurate or incomplete data at any time through your profile settings.
Right to erasure — request deletion of your account and all associated personal data ("right to be forgotten"). Under-18 accounts: guardians may also request erasure on the minor's behalf.
Right to restrict processing — request that we stop processing your data while a dispute is resolved.
Right to data portability — request your profile data in a machine-readable format.
Right to object — object to processing based on legitimate interests, including AI-based profile matching.
Right to withdraw consent — for features based on consent (e.g. marketplace listing), withdraw at any time without affecting prior lawful processing.

To exercise any of these rights, email hello@nexuspartners.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately.

9. Children and Under-18 Users

// Safeguarding Policy — Full Detail

NexusPartners takes the protection of under-18 users extremely seriously. Motorsport is an industry where young drivers are often commercially active from a young age, and we have built specific safeguards to ensure their safety:

Age gate — date of birth is mandatory for all individual driver accounts. Accounts cannot be listed on the Sponsor Marketplace until DOB is provided and age is verified.
Guardian requirement — under-18 accounts must provide a parent or guardian name, email, and explicit consent before accessing commercial features.
Commercial routing — 100% of business enquiries, marketplace contacts and commercial outreach from businesses directed at under-18 users is routed to the guardian email only. The driver's personal email and contact details are never shared.
Admin oversight — NexusPartners administrators are notified of and review enquiries directed at under-18 accounts before they are delivered to the guardian.
No public age display — a driver's age or date of birth is never visible to businesses or on the public marketplace profile.
Automatic upgrade — when an under-18 user's account reaches the age of 18 (detected at next login), guardian routing is automatically disabled and the guardian details are removed from active use.
Guardian removal rights — a registered guardian may at any time contact us to request removal of the minor from the platform, and all associated data will be deleted within 72 hours.

10. Security

We implement the following technical and organisational measures to protect your data:

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
Database access uses service-level API keys that bypass row-level security only server-side — never in the browser.
User IDs are always derived from authenticated session tokens server-side. No user can inject or access another user's data via API calls.
Guardian and sensitive safeguarding data is stored with restricted access permissions.
Session tokens expire after inactivity and on explicit logout.
We do not store payment card details — billing, where applicable, is handled by a PCI-compliant third party.

If you discover a security vulnerability, please report it responsibly to hello@nexuspartners.io.

11. Cookies and Local Storage

NexusPartners uses browser localStorage (not traditional cookies) to cache certain user preferences and session data locally, including:

Your authentication session token (cleared on logout).
Cached prospect rankings (refreshed every 24 hours to reduce server load).
Lookalike matching results (refreshed every 6 hours).
Your marketplace pricing preference and UI preferences.

No advertising trackers, third-party analytics cookies, or cross-site tracking mechanisms are used on the dashboard. NexusPartners products are ad-free and do not allow advertisers to pay for product placement or AI promotion.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes — particularly those affecting safeguarding provisions, data sharing or user rights — will be notified to registered users by email at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

For any privacy-related queries, data subject requests, or safeguarding concerns:

Email: hello@nexuspartners.io

Safeguarding (guardian enquiries): safeguarding@nexuspartners.io

We aim to respond to all privacy requests within 5 working days, and within 30 days for formal data subject requests as required by UK GDPR.