Privacy Policy — Nexus

Effective date: 1 May 2026 · Last updated: 1 May 2026

This privacy policy describes how the Nexus application (the “App”) handles personal data. Nexus is an internal staff productivity tool used by employees of the studio operated by Creator Dock for internal communication, task assignment, and time tracking. The App is not intended for use by the general public.

1. Who we are

The data controller is Creator Dock, a company registered in Spain. Contact: [email protected].

Nexus is published under the package name stream.vrvod.nexus.v2 and connects to the server at https://y.vrvod.stream.

2. What data we collect

Account information

Login name (chosen by the staff member when their account is created by an administrator).
Password (stored as a salted hash; we never store plaintext passwords).
Display name and assigned role within the studio (e.g. administrator, manager, staff).
Language preference (English, Spanish, or Romanian).

Communication content

Chat messages you send and receive within Nexus, including attached images, videos, and files.
Reactions, message read-state, and typing indicators.
Drafts of messages you have not yet sent (saved on our server so they restore when you switch devices).

Tasks and time tracking

Tasks assigned to you, including title, status, and category.
Time entries you record against tasks, used by the studio for internal payroll calculation.
Personal notes you create within the App.

Technical data

Device manufacturer and model name (e.g. “Google Pixel 7”) — used to label your sessions in your account, so you can identify which device is currently signed in.
App version and build flavor.
IP address of your device when it connects to the server (used for security audit logging only; not shared with third parties).
Push notification token issued by Google Firebase Cloud Messaging — used to deliver chat notifications to your device.
Online/offline presence (used to show coworkers whether you are currently active in the App).
Heartbeat pings (a small periodic signal from the App to confirm your device is reachable).

Diagnostic data

If the App crashes, a local crash log is written to your device storage. This file is not transmitted automatically. You can choose to share it with us via the Troubleshooting page in the App if you want help diagnosing an issue.

3. Data we do NOT collect

We do not collect or use your contacts, calendar, photos, location, microphone, camera, or call history without your explicit interaction.
We do not use third-party advertising, tracking, or analytics SDKs inside the App.
We do not sell or rent personal data to anyone, ever.

4. How we use your data

To operate the App: deliver your chat messages, assign and track your tasks, record your time entries.
To authenticate you: verify your login credentials and maintain your session.
To notify you: deliver push notifications to your device when you receive a chat message or task assignment.
For security: audit log of administrative actions (who edited what, when) so the studio owner can investigate problems.

5. Who we share data with

Personal data inside Nexus is visible only to other authorised employees of the studio (your coworkers and supervisors), based on the role assigned to your account.

The only third-party service that processes your data is:

Google Firebase Cloud Messaging — used solely to deliver push notifications. Google receives a device token and a short notification payload (channel name and message preview) when we send a notification. Firebase Cloud Messaging is governed by Google’s privacy policy.

We do not share your data with advertisers, data brokers, or any other third parties. We do not sell your data.

6. Where data is stored

Nexus servers are hosted in the European Union. All data in transit between the App and the server is encrypted using HTTPS / TLS 1.2 or higher. Server access is restricted to authorised studio personnel only.

7. How long we keep data

Chat messages are retained for as long as your account is active.
Task and time-tracking records are retained for at least the legal accounting and labour-law retention period applicable in Spain (typically 5 years).
Audit logs are retained for at least 12 months.
If your account is deleted, your messages are anonymised (your name is removed but the message body remains visible to other participants in any conversation you took part in, because deleting one side of a conversation would corrupt the record for everyone else).

8. Your rights

Under the GDPR and similar laws, you have the right to:

Access the personal data we hold about you.
Correct inaccurate personal data.
Request deletion of your account and associated personal data.
Withdraw consent (which means asking for your account to be deleted, since the App is not usable without consent).
Object to certain types of processing.
Lodge a complaint with the Spanish data protection authority (Agencia Española de Protección de Datos, AEPD).

9. Account deletion

To delete your account and all associated data, send an email to [email protected] with the subject line “Account deletion request”. We will process the request within 7 business days and confirm by reply.

The deletion path is also available directly inside the App: open the left sidebar → About → tap Email us to delete my account. The same link is shown on the App’s sign-in screen for users who cannot sign in.

10. Children’s privacy

Nexus is an internal employer-issued tool. It is not directed at, and not intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 18.

11. Permissions used by the App on Android

Nexus requests only the Android system permissions strictly necessary for its features:

INTERNET, ACCESS_NETWORK_STATE — to communicate with our server.
POST_NOTIFICATIONS — to display chat and task notifications.
FOREGROUND_SERVICE, FOREGROUND_SERVICE_DATA_SYNC, WAKE_LOCK — to keep our background sync working when the App is not on screen so notifications arrive promptly.
RECEIVE_BOOT_COMPLETED — to restore the background sync after the device is restarted.
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS — optional; the App asks once if you would like to exempt it from battery optimisation so notifications are not delayed.
READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_EXTERNAL_STORAGE (older Android only) — to attach a photo or video from your gallery to a chat message. Files are read only when you explicitly pick them in the gallery picker.

The App does not request location, microphone, camera (other than the gallery picker), contacts, calendar, SMS, call log, or any other sensitive permission.

12. Changes to this policy

If we materially change how we handle personal data, we will update this page and notify staff inside the App before the change takes effect.

13. Contact

Questions or concerns about this policy: [email protected].