Privacy Policy
Last updated: April 2026
NextSell Agency (“NextSell”, “we”, “us”, or “our”) operates the platform available at https://www.nextsell.ai (the “Service”). This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
By using the Service you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
- Email address and display name provided during registration.
- Password (stored as a secure hash — we never store plain-text passwords).
- Billing contact details (name, country) when you subscribe to a paid plan.
1.2 OnlyFans Account & Platform Data
When you connect an OnlyFans creator account via the OnlyFans API, we collect and store the following data on your behalf to power the Service:
- Conversations & messages — fan messages and replies, read/unread status, message media metadata.
- Fan profiles — fan identifiers, spending history, playbook stage, AI interaction mode, and any notes you add.
- Media vault — metadata (file name, type, size, URL) for content synced from your OnlyFans vault. Actual media files are stored on Cloudflare R2.
- Earnings & analytics — daily earnings summaries, transaction counts, and subscription metrics fetched from the OnlyFans API.
- Account status — connection state, last sync timestamp, authentication tokens (encrypted at rest).
1.3 Billing Information
Payment processing is handled entirely by our payment providers (Stripe and NOWPayments). We do not store card numbers, CVVs, or full bank details. We store only:
- Your chosen plan and billing cycle.
- Stripe customer ID and subscription ID for account management.
- Payment event logs (event type, amount, timestamp) for audit purposes.
1.4 Usage & Technical Data
- Error logs — anonymised stack traces collected by Sentry to help us diagnose and fix bugs.
- Analytics events — page views and navigation events collected by Vercel Analytics (privacy-friendly, no fingerprinting).
- AI usage records — counts of AI suggestions generated, used to track plan limits and billing.
2. How We Use Your Information
- Provide the Service — sync messages and media, display dashboards, send automated replies, run automations.
- AI-powered features — generate messaging suggestions and automated replies using fan context, conversation history, and your persona settings. Your data is sent to our AI providers (xAI / OpenAI) solely to process your request; it is not used to train their models.
- Billing — process payments, manage subscriptions, send invoices.
- Support & notifications — respond to support requests, send service-related emails, and optionally send Telegram notifications you have configured.
- Security & compliance — detect fraud, enforce our Terms of Service, and comply with legal obligations.
- Product improvement — aggregate, anonymised analytics to understand how features are used and prioritise development.
3. Third-Party Services
We use the following sub-processors to operate the Service. Each sub-processor handles data only as necessary to deliver their specific function.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | All user and platform data (stored in EU by default) |
| Stripe | Fiat payment processing | Billing contact info, subscription events |
| NOWPayments | Crypto payment processing | Payment amount, plan selection |
| xAI / Grok | Primary AI suggestion engine | Conversation context, fan profile (anonymised) |
| OpenAI | AI fallback provider | Conversation context, fan profile (anonymised) |
| OnlyFansAPI.com | OnlyFans platform integration | API credentials, messages, media metadata |
| ElevenLabs | Text-to-speech generation | Text content you choose to convert to audio |
| Cloudflare R2 | Media file storage | Media files from your OnlyFans vault |
| Sentry | Error tracking | Anonymised error logs, stack traces |
| Vercel | Hosting & analytics | Page view events, deployment infrastructure |
| Telegram | Optional notifications | Notification content you configure (optional) |
4. Cookies & Local Storage
We use a minimal set of cookies and browser storage:
- i18next — stores your language preference (EN, ES, FR). Functional cookie, expires after 1 year.
- Supabase auth session — stores your authentication token so you remain logged in. Session cookie cleared on logout.
- Vercel Analytics — privacy-friendly analytics that do not use cookies or fingerprinting; no personal identifiers are stored.
We do not use third-party advertising cookies or cross-site tracking.
5. Data Retention
- Active accounts — data is retained for as long as your account is active and your subscription is in good standing.
- Cancelled subscriptions — we retain your account data for 30 days after cancellation to allow for reactivation, then delete it.
- Account deletion — when you delete your account (via Settings → Delete Account or by emailing privacy@nextsell.ai), all personal data, OnlyFans account data, and media files are permanently deleted within 30 days.
- Billing records — payment event logs are retained for 7 years to comply with financial regulations, even after account deletion.
6. Security
- Transport encryption — all connections between your browser and our servers use TLS (HTTPS).
- Multi-tenant isolation — each agency workspace is isolated using Row Level Security (RLS) enforced at the database level. Your data is never accessible by other tenants.
- Password hashing — passwords are hashed using Supabase Auth's bcrypt-based algorithm. We never store plain-text passwords.
- API key protection — OnlyFans API credentials are stored encrypted at rest.
- Role-based access control — team members can be assigned owner, operator, or viewer roles to limit access.
While we implement industry-standard safeguards, no system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to privacy@nextsell.ai.
7. Your Rights (GDPR & Privacy Laws)
If you are located in the European Economic Area (EEA), UK, or other jurisdictions with applicable privacy laws, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure (“right to be forgotten”) — request deletion of your personal data. You can initiate this via Settings → Delete Account or by emailing us.
- Data portability — request your data in a machine-readable format.
- Restriction of processing — request that we limit how we use your data.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, email privacy@nextsell.ai. We will respond within 30 days.
8. Children's Privacy
The Service is intended exclusively for adults (18+). We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify you by email. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance.
10. Contact Us
For privacy-related questions, data requests, or concerns, contact our privacy team:
Email: privacy@nextsell.ai
Website: https://www.nextsell.ai