← Back

Privacy Policy

Last updated: March 20, 2026

1. Introduction

Pinnacle Peak Workflow Solutions ("we", "us", "our") operates Nexa Automations. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

We collect the following types of information:

  • Account Information: email address, name, and company name provided during account creation.
  • Authentication Data: passwords (stored securely via AWS Cognito, never in plaintext) and session tokens.
  • Integration Credentials: API keys and tokens you provide for third-party services (Telegram, AWS, Notion). These are encrypted and stored in AWS Secrets Manager.
  • Bot Interaction Data: messages you send to and receive from your AI bot via Telegram, stored in an isolated per-customer database.
  • Usage Data: bot activity logs, deployment status, and system metrics.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To deploy and operate your AI bot on cloud infrastructure.
  • To authenticate your identity and secure your account.
  • To communicate with you about your account and the Service.
  • To improve the AI capabilities of your bot based on your interactions.
  • To comply with legal obligations.

4. Data Storage and Security

  • All data is stored on AWS infrastructure in the United States (us-east-2 region).
  • Sensitive credentials are encrypted using AWS Secrets Manager.
  • Bot databases are isolated per customer with dedicated EC2 instances.
  • Data is backed up continuously via Litestream to S3 with encryption at rest.
  • We use TLS encryption for all data in transit.
  • Access to production systems is restricted to authorized personnel.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • AWS: as our cloud infrastructure provider, for hosting and data processing.
  • Third-party integrations: only as configured by you (e.g., Telegram, Notion) and only the data necessary for the integration to function.
  • AI model providers: message content is sent to AI models (via AWS Bedrock) for processing. We use providers that do not retain or train on your data.
  • Legal requirements: if required by law, subpoena, or court order.

6. Data Retention

  • Account data is retained for the duration of your account.
  • Bot interaction data is retained for the duration of your subscription.
  • Upon account termination, you may request a data export within 30 days.
  • After 30 days post-termination, all data is permanently deleted.
  • System logs may be retained for up to 90 days for security and debugging purposes.

7. Your Rights

You have the right to:

  • Access your personal data stored in the Service.
  • Request correction of inaccurate personal data.
  • Request deletion of your personal data (subject to legal obligations).
  • Export your bot data in a portable format.
  • Withdraw consent for data processing (which may require account termination).

8. Cookies and Tracking

The Service uses local storage (not cookies) to store authentication tokens. We do not use third-party tracking or analytics cookies. No advertising trackers are present on the platform.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this policy reflects the most recent revision.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at josh@pinnaclepeak.co.