NexusNEXUS
Get started

Privacy Policy

Last updated 5 May 2026

This Privacy Policy describes how A.D. Labs LTD (“Gero”, “we”, “us”, “our”), a company incorporated and registered in Israel with its registered address at Balfur, Bat Yam, Israel, collects, uses, stores, and protects personal information when you use the Gero Nexus service at https://nexus.gerowallet.io and any associated dashboards, APIs, and documentation (the “Service”).

By using the Service you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Service.

1. What we collect

1.1 Information you provide

  • Account registration data: name, email address, password (stored only as a salted hash), and where applicable organisation name and billing address.
  • Subscription and billing data: plan selected, add-ons enabled, subscription status, and invoice history. Full payment-card numbers and bank-account credentials are submitted directly to our payment processors (PayPal, AllPay) and are not stored on our servers.
  • Communications: the content of support requests, bug reports, and any other correspondence you send us.
  • Optional profile data: display name and other fields you choose to add to your Nexus account.

1.2 Information collected automatically

  • API usage logs: timestamps, endpoint paths, API-key identifiers, response codes, response times, and aggregated request volumes. These are used to enforce plan quotas and rate limits, to detect abuse, to bill correctly, and to operate and improve the Service. Logs may include the IP address from which a request was sent.
  • Web analytics: aggregated, mostly anonymised information about visits to nexus.gerowallet.io, including pages viewed, referral source, and approximate geographic region.
  • Authentication and security events: sign-in attempts, password-reset events, email-verification events, and suspicious-activity flags. These are used for account security and fraud prevention.
  • Cookies: see Section 8 below.

1.3 Information we do not collect

  • We do not custody crypto-currency balances, private keys, or seed phrases. Nexus is a data-API service; it does not hold or move funds.
  • We do not collect biometric data.
  • We do not collect end-users' personal data on behalf of your application. If your application sends us identifiers belonging to your end-users, that data flows through our infrastructure as part of your API request — we treat it as Customer Data under the Terms of Service and do not use it for our own purposes.

2. How we use your information

We use the information described in Section 1 to:

  • provide, operate, and maintain the Service;
  • authenticate your account and authorise API requests;
  • meter usage, enforce plan quotas, and produce invoices;
  • process subscription payments through PayPal and AllPay;
  • communicate with you about your account, security, billing, and material changes to the Service;
  • respond to support requests;
  • detect, investigate, and prevent fraud, abuse, and security incidents;
  • comply with applicable laws, including tax, sanctions, and anti-money-laundering obligations;
  • improve the Service through aggregated analytics and product research.

3. Legal bases for processing

We process personal data under the Israeli Privacy Protection Law, 5741-1981, as most recently amended by Amendment 13 (in force from August 2025), and, where applicable, under the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR.

If you are located in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:

  • performance of a contract — to provide the Service you have subscribed to;
  • legitimate interests — to operate, secure, and improve the Service, prevent fraud, and develop our business, where those interests are not overridden by your rights;
  • compliance with a legal obligation — for example, retaining transaction records for tax purposes;
  • consent — for any optional processing for which we ask your consent (such as marketing communications), which you may withdraw at any time.

4. Sub-processors and third parties

We share personal data with the following categories of third parties strictly to the extent needed for them to perform their function:

  • Payment processors — PayPal and AllPay. They receive payment-card or account data necessary to charge your subscription, plus minimal account identifiers (email, customer ID). Their handling of that data is governed by their own privacy policies.
  • Cloud hosting and infrastructure — providers that host the Nexus application, database, and logs. They process Customer Data only to the extent necessary to operate the underlying compute and storage on our behalf.
  • Email and communication services — providers used to deliver transactional email (sign-up confirmation, email verification, billing notices, security alerts) and support correspondence.
  • Analytics — providers used to measure aggregated traffic on nexus.gerowallet.io. Where possible we configure these in a privacy-preserving way (IP anonymisation, no advertising cookies).
  • Professional advisers — lawyers, accountants, and auditors, where strictly necessary and under confidentiality obligations.
  • Authorities — where compelled by valid legal process or to protect the rights, property, or safety of Gero, our Customers, or the public.

We do not sell personal data.

5. International data transfers

We are based in Israel, which has been recognised by the European Commission as providing an adequate level of data protection. Some of our sub-processors are located outside Israel and the EEA. Where data is transferred outside the EEA or UK to a country without an adequacy decision, we use Standard Contractual Clauses or other lawful transfer mechanisms.

6. Data retention

  • Account data — retained for as long as your Nexus account is active, plus a reasonable period after closure for record-keeping, dispute resolution, and compliance (typically up to seven years for billing records, as required by tax law).
  • API usage logs — retained at full granularity for an operational window (typically up to ninety (90) days), after which they are aggregated or deleted. Aggregated, non-personal usage statistics may be retained indefinitely.
  • Support correspondence — retained for as long as needed to handle the inquiry and a reasonable period thereafter for quality assurance.
  • Billing records — retained as long as required by applicable tax and accounting law.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • HTTPS/TLS encryption for all data in transit between you and the Service;
  • encryption at rest for sensitive fields, including hashed passwords and API-key secrets;
  • access controls limiting which personnel can access production systems;
  • regular security review of dependencies and infrastructure;
  • strict scoping of API keys to the account that issued them.

No system is perfectly secure. If you suspect your account or an API key has been compromised, contact us immediately at [email protected] and rotate the affected API key from the dashboard.

8. Cookies and similar technologies

We use cookies and similar technologies on nexus.gerowallet.io for:

  • strictly necessary purposes — keeping you signed in (HttpOnly access and refresh tokens), maintaining a non-sensitive session marker readable by the dashboard, and operating the site. These cannot be disabled without breaking the site.
  • analytics — measuring aggregated visit patterns to improve the site. Where local law requires, we ask for your consent before setting analytics cookies.

We do not use cookies for advertising or for cross-site tracking.

9. Your rights

Depending on your location you may have some or all of the following rights:

  • access — request a copy of the personal data we hold about you;
  • rectification — correct inaccurate or incomplete data;
  • erasure — request deletion of your data, subject to legal retention obligations;
  • restriction — ask us to limit how we process your data;
  • portability — receive your data in a structured, machine-readable format;
  • objection — object to processing based on legitimate interests, including for direct marketing;
  • withdraw consent — at any time, where processing is based on consent;
  • lodge a complaint — with the data-protection authority in your country of residence (in Israel, the Privacy Protection Authority).

To exercise these rights, contact [email protected]. We will respond within the timeframes required by applicable law.

10. Children

The Service is not directed to children under the age of eighteen (18) and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of the page reflects the most recent revision. For material changes we will use reasonable efforts to notify you in advance — for example, by email or by a notice on the Nexus dashboard.

12. Contact

A.D. Labs LTD
Attn: Privacy / Legal Department
Balfur, Bat Yam, Israel
[email protected]

← Back to home