Skip to main content

Privacy Policy

Last updated: April 25, 2026

1. Information We Collect

When you create an account, we collect your name and email address. If you sign in with Google, we receive your Google profile name, email, and profile picture. We also collect usage data such as which tools you use, page views, and IP addresses for analytics and rate limiting purposes.

2. How We Use Your Information

  • To provide and maintain your account and subscription
  • To enforce usage limits based on your subscription plan
  • To process payments securely through Stripe
  • To send password reset emails when requested
  • To improve our tools and services through aggregated analytics
  • To prevent abuse and enforce rate limits

3. Third-Party Services

We use the following third-party services to operate NexTool:

  • Stripe — Payment processing. Stripe handles all payment data securely. We never store your credit card information.
  • Google OAuth — Optional sign-in method. We only receive your basic profile information.
  • OpenAI — Powers our premium AI tools. Text you submit to AI tools is sent to OpenAI for processing.
  • Resend — Email delivery for password resets and notifications.
  • Render Services Inc. — Application hosting and serverless compute infrastructure (web server + cron workers). Located in the United States.

4. Data Storage & Security

Your data is stored in a secure PostgreSQL database. Passwords are hashed using bcrypt with a cost factor of 12. All connections use HTTPS encryption. We implement security headers, rate limiting, and input validation to protect your data.

5. Your Rights

You can update your profile information and change your password at any time through your account settings. You can cancel your subscription through the billing portal. To request deletion of your account and associated data, please contact us.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for more details.

7. Game Client Telemetry (Dungeon Lord & Standalone Games)

PanCom publishes standalone desktop games (including Dungeon Lord) that collect anonymous gameplay telemetry to help us balance creatures, tune difficulty, design new content, and power research into how humans make decisions under uncertainty. This section explains exactly what is collected, how it is stored, and how to opt out.

What we collect from the game client:

  • In-game actions (summon, attack, ability use, sacrifice, path choice, etc.)
  • Game state context at the moment of the action (floor number, mana, caller HP, enemy count, ally count, turn number)
  • Difficulty setting and biome selection
  • An anonymous session UUID, regenerated per app launch — never linked to your Steam account, email, or any identifying information
  • Game version (for version-gated analysis)
  • Your IP address, truncated to a /24 subnet (IPv4) or /64 prefix (IPv6) before storage. The last octet of your IPv4 address is dropped so individual users cannot be identified from logs

What we do NOT collect from the game client:

  • Your name, email, or any Steam account information
  • Your full IP address
  • Hardware identifiers, MAC addresses, or system specifications
  • Screenshots or screen recordings
  • Any data from other applications on your computer
  • Keystrokes outside the game window
  • Location data

How it is used: Aggregated, anonymous decision data helps us improve the game (balance, difficulty, new content). We may also license aggregated, anonymized data sets to academic and commercial research partners studying decision making, AI training, or game design. No partner ever receives raw data containing the truncated IP prefix.

Opt-out: Telemetry is clearly disclosed in the main menu of the game (the green/grey status pill) and can be toggled off at any time from the Options → Privacy & Data screen. Once you opt out, no further events are transmitted from your device. Previously collected anonymous data is not automatically deleted because it cannot be linked back to you; contact us below if you would like us to purge events associated with a specific session ID (displayed in the Options screen when telemetry is on).

Retention: Game event data is stored indefinitely for research and analytics purposes. Because the data contains no personally identifiable information, this does not constitute personal data retention under GDPR.

8. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

9. Contact

If you have questions about this privacy policy, data deletion requests, or any other privacy concerns, email us at support@getnextool.com or visit our Contact page.

Your privacy matters to us

Try our 323+ free calculators — they run entirely in your browser, no data sent to servers

Explore Tools