Privacy Policy

Effective Date: March 14 2026

This Privacy Policy explains how OdysseyX ("Service Provider," "we," "our," or "us") collects, uses, protects, and discloses information when you use the Nesko mobile application ("Application" or "App"). By downloading, installing, or using the Application, you acknowledge that you have read and understood this Policy and agree to the practices described here. If you do not agree with any part of this Policy, you must discontinue use of the Application and remove it from your device. The purpose of this Policy is to explain our data practices in clear and transparent terms so that you understand what information is collected and how it is handled.

Information We Collect

We collect limited information necessary to operate and improve the Application. This information generally falls into three categories.

First, we collect information that you provide directly when using the Application. When you create an account, you may provide personal details such as your name and email address. When you interact with the App, you may also create tasks, notes, schedule entries, messages, or other content that you voluntarily input into the system. This information allows the Application to deliver its productivity and AI-assisted features.

Second, certain technical information is collected automatically when you use the Application. This may include your device type, operating system, application version, IP address, and basic usage data such as screens visited, features used, timestamps, and error reports. This information helps us maintain performance, detect bugs, prevent abuse, and improve the reliability of the App. The Application does not collect your precise geographic location.

Third, if you choose to connect a Google account, the Application may access limited Google Workspace information in order to perform actions requested by you through the Nesko Agent. Depending on the feature you use, this may include email message details from Gmail, event details from Google Calendar, document content from Google Docs, spreadsheet data from Google Sheets, and export access to files stored in Google Drive. This information is accessed in real time solely to complete the action you requested and is not stored permanently on our servers after the operation is completed. If you connect your Google account and use the Nesko Agent, we access the following data from your Google account in real time, solely to perform the specific actions you request:

• Gmail: email messages, threads, senders, recipients, subjects, and snippets
• Google Calendar: event titles, dates, times, attendees, and Meet links
• Google Docs: document titles, content, and document identifiers
• Google Sheets: spreadsheet titles, cell data, and spreadsheet identifiers
• Google Slides: presentation titles, content, and presentation identifiers
• Google Drive (limited): file export access for documents, spreadsheets, and presentations you ask Nesko to export to your device

This data is accessed in real time to complete your request. It is not stored on Nesko servers after the operation is complete, is never used to train AI models, and is never sold or shared with third parties for any purpose other than executing the action you requested.

Nesko Agent — Agentic Features

The Application includes an AI assistant known as the Nesko Agent that can perform certain actions within services you connect to the App. When authorised by you, the Agent may read unread emails, search your inbox, compose drafts, send emails, create calendar events with conferencing links, create or edit documents and spreadsheets, and export files to your device.

Certain actions that could have irreversible effects or involve communication with other people require your explicit confirmation before they are executed. These include sending emails, deleting emails, deleting calendar events, and modifying spreadsheet content. The Agent will always pause and request confirmation from you before completing these types of actions.

Some background features may operate periodically in order to monitor your task list and generate reminders or insights. These background processes do not access your Google account and do not perform external actions without your interaction.

Any emails sent, documents created, calendar events scheduled, or spreadsheet data written through the Agent are stored within your own Google account. Nesko does not keep independent copies of this content on its servers. If you wish to remove or modify that content, it must be managed directly through your Google account. You may also revoke the App's access to your Google account at any time through your Google Account security settings.

AI Data Handling

The Application includes optional features that allow users to upload files or text for AI analysis. All uploaded files are processed using a delete-after-read model, meaning that each file is removed automatically once the AI has finished generating the requested result. The Service Provider does not keep permanent copies, reuse content, or access files for any purpose other than performing the requested analysis. Users are responsible for ensuring that files they upload do not contain sensitive, private, or copyrighted material. The Service Provider will not be liable for any loss or disclosure resulting from materials voluntarily submitted by the user.

AI Processing and Third-Party Services

Nesko uses AI to power its chat assistant and agentic features. Your chat messages and task context are transmitted securely to our AI backend, which routes requests through OpenRouter to the appropriate language model. OpenRouter processes your inputs solely to generate a response and operates under its own privacy policy.

Nesko does not share your Google Workspace data — emails, documents, calendar events, or spreadsheet content — with any AI provider. AI is applied only to the text and task context you directly enter into the Nesko chat interface. We do not disclose the internal configuration or reasoning structures of the Nesko Agent, as these are proprietary. No hidden purpose applies: the Agent acts only on your instructions and within the scope of this Policy.

The App also integrates with the following third-party platforms to deliver core functionality:

• Google Play Services and Apple App Store Services — for app distribution, in-app purchases, and platform features
• AWS Cognito — for secure user authentication
• OpenRouter — for routing AI inference requests to language model providers

Each of these services operates under its own privacy policy. We encourage you to review those policies. We are not responsible for the independent data practices of third-party providers.

How We Use Information

Information collected through the Application is used only for legitimate operational purposes. These purposes include operating the Application and delivering its features, verifying your identity and managing your account, personalizing your experience within the App, generating productivity insights based on your usage patterns, and improving system reliability and performance.

We may also use collected information to diagnose technical problems, monitor security, comply with legal obligations, and communicate important notices such as security updates or service announcements. Where permitted and with your consent when required, we may send information about product improvements or new features.

We do not sell, rent, or trade personal information to third parties, and we do not use your personal data to display targeted advertising within the Application.

Data Retention

We retain your information only for as long as necessary to provide the App and meet our legal obligations.

• Account information (name, email) is retained for the life of your account and deleted within 30 days of a verified deletion request.
• Task and note data is retained until you delete it within the App or request account deletion.
• AI chat session history is retained on our servers until you delete the session in the App or request account deletion.
• Agent execution logs are stored locally on your device in an encrypted database. They are cleared automatically when you delete your account, and you may clear them independently at any time through App Settings.
• Google Workspace data accessed during an Agent action (with your confirmation) is used in real time and is not retained on our servers after the operation completes.
• Aggregated, anonymised usage statistics that cannot identify any individual may be retained indefinitely for analytical purposes.

Your Rights and Data Controls

You have the following rights in relation to your personal data. The rights available to you may vary depending on your jurisdiction.

To exercise any of these rights, contact us at support@nesko.app. We will respond promptly and will not discriminate against you for exercising your rights.

User Responsibility

Users are responsible for the accuracy and legality of the information they provide through the Application. You must ensure that any data, files, or materials uploaded for AI processing comply with applicable laws and do not violate the rights or privacy of others.

When using features that allow communication with third parties—such as sending emails or scheduling events through the Nesko Agent—you are responsible for ensuring that you have appropriate authority to contact those recipients and that your communications comply with applicable regulations. The Service Provider is not responsible for damages resulting from misuse of the Application, unauthorized disclosure caused by user actions, or loss of data arising from improper device security.

International Data Transfers

Nesko is operated from Australia and our primary servers are hosted in the AWS Asia Pacific (Sydney) region. Certain third-party service providers, including OpenRouter and AI model providers, may process your data in other countries including the United States, which may have different data protection standards than your home jurisdiction. By using Nesko you acknowledge that your data may be transferred to and processed in these countries. We take reasonable steps to ensure such transfers are conducted securely and consistently with this Policy.

Behavioral Personalization and Profiling

As part of the onboarding and ongoing use of the Application, Nesko may analyze certain responses you provide (such as task preferences or usage patterns) to generate personalized productivity insights, including categorization into general behavioral or procrastination-related profiles. These profiles are used solely to tailor in-app features, recommendations, and AI-assisted guidance and are not intended to represent clinical, medical, or psychological diagnoses. Such personalization is automated, limited to the functionality of the Application, and is not shared with third parties for marketing or profiling purposes.

Data Security

We implement technical, administrative, and physical safeguards to protect your information, including encrypted data transmission between the App and our servers, encrypted local storage on your device for sensitive data including agent execution logs and authentication tokens, short-lived OAuth token caching held in device memory only and never written to our servers, JWT-based authentication for all API requests issued and validated via AWS Cognito, and access controls that restrict internal access to production data.

No transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute protection. You acknowledge that you provide information at your own risk. If we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.

Third-Party Data in Agent Actions

When the Nesko Agent sends an email or creates a calendar event with attendees on your behalf, the email addresses and names of those recipients or attendees are transmitted to the relevant Google API solely to deliver the action you requested. We do not store these third-party contact details on our servers. You are responsible for ensuring that you have appropriate authority to communicate with recipients through the App and that all communications comply with applicable law, including anti-spam and data protection regulations.

Children's Privacy

Nesko is not designed for or directed toward children under the age of 13. We do not knowingly collect personal information from anyone in this age group. If we learn that a child under 13 has submitted personal data, we will delete that information promptly from our systems. Parents or guardians who become aware of such activity should contact us immediately at support@nesko.app so that we can take corrective action. The Service Provider does not use the Application to solicit data or market directly to children.

Legal Disclosure

We may disclose collected information if required by law, regulation, or valid legal process such as a subpoena or court order. Disclosure may also occur when we believe it is necessary to protect our rights, ensure the safety of users, prevent fraud, or respond to lawful government requests. Any disclosure will be limited to the information relevant for that purpose. We will not release personal information voluntarily to any private third party without proper legal justification. Such disclosures are intended to meet compliance obligations and preserve the integrity of our service.

Changes to This Policy

The Service Provider may modify or update this Privacy Policy as our practices or legal requirements evolve. Any changes will be posted within the Application or on our official website, along with the new effective date. We encourage you to review this policy periodically to stay informed about how your information is handled. Continued use of the Application after updates indicates your acceptance of the revised terms. Historical versions may be retained for recordkeeping and compliance purposes.

Your Consent

By downloading, installing, or using the Nesko Application, you consent to the collection, processing, and handling of information as described in this Privacy Policy. Your continued use after updates constitutes ongoing agreement to the most current version. If you do not agree with any part of this Policy, you must discontinue using the Application and delete it from your device. This consent confirms your understanding of how your information may be used, stored, and protected.