What buyers should never send
Do not send raw passwords, personal banking access, government IDs, or unrelated sensitive data through messages.
How Nexus handles access and credentials.
Automation setup should not mean sending raw passwords around. Nexus aims to use setup forms, secure credential flows, OAuth where possible, and clear revocation paths.
Access rules buyers and developers should know.
Exact handling depends on the product and tools involved, but these are the platform expectations.
OAuth when available
For supported tools, OAuth or platform-approved connection flows are preferred over copying secrets manually.
Temporary access
If temporary access is needed, buyers should limit permissions and revoke access after setup or cancellation.
Developer visibility
Developers should only see the setup data and product context needed to support their approved product.
Developer-owned keys
Provider keys used by the developer's workflow logic are managed separately from buyer setup data.
Buyer-owned access
Buyer credentials, accounts, URLs, files, and input data remain the buyer's responsibility.
Data storage
Nexus stores order, setup, output, message, and operational records needed to run and support the product.
After cancellation
Scheduled runs stop after cancellation according to the order/subscription state. Buyers should revoke third-party access they granted.
Security questions
If a product needs unusually sensitive access, ask Nexus before checkout so scope and risk are clear.