Nexus CRM

Navigation

Privacy is architecture, not policy.

Most privacy policies tell you how companies handle your data. Ours tells you why we never see it in the first place.

Our principles

Local-first by design

NexxusCRM stores all data on your Mac in an encrypted SQLite database. Your contacts, interactions, reminders, emails, messages, and notes never leave your machine unless you explicitly choose to export them. The app works fully offline — no account required, no internet connection needed for core features.

Encrypted at rest

Your database is encrypted with SQLCipher using AES-256-GCM. Your passphrase is processed through Argon2id key derivation — it is never stored in plaintext and never transmitted anywhere. After first unlock, the derived key can be stored in macOS Keychain and protected by Touch ID or Apple Watch, so you don't need to type your passphrase every time.

No telemetry

NexxusCRM does not collect usage analytics, crash reports, or any behavioural data from the desktop application. We have no tracking pixels, no session recording, and no third-party analytics SDKs embedded in the app. The app does not phone home.

No cloud dependency

The app works fully offline. The only network requests are ones you initiate — fetching RSS feeds, syncing email via IMAP, or connecting to messaging APIs. Those requests go directly from your machine to the source. We are not a proxy.

Your AI stays local

All AI features run on your device by default via Ollama and llama.cpp. Feed scoring, relationship nudges, meeting prep, and natural language queries all use on-device models. Your relationship data never goes to an AI company's server unless you explicitly opt in to a cloud model.

Zero-knowledge sync

When multi-device sync is enabled, your data leaves your device as encrypted blobs only. The relay server — a Rails 8.1 API-only proxy — receives, stores temporarily, relays, and deletes. It never decrypts. It never has your key. It never sees your data.

Your data, your export

You can export all your data at any time as a single JSON file, fully decrypted and schema-documented. You can also export contacts as vCard or CSV. There's no lock-in and no proprietary format. If you stop using NexxusCRM, your data leaves with you.

No account required

You don't need to create an account, provide an email address, or authenticate with any external service to use NexxusCRM. The app is unlocked with a local passphrase.

Technical architecture

For those who want the details:

  • Database: SQLite + SQLCipher — AES-256 encryption at rest, key derived via Argon2id from user passphrase
  • Biometric unlock: Derived key stored in macOS Keychain, gated by Touch ID or Apple Watch
  • Application: Tauri 2.4.x native macOS app (~600KB binary, no Electron)
  • Search: Tantivy full-text search engine — local, no server, sub-100ms queries
  • AI inference: Ollama / llama.cpp via Rust bindings — multi-model routing, all on-device
  • Sync encryption: AES-256-GCM for encrypted sync payloads — zero-knowledge relay server
  • Email: IMAP core (async-imap Rust crate) — provider-agnostic, direct device-to-server connection
  • Data portability: One-click JSON export of all decrypted data, plus vCard and CSV for contacts

Website privacy

This website (nexxuscrm.com) uses Plausible Analytics, a privacy-focused, cookie-free analytics tool. No personal data is collected. No cookies are set. We don't track you across sites.

If you subscribe to our newsletter, your email is stored with our email provider. You can unsubscribe at any time and your data will be deleted.

Contact

Questions about privacy? Email us at hello@nexxuscrm.com.

Last updated: March 2026