Privacy Policy
Last updated: May 28, 2026
This Privacy Policy describes how NexAim ("we", "us", "our") collects, uses, and protects your information when you use our software and services.
1. Information We Collect
We collect the following information when you use NexAim:
- Account Information: Email address and password (stored as a secure hash) when you register
- Hardware Identifier (HWID): A unique identifier generated from your hardware configuration, used for license binding and account security
- License Data: Your license key, activation date, and expiration date
- Connection Data: IP address at the time of login, used for rate limiting, abuse prevention, and the anti-tamper telemetry described in Section 3
- Approximate Location: Country, region, and city derived from your IP address via a third-party geolocation lookup. We do not collect GPS coordinates or precise location data
2. Information We Do NOT Collect
Outside of the anti-tamper checks described in Section 3, NexAim does not collect:
- Screen captures, screenshots, or video from your display
- Keystrokes, mouse movements, or input data
- A general inventory of the applications installed on your computer
- Information about games or other software unrelated to reverse engineering or anti-tamper enforcement
- Browsing history, personal files, or any data outside the scope of NexAim
- Telemetry, analytics, or usage tracking data
3. Anti-Tamper & Security Telemetry
To protect against cheating, piracy, reverse engineering, and abuse of our Service, NexAim performs two categories of anti-tamper checks on the device where it runs. Both are scoped narrowly to the protection purpose — we do not transmit unrelated information about your computer or your activity.
3.1 — Reactive tamper events. The client continuously monitors for evidence of active tampering (modification of the NexAim executable, a debugger attached to the NexAim process, or known reverse-engineering tools running while NexAim is open). When such an event fires, NexAim transmits the following to our servers as evidence supporting the resulting ban:
- One or more screenshots of your displays at the moment the tamper event was detected
- A snapshot of the processes running on your computer at that moment (see Section 3.1a below for the exact fields)
- Your HWID and IP address
- Your approximate location (country, region, city) derived from that IP
- A short machine-generated reason describing what triggered the detection
3.1a — Process snapshot detail. Many reverse-engineering and debugging tools run silently in the background (no visible window, minimized to tray, or operating as a child of another process) and therefore would not appear in a screenshot. To support investigation of a tamper event, the process snapshot captured at the moment of detection records only the following per-process fields:
- Process name (e.g. "x64dbg.exe")
- Process ID and parent process ID + name
- Executable path on disk (e.g.
C:\Program Files\x64dbg\x64\x64dbg.exe) - Command-line arguments the process was launched with
- Process start time and main window title (if any)
- For the NexAim process specifically: the list of DLL modules loaded into our process at that moment, to identify in-process injection tooling (e.g. Frida agents, ScyllaHide)
The snapshot does not capture file contents, network connections, browser tabs or URLs, the contents of documents, the working memory of other processes, or any data unrelated to identifying the security event. The snapshot is captured only at the moment a tamper event is detected — never continuously, never as background telemetry, and never when no tamper event has fired.
3.2 — Passive risk-factor scan. When you log in to NexAim, the client performs a one-time, background scan of your computer for indicators that reverse-engineering, debugging, or memory-editing tools are present. Specifically, NexAim checks:
- The Windows uninstall registry for installed reverse-engineering tools (for example: Ghidra, IDA Pro/Free, dnSpy, ILSpy, Cheat Engine, x64dbg)
- The Windows program-launch history (UserAssist and MUICache) for those same tools, including portable versions launched from any location on any drive
- The list of processes currently running on your computer, for those same tools
- The parent process that launched NexAim (to detect script-driven launches under instrumentation)
From this scan, we transmit only the names of detected tools (for example, "Ghidra") together with how they were detected (installed, recently run, or currently running). We do not transmit a list of every program on your computer, your full path information, file contents, or any data about software unrelated to reverse engineering.
Detections from this scan populate an internal risk profile on your account. The presence of these tools alone does not result in an automatic ban — we recognise that developers, security researchers, and IT professionals may have legitimate reasons to have them installed. The risk profile is used by our staff to identify accounts that warrant closer monitoring in the event of other tamper signals.
Retention & access. Tamper-event evidence (Section 3.1) is retained as long as the associated ban record exists. Risk-factor data (Section 3.2) is retained for the life of your account plus up to 12 months after closure for anti-fraud purposes. Both categories are accessible only to authorized administrators for the purpose of reviewing and adjudicating enforcement actions.
Legal basis (EEA/UK users). The legal basis for both reactive tamper events and the passive risk-factor scan is our legitimate interest in protecting NexAim from unauthorized access, reverse engineering, and tampering, and in enforcing the Terms of Service to which you agreed when creating your account. You may object to processing on the basis of legitimate interest by contacting us; however, anti-tamper protection is a core technical measure of the Service, and continued use of NexAim requires it to remain active.
4. How We Use Your Information
We use your information for the following purposes:
- Authentication: To verify your identity and manage account access
- License Management: To bind and validate your license to your hardware
- Security: To prevent unauthorized access, detect abuse, enforce rate limits, and investigate tamper events
- Service Delivery: To provide access to cloud models and software updates
5. Data Storage & Security
Your data is stored on secure servers. Passwords are hashed using bcrypt and are never stored in plain text. We implement reasonable security measures to protect your information, but no method of transmission or storage is 100% secure.
6. Data Sharing
We do not sell, rent, or share your personal information with third parties. Your IP address is transmitted to a third-party geolocation provider (ip-api.com) solely to resolve it to an approximate country/region/city for the security purposes described in this policy. Your data may otherwise only be disclosed if required by law or to protect our rights.
7. Data Retention
We retain your account data for as long as your account is active. If your account is terminated or you request deletion, we will remove your personal data within a reasonable timeframe. Ban records (including the associated HWID, IP, approximate location, and any tamper-event screenshots) are retained for as long as the ban is in effect so we can review and adjudicate enforcement actions. Some data may be retained as required by law.
Inactive accounts without a license. Accounts that register but never activate a license and remain inactive for an extended period (typically at least seven days) may be removed at our discretion to reduce server clutter. Accounts that have ever had a license — including expired or revoked ones — are not subject to this cleanup and are retained indefinitely so returning customers can renew without re-registering.
8. Your Rights
You have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Change your password at any time through the application
To exercise these rights, contact us through our Discord community.
9. Cookies
Our website uses localStorage to store your authentication token for session persistence. We do not use tracking cookies, third-party analytics, or advertising cookies.
10. Children's Privacy
NexAim is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.
12. Contact
If you have questions about this Privacy Policy, contact us through our Discord community or via the email associated with your account.
← Back to home