← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

Confidentiality and Confidential Privacy Policy

Customization required. This template is provided for policy operations and counsel review. Replace every NEXQ-reviewed value, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.

Effective date: September 18, 2024
Last updated: September 18, 2024
Owner: NEXQ privacy, security, and legal operations
Applies to: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services

This policy governs confidential information, restricted personal information, proprietary information, and secrets handled by NEXQ, personnel, contractors, vendors, and integrated systems.

1. Purpose

Confidentiality protects users, patients, customers, employees, intellectual property, trade secrets, security information, and regulated records. Confidential data must be handled only for authorized business purposes and only by people and systems with a need to know.

2. Confidential data classes

Class Examples Minimum handling rule
Public published policy pages, approved marketing pages approved disclosure only
Internal operating procedures, ordinary business records workforce and approved vendors only
Confidential customer data, contracts, financial records, product roadmaps, nonpublic security information least privilege, access logging, encryption in transit and at rest where feasible
Restricted health data, PHI, government IDs, credentials, children’s data, precise location, biometric data, trade secrets, unreleased vulnerability details explicit approval, heightened security, limited retention, incident escalation

3. Duties

Personnel and vendors must protect confidential information, use it only for authorized purposes, avoid unauthorized disclosure, report suspected incidents immediately, and return or destroy information at termination or contract end unless retention is required.

4. Need-to-know access

Access to confidential or restricted information requires a legitimate business purpose, role-based permission, authentication, periodic review, and revocation when no longer needed.

5. Confidential health and patient data

Health data, PHI, and patient information must be handled under applicable law, customer instructions, BAAs, minimum necessary principles, audit controls, and approved clinical workflows. Do not use patient data for marketing, model training, or product development unless specifically authorized, lawful, and documented.

6. AI tools and confidential data

Confidential data may not be entered into external AI tools unless the tool has been reviewed, approved, and configured to prevent unauthorized retention, training, disclosure, or cross-customer use. AI outputs that contain confidential data inherit the same classification.

Legal demands must be referred to legal/compliance. Unless prohibited, NEXQ will seek to provide notice to affected customers or users and challenge overbroad requests where appropriate.

8. Review and enforcement

Violations may result in access removal, contract remedies, discipline, reporting to customers or regulators, and legal action. The policy owner reviews this policy at least annually and after material incidents.