Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Consumer Health Data Policy
Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.
Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered:
NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices
1. Scope
This policy applies to consumer health data that may not be HIPAA-regulated, including wellness, fitness, reproductive health, biometric, symptom, medication, sleep, nutrition, mental health, location linked to health services, device-generated health, and inferred health data.
2. Core rule
Do not assume health data is unregulated merely because it is not PHI. The FTC Health Breach Notification Rule, state consumer-health-data laws, state privacy laws, unfair/deceptive-practices laws, app-store rules, and contracts can apply to health apps, connected devices, wellness tools, and health-related websites.
3. Notice and consent
Provide a consumer health data notice where required. Obtain affirmative consent or authorization for collection, sharing, sale, or secondary use where required. Separate consents should be used for materially different purposes. Never bury consumer-health-data sharing in general terms.
4. Prohibited practices without written approval
- Targeted advertising or lookalike audiences using consumer health data.
- Sale or sharing of consumer health data.
- Use of health data for AI training unrelated to the service requested.
- Disclosure to data brokers, ad networks, analytics vendors, or social platforms.
- Location tracking that reveals visits to health facilities.
5. Rights and requests
Support access, deletion, withdrawal of consent, and other rights required by state law. Maintain a workflow for confirming identity and deleting or instructing vendors to delete consumer health data.
6. Incident handling
Unauthorized acquisition, disclosure, or access involving identifiable health information may trigger FTC, state AG, customer, app-store, or consumer notice. Escalate suspected incidents under the Incident Response Policy.