Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Financial Data and GLBA Policy
Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.
Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered:
NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices
1. Scope
This policy applies to financial products, payment workflows, credit, lending, insurance, tax, bank, investment, financial-wellness, customer financial records, account aggregation, fraud review, and financial-service integrations.
2. GLBA and safeguards
If the organization is a financial institution or service provider subject to GLBA, provide privacy notices and opt-out rights where required, maintain a written information security program, assess risks, implement safeguards, oversee service providers, train personnel, monitor controls, and handle qualifying security events according to applicable FTC Safeguards Rule requirements.
3. Payment data and PCI
Payment-card data should be tokenized and processed by PCI-compliant payment processors. Do not store full card numbers, CVV, magnetic-stripe data, or sensitive authentication data unless expressly approved by security, finance, and legal.
4. Consumer reports and credit data
Consumer reports, credit scores, eligibility determinations, adverse-action workflows, and identity verification may trigger FCRA, ECOA, state law, and customer contract obligations. AI or automated decision tools in financial eligibility require separate impact assessment and legal approval.
5. Data minimization and retention
Collect only financial data required for the approved purpose. Encrypt financial records, restrict access, log access, segregate environments, and map data to the retention schedule. Delete or deidentify data when no longer needed, subject to legal holds and regulatory retention requirements.
6. Marketing and sharing restrictions
Do not use financial data for targeted advertising, sale/share, lookalike audiences, AI training, or cross-product marketing unless counsel confirms the use is lawful and notices/opt-outs/consents are implemented.