← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

Records Retention and Deletion Policy

Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.

Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices

1. Scope

This policy governs retention, deletion, deidentification, archival, backup, legal holds, data minimization, and records management for websites, apps, mobile apps, regulated data, customer data, logs, AI data, and security records.

2. Principles

Retain personal information only as long as necessary for disclosed purposes, user/customer relationship, legal requirements, security, fraud prevention, accounting, dispute resolution, audits, contracts, and legitimate business needs. Retention must be documented by data category, system, owner, and deletion method.

3. Deletion and deidentification

Deletion must remove data from active systems and instruct vendors/processors where required. Deidentification requires technical controls, public or contractual commitments not to reidentify where required, and separation of keys/linking tables.

4. Backups and logs

Backups may follow a different deletion cycle if they are encrypted, access-restricted, and not used for ordinary processing. Logs must minimize sensitive information and follow defined retention periods.

Suspend deletion when legal, regulatory, audit, litigation, investigation, or customer hold obligations apply. Document hold scope, custodian, systems, dates, and release approvals.

6. Annual review

Review the retention schedule at least annually and after major product, vendor, law, or incident changes.