Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Security Breach Notification Addendum
Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.
Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered:
NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices
1. Purpose
This addendum supplements the Incident Response Policy with legal-notification triage considerations. It is not a fixed notification schedule; timing, recipients, content, and exceptions vary by law, data type, contract, and facts.
2. Notification matrix
| Area | Potential trigger | Potential recipients |
|---|---|---|
| U.S. state breach laws | unauthorized acquisition/access involving defined personal information | consumers, state AGs, consumer reporting agencies |
| HIPAA | breach of unsecured PHI/ePHI | affected individuals, HHS OCR, media in some cases, covered entity customer |
| 42 CFR Part 2 | breach involving Part 2 records | aligned HIPAA-style breach analysis plus Part 2-specific controls |
| FTC Health Breach Notification Rule | breach of security involving identifiable health information by covered health apps/devices/vendors | FTC, consumers, media in some cases |
| GLBA Safeguards | notification event involving customer information threshold | FTC and potentially affected customers/contracts |
| FERPA/student data | unauthorized education record disclosure or contract incident | school/customer, and school-directed notices as required |
| Payment card | cardholder data compromise | payment brands, acquirer, forensic assessor, affected parties |
| App stores/platforms | mobile privacy/security incident | app-store platform and users where required |
| DOJ Data Security Program | prohibited or restricted access/transactions involving covered data | legal counsel, regulators as required |
3. Documentation
For every event, preserve evidence, impacted-data analysis, legal privilege decisions, notice drafts, approvals, vendor communications, regulator submissions, and remediation proof.