← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

Security Breach Notification Addendum

Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.

Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices

1. Purpose

This addendum supplements the Incident Response Policy with legal-notification triage considerations. It is not a fixed notification schedule; timing, recipients, content, and exceptions vary by law, data type, contract, and facts.

2. Notification matrix

Area Potential trigger Potential recipients
U.S. state breach laws unauthorized acquisition/access involving defined personal information consumers, state AGs, consumer reporting agencies
HIPAA breach of unsecured PHI/ePHI affected individuals, HHS OCR, media in some cases, covered entity customer
42 CFR Part 2 breach involving Part 2 records aligned HIPAA-style breach analysis plus Part 2-specific controls
FTC Health Breach Notification Rule breach of security involving identifiable health information by covered health apps/devices/vendors FTC, consumers, media in some cases
GLBA Safeguards notification event involving customer information threshold FTC and potentially affected customers/contracts
FERPA/student data unauthorized education record disclosure or contract incident school/customer, and school-directed notices as required
Payment card cardholder data compromise payment brands, acquirer, forensic assessor, affected parties
App stores/platforms mobile privacy/security incident app-store platform and users where required
DOJ Data Security Program prohibited or restricted access/transactions involving covered data legal counsel, regulators as required

3. Documentation

For every event, preserve evidence, impacted-data analysis, legal privilege decisions, notice drafts, approvals, vendor communications, regulator submissions, and remediation proof.