Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Sensitive Data and Cross-Border Transfer Policy
Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.
Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered:
NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices
1. Scope
This policy governs cross-border transfers, remote access, cloud hosting, subprocessors, support access, analytics exports, AI/model transfers, and vendor disclosures involving personal data, sensitive data, government-related data, or regulated sector data.
2. Transfer approval
Before transferring data outside its origin country or granting remote access from another country, document data categories, destination, recipient, purpose, transfer mechanism, customer contract permission, security controls, retention, onward transfer, and government-access risk.
3. U.S. restricted transfer review
The U.S. Department of Justice Data Security Program restricts or prohibits certain transactions involving bulk U.S. sensitive personal data and government-related data with countries of concern and covered persons. Evaluate data brokerage, vendor access, employment access, investment, cloud, AI, and support scenarios for restricted access.
4. Sensitive data
Health, genomic, biometric, precise geolocation, financial, children/student, government ID, login credentials, and government-related data require stricter review. Do not place these categories in analytics, AI, or overseas support workflows without approval.
5. Contract and technical controls
Use data processing agreements, transfer impact assessments, standard contractual clauses or other mechanisms where applicable, encryption, access segmentation, logging, data localization where required, customer approval, and vendor audit rights.