Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Subprocessor and Vendor Transparency Policy
Customization required. This template is provided for policy operations and counsel review. Replace every
NEXQ-reviewed value, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.
Effective date: September 18, 2024
Last updated: September 18, 2024
Owner: NEXQ privacy, security, and legal operations
Applies to: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
This policy explains how NEXQ manages subprocessors and vendors that process personal information.
1. Vendor categories
Subprocessors may include cloud hosting, infrastructure, monitoring, analytics, communications, support, payments, identity, security, AI model providers, data storage, and healthtech integration vendors.
2. Review
Before engagement, vendors are reviewed for security, privacy, confidentiality, data location, subprocessors, breach notice, deletion, audit support, and regulatory requirements.
3. Contract controls
Vendor agreements must include confidentiality, data processing instructions, security safeguards, breach notice, subprocessors, retention/deletion, audit or assurance, and restricted use terms.
4. Customer notice
Maintain current subprocessor list at https://nexq.us/legal-policy-bundle/site/policies/subprocessor-policy.html and provide notices of material changes where required by contract or law.
5. High-risk vendors
AI, health, biometric, children’s, advertising, payment, and infrastructure vendors require enhanced review.