← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

Third-Party SDK and Tracking Policy

Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.

Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices

1. Scope

This policy governs vendors, SDKs, tags, pixels, APIs, data brokers, analytics platforms, ad networks, attribution providers, crash reporters, session replay, tag managers, and embedded scripts.

2. Approval gate

No third-party code may be added to websites, apps, mobile apps, tag managers, or server-side events until privacy, security, and procurement approvals are recorded in the tracking-technology inventory and vendor-risk file.

3. Required review fields

Vendor name, script/package name, version, domain, data collected, purpose, destination country, retention, downstream recipients, sale/share/targeted-advertising classification, sensitive-data exposure, app-store label impact, contractual role, security evidence, deletion capability, and incident-notice terms.

4. Runtime controls

Use consent gating, content security policy, subresource integrity where practical, tag-manager approvals, environment separation, script allowlists, version pinning, dependency scanning, and regular code scans. Remove unknown or orphaned tags immediately.

5. High-risk restrictions

Advertising, retargeting, data matching, session replay, heatmaps, and conversion APIs are prohibited in regulated sensitive workflows unless approved in writing after a documented risk assessment.