NEXQ logo
Private Platform
HomePrivate PlatformResearchTumorQLIMIQHeartQDOCSCONTACTBlogAMARQEncryptionPrivacy Policy

Privacy Policy

NEXQ Privacy & Secure Session Logging Policy

NEXQ is committed to privacy-forward healthcare engineering. This policy explains what data we collect, why we collect it, and how secure login telemetry is handled for protected workspace access.

Effective date: March 28, 2026

Legal ControlsPrivacy Questions

Scope

Policy Scope And Compliance Position

  • NEXQ operates privacy-forward controls aligned to healthcare security expectations, including HIPAA-aligned safeguards and GDPR-aligned governance patterns.
  • This policy applies to NEXQ public web properties, protected workspace access routes, and supporting security telemetry for authentication and session protection.
  • This page provides operational policy transparency and does not replace legal counsel for organization-specific requirements.

Automatic Sign-On Logging

What Is Automatically Logged At Login

When a user signs into a protected NEXQ workspace, authentication telemetry is automatically recorded to support security monitoring, audit readiness, and incident response.

  • IP address (network source used during authentication)
  • Device category and user agent metadata
  • Approximate location derived from network headers (city/region/country when available)
  • Authentication timestamp and account role

Legal Bases

Why NEXQ Processes This Data

  • Security and fraud prevention for protected systems.
  • Contractual necessity when delivering authenticated workspace services.
  • Legitimate interests in maintaining platform reliability, traceability, and abuse prevention.
  • Legal and regulatory obligations where retention, security, or incident records are required.

Minimization and Transfer Controls

Data Minimization, Confidentiality, And Transfer Safeguards

  • NEXQ applies minimum-necessary handling and stores only security-relevant login/session telemetry required for platform integrity and legal obligations.
  • Protected workspace payloads are role-scoped and delivered on a need-to-know basis.
  • Public documentation and marketing pages intentionally avoid disclosure of non-public architecture, keys, internal model parameters, or sensitive workflow internals.
  • Cross-border data handling, if applicable, is governed by contract controls and legally required transfer safeguards.

How We Use This Data

  • Validate workspace security and detect suspicious access attempts.
  • Maintain audit-ready authentication evidence for operational governance.
  • Support troubleshooting of session integrity and secure access controls.

Data Protection

  • Authentication logs are stored inside encrypted local auth infrastructure.
  • Role-scoped access applies to protected workspace activity and review surfaces.
  • NEXQ does not publish private login telemetry to public-facing pages.
  • Operational security controls are reviewed through policy and audit pathways.

Forced Logout Policy

Lifecycle-Triggered Logout And Re-Entry Notice

Protected sessions are forcibly terminated when browser/device lifecycle events occur, including refresh, hard refresh, tab/window close, and restart recovery checks. This is designed to reduce residual session risk on shared or interrupted devices.

  • Forced-logout trigger (refresh, hard refresh, tab/window close, browser shutdown/restart recovery)
  • Session identifier reference and role scope at termination time
  • Lifecycle source metadata (trigger path/source/host/device/IP/location when available)
  • Forced-logout timestamp and subsequent acknowledgement status

Retention And Deletion

How Long Data Is Kept

  • Authentication and security logs are retained only for defined security, audit, and legal obligations.
  • Retention windows are controlled by security and compliance governance and may vary by jurisdiction, contract, and incident context.
  • When retention periods expire and no legal hold applies, records are scheduled for secure deletion or irreversible de-identification.

Data Subject Rights

Your Privacy Rights

  • Request access, correction, or deletion of personal data where legally applicable.
  • Request restriction or objection processing where legally applicable.
  • Request data portability where legally applicable.
  • File a complaint with an applicable supervisory authority in your jurisdiction.

To submit a rights request, contact hello@nexq.us and include sufficient information for secure verification.

Security Controls

Security Baseline For Privacy Protection

  • Encrypted transport and role-scoped access boundaries for protected workflows.
  • Session lifecycle controls, including forced logout protections on refresh/close/restart conditions.
  • Audit and attestation lanes for authentication and high-risk actions.
  • Policy-gated release patterns for sensitive operational outputs.

Incident Response

Security Incident And Notification Posture

  • Security monitoring pathways are maintained to identify suspicious authentication, route, or session behavior.
  • Incident triage, containment, and recovery follow internal security response workflows with legal/compliance escalation ownership.
  • Where legally required, notifications are coordinated according to contractual and jurisdictional obligations.

Intellectual Property

Ownership And Proprietary Rights

  • NEXQ software, workflows, documentation, product architecture, and related materials are proprietary to NEXQ and/or its licensors.
  • No transfer of ownership is granted by site access, documentation access, or workspace usage unless explicitly stated in a signed agreement.
  • Third-party names, trademarks, service marks, and logos remain the property of their respective owners.

Legal And Medical Disclaimers

Required Acknowledgement After Forced Logout

  • Interrupted sessions can result in unsaved input, incomplete state, and data loss.
  • Platform outputs are assistive and must be independently verified by authorized professionals.
  • Users are responsible for clinical, operational, and disclosure decisions made after re-entry.
  • By continuing after the required prompt, users acknowledge these risks and accept liability for downstream use.
  • NEXQ and its affiliates disclaim liability for loss, interruption, or misuse related to forced session termination.

Policy Maintenance

  • Policy updates are validated through a structured release checklist that includes legal, security, and operations review ownership.
  • NEXQ applies repeated policy enhancement cycles prior to release, including an eight-pass integration/consistency loop for major policy revisions.
  • Material policy changes are published with an updated effective date and linked documentation references.

NEXQ may update this policy to reflect legal, regulatory, operational, or security changes. Material changes will be published on this page with an updated effective date.