• NexaGuard CMP: Simplifying Data Privacy Compliance

    Master Service Agreement (MSA)

Master Service Agreement (MSA)

Effective Date: November 10, 2025

Between: NexaGuard Inc., 10 Times Sq, Suite 3134, New York NY 10018 USA (“NexaGuard”, “We”, “Our”) and the Customer (“Client”, “You”, “Your”).

1. Scope of Agreement

This Master Service Agreement (“Agreement”) governs all services provided by NexaGuard including the Consent Management Platform (CMP), NexaGuard Pulse scanner, Policy Generator, developer tools, and related support (collectively, the “Services”). Each order, subscription, or online registration is subject to this Agreement.

2. Term

This Agreement commences on the Effective Date and continues until terminated in accordance with Section 14. Individual service subscriptions renew automatically unless canceled per their respective terms.

3. Services & Service Levels

  • Availability. NexaGuard targets 99.5 % monthly uptime excluding scheduled maintenance (announced at least 24 hours in advance).
  • Support. Enterprise clients receive initial responses within 1 business day; standard accounts within 3 business days.
  • Incident Reporting. Critical issues may be reported via [email protected] or through the support portal 24/7.

4. Customer Responsibilities

  • Provide accurate information and comply with applicable laws when using the Services.
  • Ensure consent implementation on Your digital properties is lawful and transparent.
  • Maintain security of login credentials and immediately notify NexaGuard of any breach.

5. Data Protection & Privacy

NexaGuard acts as a Data Processor for Client data collected via the Services and as a Data Controller for its own site visitors and accounts. Processing of personal data is governed by the Data Processing Agreement (DPA), incorporated here by reference.

NexaGuard retains Client data for up to 90 days following termination solely for audit and compliance purposes, after which data is securely deleted or anonymized.

6. Security Measures

NexaGuard implements industry-standard security controls including TLS 1.3 encryption, network segmentation, multi-factor authentication, regular penetration tests, and least-privilege access controls.

7. Sub-Processors

Authorized sub-processors include Google Cloud Platform, Cloudflare Inc., Firebase, and Stripe Inc. NexaGuard will provide at least 30 days’ notice before adding a new sub-processor. The current list is available in the DPA.

8. Fees and Payment

Fees are billed in USD via Stripe or invoice unless otherwise agreed. Subscriptions renew automatically on the anniversary date unless canceled through the dashboard or by written notice. Payments are due within 30 days of invoice date.

9. Intellectual Property

All software, designs, and documentation remain the exclusive property of NexaGuard. Client retains ownership of its data and content. No rights or licenses are granted except as expressly set forth herein.

10. Confidentiality

Each party shall protect the other’s Confidential Information with reasonable care and use it solely for performance of this Agreement.

11. Compliance with Law

Each party agrees to comply with applicable data-protection laws including the GDPR, CCPA/CPRA, and other relevant regulations. Client is responsible for obtaining valid user consents on its digital properties. NexaGuard’s Privacy Policy is available at https://nexaguard.com/privacy/.

12. Warranties & Disclaimers

NexaGuard warrants that it will provide the Services with reasonable skill and care. Except as stated herein, the Services are provided “as is” without warranty of merchantability or fitness for a particular purpose.

13. Limitation of Liability

To the maximum extent permitted by law, each party’s aggregate liability shall not exceed the fees paid by Client during the twelve (12) months preceding the event giving rise to the claim. Neither party shall be liable for indirect or consequential losses.

14. Termination and Data Return

  • Either party may terminate this Agreement with 30 days’ written notice.
  • In case of material breach, termination may be immediate upon notice.
  • Upon termination, Client may request export of consent records within 90 days. After that period, NexaGuard will delete the data per Section 5.

15. Indemnification

Each party agrees to indemnify the other for claims arising from its own breach of this Agreement or violation of law. Client remains responsible for data collected through its digital properties.

16. Force Majeure

Neither party is liable for delays or failures beyond its reasonable control (e.g., natural disasters, war, Internet outages).

17. Notices

Legal notices must be sent to [email protected] and are deemed received upon confirmation of delivery.

18. Governing Law and Jurisdiction

This Agreement is governed by the laws of the State of New York without regard to conflict-of-law principles. Any dispute shall be resolved exclusively in the state or federal courts of New York City, New York.

19. Entire Agreement and Order of Precedence

This Agreement, together with the DPA, Privacy Policy, and any Service Order or Statement of Work, constitutes the entire agreement between the parties and supersedes all prior understandings.

20. Acceptance of Agreement

By registering for or using NexaGuard Services, the Client acknowledges that they have read, understood, and agreed to be bound by this Master Service Agreement (MSA). If the Client has executed a separate signed MSA with NexaGuard, that executed version shall take precedence over this online version.