NexaGuard CMP – Privacy Policy
Last Updated: June 2025
Welcome to NexaGuard Inc. (“NexaGuard”, “we”, “us”, or “our”). NexaGuard is a U.S.-based privacy and compliance technology company incorporated in New York, USA.
This Privacy Policy explains how we collect, use, store, and protect personal data, and how our role differs when providing Consent Management Platform (CMP) services to our customers.
This Policy applies to:
NexaGuard dashboards and portals
NexaGuard APIs and SDKs
Consent Management services operated on behalf of customers
(collectively, the “Services”).
1. Our Role: Controller vs Processor (Very Important)
NexaGuard operates in two distinct roles, depending on the context:
1.1 NexaGuard as Data Controller
We act as a Data Controller when processing data related to:
Visitors to our website
Our customers and account holders
Sales, billing, marketing, and support interactions
Product communications and service administration
1.2 NexaGuard as Data Processor (CMP Services)
When providing CMP services, NexaGuard acts solely as a Data Processor on behalf of our customers.
In this role:
NexaGuard does not determine how end-user data is used
NexaGuard does not identify individual end users
NexaGuard processes consent signals only according to customer configuration
Customers remain the Data Controller for their end users.
2. Information We Collect
2.1 Website Visitors (NexaGuard.com)
We may collect:
Name, email, company, phone number (via forms)
IP address, device/browser type
Usage analytics and security logs
This data is used only for:
Communication
Service improvement
Security and fraud prevention
2.2 Customers and Platform Users
For registered accounts, we collect:
Account details (name, email, company, role)
Authentication credentials (securely hashed)
Subscription and billing metadata
Audit and access logs
Payment data is handled by PCI-DSS compliant third-party processors. NexaGuard does not store raw card data.
2.3 End Users (Processed on Behalf of Customers)
When customers deploy NexaGuard CMP on their websites or apps, NexaGuard may process:
Consent choices (purposes, vendors, opt-outs)
Consent metadata (timestamp, jurisdiction, policy version)
Pseudonymous identifiers (e.g., consent ID, cookie ID, device signals)
Important:
NexaGuard does not collect names, emails, or direct identifiers of end users
NexaGuard cannot independently identify individuals
Consent records are pseudonymous by design
2.4 Sensitive Personal Data
NexaGuard does not intentionally collect sensitive personal data, except where:
Required by law, or
Explicitly configured by a customer under applicable regulations
3. How We Use Information
We use information to:
Provide and operate the Services
Generate consent logs and compliance records
Maintain audit trails required by law
Provide dashboards, APIs, and integrations
Process billing and account administration
Detect security threats and misuse
Comply with legal and regulatory obligations
NexaGuard does not use end-user consent data for advertising, profiling, or resale.
4. Data Sharing and Disclosure
We may share data only in the following cases:
4.1 Service Providers
With trusted vendors providing:
Cloud hosting
Security monitoring
Billing and payments
Customer support tooling
All providers are bound by confidentiality and data protection obligations.
4.2 Customers (CMP Context)
When you interact with a customer’s CMP implementation:
Your consent signals are made available only to that customer
Data is not shared across customers
4.3 Legal Obligations
We may disclose data when required by:
Law
Court orders
Regulatory authorities
4.4 Business Transfers
In the event of a merger or acquisition, data may be transferred subject to this Policy and applicable law.
NexaGuard does not sell personal data.
5. International Data Transfers
NexaGuard operates globally. Where data is transferred internationally, we rely on:
Standard Contractual Clauses (SCCs)
Data Processing Agreements (DPAs)
Industry-standard safeguards
6. Data Subject Rights (DSARs)
Rights vary by jurisdiction (GDPR, CPRA, etc.) and may include:
Access
Correction
Deletion
Restriction
Portability
Objection
Consent withdrawal
Important DSAR Clarification
End users must submit DSARs directly to the website/app owner
NexaGuard does not have sufficient data to verify end-user identity
NexaGuard supports customers technically, but does not decide DSAR outcomes
For NexaGuard account data, contact: [email protected]
7. Security Measures
NexaGuard applies enterprise-grade safeguards including:
Encryption in transit and at rest
Role-based access control
Infrastructure monitoring
Regular security reviews
Incident response procedures
Data minimization and pseudonymization
8. Data Retention
We retain data only as necessary:
Account data: while account is active and legally required
Consent logs: per regulatory and customer-defined retention periods
Billing records: per tax and accounting laws
9. Children’s Privacy
NexaGuard Services are not intended for children under 16. We do not knowingly process children’s personal data.
10. Cookies & Similar Technologies
NexaGuard uses cookies for:
Consent management
Essential site functionality
Security
Analytics (where consent is required)
Users may manage preferences via:
NexaGuard CMP interfaces
Browser settings
11. Third-Party Services
Our Services may link to third-party platforms. NexaGuard is not responsible for their privacy practices.
12. Policy Updates
We may update this Privacy Policy to reflect changes in law or technology. Material changes will be communicated.
13. Contact Information
NexaGuard Inc.
10 Times Square, Suite 3134
New York, NY 10018, USA
📧 [email protected]
🌐 https://www.nexaguard.com
Summary
NexaGuard provides privacy infrastructure, not legal decisions.
We design our systems to:
Minimize data
Respect user choices
Support customer compliance
Protect trust
Your privacy is not a feature — it’s our foundation.