NEXXVIA Privacy Policy

Privacy Policy

Last Updated: August 22, 2025

1. Introduction

NEXXVIA AI Consulting (“we,” “us,” or “our”) is committed to protecting your privacy and personal information. As an AI technology consulting business, we understand the importance of data protection and are dedicated to maintaining the highest standards of privacy and security. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise interact with us.

This Privacy Policy is a legally binding agreement between you and NEXXVIA AI Consulting, a Wyoming Limited Liability Company.

By using our services or website, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, postal address, company name, job title
  • Business Information: Company details, gross annual income, project requirements, technical specifications
  • Communication Data: Records of correspondence, meeting notes, consultation records
  • Technical Data: IP address, browser type, device information, operating system
  • Website Usage Data: Pages visited, time spent on site, referral sources, user interactions
  • Financial Information: Payment card details, billing address, transaction history (processed through secure third-party payment processors)
  • Professional Information: LinkedIn profile, Facebook or Instagram account, professional certifications, industry experience

2.2 Automatically Collected Information

We automatically collect certain information when you use our website through:

  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance user experience
  • Analytics Data: Website performance metrics, user behavior patterns, and usage statistics
  • Log Files: Server logs containing IP addresses, browser information, and access times
  • Session Recordings: We may use session recording tools (video, text and voice) to improve user experience (with ability to opt-out)

2.3 Information from Third Parties

We may receive information about you from:

  • Business partners and referral sources
  • Public databases and social media platforms
  • Marketing and analytics service providers
  • Credit reporting agencies (for business verification purposes only)
  • Professional networking platforms
  • Affiliate programs

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as:

  • Health or medical information
  • Genetic or biometric data
  • Religious or philosophical beliefs
  • Sexual orientation or gender identity

If such information is inadvertently collected, it will be promptly deleted unless retention is required by law.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

  • Providing AI technology consulting services
  • Managing client projects and deliverables
  • Communicating about service updates and project status
  • Processing payments and managing invoicing
  • Conducting conflict of interest checks
  • Providing technical support and troubleshooting

3.2 Business Operations

  • Analyzing and improving our services
  • Conducting market research and business development
  • Managing vendor and partner relationships
  • Ensuring compliance with legal and regulatory requirements
  • Training our staff and improving internal processes
  • Conducting quality assurance and performance monitoring

3.3 Communication and Marketing

  • Responding to inquiries and providing customer support
  • Sending newsletters, updates, and promotional materials (with consent)
  • Personalizing user experience and content delivery
  • Sending transactional emails (order confirmations, service updates, invoices, etc.)
  • Conducting customer satisfaction surveys

3.4 Legal and Security Purposes

  • Complying with legal obligations and regulatory requirements
  • Protecting against fraud, security threats, and unauthorized access
  • Enforcing our terms of service and other agreements
  • Conducting internal audits and investigations
  • Establishing, exercising or defending legal claims
  • Complying with court orders and legal process

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party vendors and service providers who assist us in:

  • Technology Infrastructure: Cloud hosting, data storage, and IT services
  • Analytics and Marketing: Website analytics, email marketing platforms, CRM systems
  • Professional Services: Legal, accounting, and business consulting services
  • AI and Machine Learning Platforms: When necessary for project delivery
  • Payment Processing: Secure payment gateways and merchant services
  • Communication Services: Video conferencing, messaging platforms

Vendor Data Sharing Requirements:

All third-party vendors must:

  • Sign comprehensive data processing agreements
  • Implement appropriate security measures
  • Use data only for specified purposes
  • Comply with applicable data protection laws
  • Maintain confidentiality and security standards equivalent to our own
  • Provide annual security certificate of SOC 2 reports
  • Notify us immediately of any data breaches or security incidents

4.2 Customer Data Processing

When we provide consulting services to our customers, we may need to process, analyze, or share customer data with approved vendors or subcontractors to deliver our services effectively. In such cases:

  • Data sharing is limited to what is necessary for service delivery
  • All vendors sign strict confidentiality and data processing agreements
  • Customer data is never used for our own business purposes beyond service delivery
  • Customers are notified of any data sharing arrangements during contract negotiation
  • Data is handled in accordance with customer-specific requirements and applicable laws
  • Customers maintain ownership of their data at all times
  • We act as a data processor, not a data controller, for customer data

4.3 Legal Disclosure

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal process, court orders, or government regulations
  • Protect our rights, property, or safety, or that of others
  • Investigate or prevent illegal activities or security breaches
  • Enforce our terms of service or other agreements
  • Respond to lawful requests from public authorities
  • Comply with national security or law enforcement requirements

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy. We will provide notice before you personal information is transferred and become subject to a different privacy policy.

4.5 Aggregate and De-identified Information

We may share aggregate or de-identified information that cannot reasonably be used to identify you with third parties for marketing, advertising, research, or similar purposes.

5. Artificial Intelligence and Data Processing

As an AI technology consulting firm, we want to be transparent about how AI affects your data:

5.1 AI Tool Usage

  • We may use various AI tools and platforms to enhance our consulting services
  • Personal information may be processed by AI systems for analysis, insights generation, and service improvement
  • We implement safeguards to ensure AI processing complies with privacy laws and our data protection standards
  • We maintain human oversight of all AI-generated outputs that affect individuals
  • We regularly audit AI systems for bias and fairness

5.2 AI Model Training

  • We do not use your personal information to train third-party AI models without explicit consent
  • When working with AI vendors, we specifically prohibit the use of customer data for model training
  • Any AI development work is conducted under strict data protection protocols
  • If we develop propriety AI models, personal data will be anonymized or synthetic data will be used
  • We maintain documentation of all AI training data sources and purposes

5.3 Automated Decision-Making

  • We may use automated systems to help analyze data and generate recommendations
  • Human oversight is maintained for all significant decisions affecting individuals
  • You have the right to request human review of automated decisions that affect you
  • We will inform you when automated decision-making is used
  • You may object to automated processing and request manual review

5.4 AI Ethics and Governance

  • We follow AI ethics principles including transparency, fairness, and accountability
  • We conduct impact assessments for high-risk AI applications
  • We maintain an AI governance framework to ensure responsible AI use
  • We provide explanations of AI decision-making processes when requested

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure access controls and authentication systems
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems
  • Multi-factor authentication for sensitive systems
  • Regular security patches and updates
  • Data loss prevention (DLP) systems

6.2 Organizational Safeguards

  • Employee training on data protection and privacy
  • Access controls limiting data access to authorized personnel only
  • Regular review and updating of security policies and procedures
  • Incident response plans for data breaches
  • Background checks for employees handling sensitive data
  • Non-disclosure agreements with all employees and contractors
  • Clean desk policy and secure disposal procedures

6.3 Vendor Security Requirements

All third-party vendors must demonstrate:

  • Appropriate technical and organizational security measures
  • Regular security certifications and audits
  • Incident response and breach notification procedures
  • Compliance with industry security standards
  • Cyber liability insurance coverage
  • Business continuity and disaster recovery plans

6.4 Data Breach Notification

In the event of a data breach that compromises your personal information:

  • We will notify affected individuals within 72 hours of discovery (or as required by law)
  • We will provide information about the nature of the breach and steps to protect yourself
  • We will cooperate with relevant authorities and regulatory bodies
  • We will document the breach and our response for compliance purposes

7. International Data Transfers

If we transfer your personal information internationally, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses: EU-approved standard contractual clauses
  • Data Protection Frameworks: Participation in recognized data transfer frameworks
  • Additional Safeguards: Supplementary measures when required for data protection
  • Data Localization: Requirements where applicable
  • Encryption: During international transfer

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

8.1 Access and Portability

  • Right to access your personal information
  • Right to receive a copy of your data in a portable format
  • Right to know the categories of sources from which we collected your information
  • Right to know the business purposes for collecting your information

8.2 Correction and Deletion

  • Right to correct inaccurate personal information
  • Right to delete your personal information under certain circumstances
  • Right to request deletion of information sold or share (where applicable)

8.3 Processing Limitations

  • Right to object to processing for direct marketing
  • Right to restrict processing under certain conditions
  • Right to opt-out of the sale or sharing of personal information
  • Right to limit the use of sensitive personal information

8.4 Consent Withdrawal

  • Right to withdraw consent for processing based on consent
  • Right to opt-out of non-essential cookies and tracking
  • Withdrawal of consent will not affect the lawfulness of processing before withdrawal

8.5 Exercising Your Rights

To exercise any of these rights, please contact us in writing at:

Email: info@nexxvia.com

We will respond to your request within the timeframes required by applicable law. We may request additional information to verify your identity before processing your request. Please allow up to 30 days for a request to be processed, once we have all the information from you to verify your identity.

8.6 Appeals Process

If you are not satisfied with our response to your privacy rights request:

  • You may appeal our decision by contacting us within 30 days
  • We will review and respond to appeals within 45 days
  • You retain the right to file a complaint with relevant data protection authorities

9. Cookie Policy

9.1 Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality
  • Analytics Cookies: Help us understand website usage and performance
  • Marketing Cookies: Used for advertising and promotional purposes
  • Preference Cookies: Remember your settings and preferences
  • Security Cookies: Help authenticate users and prevent fraudulent use**

9.2 Cookie Management

You can control cookies through:

  • Browser settings and preferences
  • Our cookie consent management tool
  • Third-party opt-out tools and preferences
  • Global Privacy Control (GPC) signals
  • Do Not Track browser settings (though we note these are not legally binding)

9.3 Third-Party Cookies

We use cookies from trusted third parties for analytics, advertising, and functionality. Please review their privacy policies for more information about their data practices.

Current third-party cookie providers include:

  • Google Analytics

10. Data Retention

We retain personal information for as long as necessary to:

  • Fulfill the purposes outlined in this Privacy Policy
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Provide ongoing services and support

Retention Periods:

  • Client project data: 7 years after project completion
  • Marketing communications: Until you unsubscribe or opt-out
  • Website analytics: 26 months from collection
  • Legal and compliance records: As required by applicable law
  • Employment Applications: 1 year from submission
  • Customer Support Needs: 3 years from last interaction
  • Financial Records: 7 years as required by IRS regulations

Data Deletion Process:

  • Data is securely deleted or anonymized after retention periods expire
  • Deletion includes all backups and archived copies
  • Certificates of destruction are maintained for compliance

11. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Parents and Guardians who believe we have collected information from their child should contact us immediately at info@nexxvia.com

12. State-Specific Privacy Rights

Wyoming Residents

While Wyoming does not have a comprehensive consumer privacy law as of the date of this policy, we extend many privacy rights to Wyoming residents as a matter of best practice. Wyoming residents may contact us to exercise available rights under this policy.

12.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Limit: Limit the use of sensitive personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell or Share My Personal Information: We do not sell personal information to third parties. If this changes, we will provide appropriate notice and opt-out mechanisms.

Shine the Light: California residents may request information about personal information shared with third parties for direct marketing purposes.

12.2 Other State Privacy Laws

We comply with applicable state privacy laws, including those in Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregan and other jurisdictions with comprehensive privacy legislation.

12.3 Nevada Residents

Nevada residents may opt-out of the sale of covered information by contacting us at info@nexxvia.com.

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

  • Email notification to registered users
  • Prominent notice on our website
  • Direct communication for significant changes affecting your rights
  • In-app notifications for mobile application users (if applicable)

The “Last Updated” date at the top of this policy indicates when it was most recently revised. We maintain an archive of previous versions which can be requested by contacting us.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NEXXVIA AI Consulting

Email: info@nexxvia.com

For EU residents, you also have the right to lodge a complaint with your local data protection authority.

15. Jurisdiction-Specific Provisions

15.1 European Union (GDPR)

For EU residents, we process personal data based on the following lawful bases:

  • Consent: When you provide explicit consent
  • Contract: To fulfil our contractual obligations
  • Legitimate Interest: For our business operations and improvements
  • Legal Obligation: To comply with legal requirements
  • Vital Interests: To protect someone’s life (rare circumstances)**
  • Public Task: When necessary for tasks in the public interest**

15.2 United Kingdom

We comply with the UK Data Protection Act 2018 and UK GDPR requirements for UK residents.

15.3 Canada

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. We obtain express consent for collection, use, and disclosure of personal information as required by Canadian law.

16. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at info@nexxvia.com.

17. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

18. Social Media

We may maintain pages on social media platforms. Information collected through these platforms is governed by the respective platform’s privacy policy. We may receive information from these platforms according to their terms and this policy.

19. Dispute Resolution

19.1 Informal Resolution

We encourage you to contact us first to resolve any disputes or concerns about our privacy practices.

19.2 Binding Arbitration

 If we cannot resolve a dispute informally, any disputes arising from this Privacy Policy shall be resolved through binding arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association, conducted in Wyoming. Each party will pay their own legal fees unless otherwise directed with arbitration.

19.3 Class Action Waiver

You agree to resolve disputes with us on an individual basis and waive any right to participate in class action lawsuits or class-wide arbitration.

20. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Privacy Policy shall otherwise remain in full force and effect.

21. Entire Agreement

This Privacy Policy constitutes the entire agreement between you and NEXXVIA AI Consulting regarding the collection, use, and disclosure of your personal information and supersedes all prior agreements and understandings.

Effective Date: August 1, 2025

This Privacy Policy is designed to be comprehensive while remaining accessible. Please review it carefully and contact us with any questions about our privacy practices.

Legal Disclaimer: This Privacy Policy is subject to change and should be reviewed periodically. Your continued use of our services after changes constitutes acceptance of the revised policy.