Privacy Policy

PCI-Nexus (“we,” “us,” or “our”) is committed to protecting the privacy of our users and their client organizations. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our platform and marketing website.

1. Personal Data We Collect

We collect the following categories of personal data:

• Account and identity data: Name, email address, job title, and phone number provided during account registration
• Company information: Organization name, address, industry, and the company or firm you represent
• Billing information: Payment method details (credit card number, billing address) processed through our payment processor. We do not store full credit card numbers on our systems
• Usage data: Information about how you interact with the platform, including features accessed, pages visited, actions taken, and session duration
• Technical data: IP address, browser type and version, operating system, device type, and referring URL
• Communications: The content of emails and messages you send to us, and records of your support interactions

We do not intentionally collect sensitive personal data such as government ID numbers, health information, racial or ethnic origin, or biometric data. Please do not include such data in communications or uploads to the platform.

2. How We Use Your Personal Data

We use your personal data for the following purposes:

• Service delivery: To create and manage your account, provision access to the platform, and deliver the features and functionality of the Service
• Billing and subscription management: To process payments, manage your subscription, send invoices and billing notifications, and handle cancellations and refunds
• Compliance tracking: To associate your account and client organization data with your compliance program records within the platform
• Communications: To send you service-related notifications (account confirmations, security alerts, deadline reminders) and, with your consent, marketing communications about new features or offers
• Support: To respond to your inquiries, troubleshoot issues, and improve the Service
• Legal compliance: To comply with applicable legal obligations, respond to lawful requests from government authorities, and enforce our Terms of Service
• Analytics and improvement: To understand how the Service is used and to improve platform features, performance, and security

3. No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. This applies to all users, including California residents under the California Consumer Privacy Act (CCPA).

4. California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request that we disclose the categories and specific pieces of personal data we have collected about you, the categories of sources from which we collected it, our purposes for collecting it, and the categories of third parties with whom we share it
• Right to delete: You may request that we delete personal data we have collected from you, subject to certain exceptions
• Right to correct: You may request that we correct inaccurate personal data we hold about you
• Right to opt out of sale or sharing: As noted above, we do not sell or share personal data for cross-context behavioral advertising
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at jeatonit@outlook.com. We will verify your identity before processing your request and will respond within 45 days.

5. EU and UK Residents — GDPR Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies to our processing of your personal data under the General Data Protection Regulation (GDPR) and UK GDPR:

Legal bases for processing: We process your personal data based on one or more of the following legal bases:

• Performance of a contract (to provide the Service you have subscribed to)
• Legitimate interests (to improve the Service, maintain security, and prevent fraud)
• Compliance with legal obligations
• Your consent (for marketing communications and analytics cookies)

Your GDPR rights include: the right to access, rectify, erase, restrict processing of, and port your personal data; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

International transfers: PCI-Nexus is operated from the United States. If you are located in the EEA or UK, your personal data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses and other appropriate safeguards for such transfers where required.

To exercise your GDPR rights, contact us at jeatonit@outlook.com. You also have the right to lodge a complaint with your local data protection authority.

6. Cookies

PCI-Nexus uses the following types of cookies:

• Essential cookies: Strictly necessary for the platform to function. These include session authentication cookies and security tokens. These cookies cannot be disabled without breaking core platform functionality
• Analytics cookies: We use Google Analytics to understand aggregate usage patterns on our marketing website. These cookies are only placed with your explicit consent via our cookie consent banner. We do not use third-party advertising or retargeting cookies

We do not use persistent tracking cookies that follow you across other websites. You can withdraw your analytics cookie consent at any time by clearing your browser cookies and declining consent when the banner reappears.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include encryption at rest and in transit, access controls, regular security assessments, and incident response procedures. See our Data Handling Policy for complete details.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You should also take steps to protect your account credentials.

8. Data Retention

We retain personal data for as long as your account is active and for 90 days following account cancellation, after which it is permanently deleted. We may retain certain data for longer periods where required by applicable law or for legitimate business purposes such as resolving disputes or enforcing agreements.

9. Children’s Privacy

PCI-Nexus is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a minor, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

PCI-Nexus
Operated by Joe Eaton
1350 Hemlock St., Napa, CA 94559
jeatonit@outlook.com