Skip to content

Privacy Policy

Last updated: May 27, 2026

Effective date: May 27, 2026

This Privacy Policy describes how Nexus Software LLC ("Nexus," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Nexus platform, our website at getnexus.pro, and our mobile and web applications (collectively, the "Service").

Nexus provides software for asbestos abatement, demolition, and environmental remediation contractors. The Service handles sensitive worker compliance records, regulatory documentation, and field safety data. We take that responsibility seriously.

1. Scope of This Policy

This policy applies to:

  • The Nexus web application at app.getnexus.pro
  • The Nexus iOS and Android mobile applications
  • Our marketing website at getnexus.pro
  • Email and other electronic communications with Nexus

It does not apply to third-party websites or services we link to.

Geographic scope. The Service is designed for and directed to contractors operating in the United States. It is not directed at residents of the European Economic Area, the United Kingdom, or other jurisdictions with comprehensive cross-border data-transfer regimes. If you access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

2. Who Is the Controller

Nexus is a business-to-business platform. Our direct customers are contractor organizations (each, a "Customer") who subscribe to the Service and use it to manage their own personnel, projects, and records.

  • For Customer data (worker records, projects, files): the Customer is the controller. Nexus acts as a processor or service provider on the Customer's behalf and processes that data according to our agreement with the Customer.
  • For account, billing, marketing, and website analytics data: Nexus is the controller.

If you are an employee, contractor, or worker whose data is in Nexus because your employer uses the Service, please direct privacy requests (access, correction, deletion) to your employer first. We will support your employer in responding.

3. Information We Collect

3.1 Information You or Your Employer Provides

Account information:

  • Name, email address, phone number
  • Job title, employee identifier, and role within your organization
  • Password (stored hashed by our authentication provider; we never see it in plaintext)
  • Profile photo, if you upload one

Worker compliance and credential records (uploaded by you or your employer):

  • Certifications, training records, medical surveillance records, fit test results
  • Respirator fit-test data, drug and alcohol test results where required by regulation
  • Emergency contact information
  • Exposure monitoring records subject to OSHA 29 CFR 1926.1101 30-year retention

Project and field data:

  • Project locations, permits, regulatory notifications
  • Daily safety forms, air monitoring logs, job hazard analyses, incident reports
  • Time records, crew assignments, photographs taken in the field
  • Customer and supplier contact information

Billing information:

  • Company name, billing address, and tax information
  • Payment card or bank account details — collected and stored by our payment processor (Stripe); Nexus does not see or store full payment card numbers

3.2 Information We Collect Automatically

When you use the Service, we automatically collect:

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, screen size
  • Usage data: pages and screens viewed, features used, actions taken, timestamps, referring URLs
  • Location data: when you use field features such as geo-tagged time punches or photo capture, we record the location reported by your device. You can disable this in your device settings, but some field features will not work without it.
  • Diagnostic data: crash reports, error stack traces, and performance metrics collected to fix bugs

3.3 Information from Third Parties

We may receive information about you from:

  • Your employer, when they invite you to the Service or upload records about you
  • Authentication providers, if you sign in with a third-party identity provider through Clerk
  • Payment processors, who confirm payment status and return limited card metadata (last four digits, brand, expiration)

4. How We Use Information

We use the information described above to:

  • Provide, operate, and maintain the Service
  • Authenticate users, manage organization membership and seat usage, and process subscription billing
  • Store, organize, and retrieve worker credentials, project records, and regulatory documentation on behalf of your employer
  • Generate compliance reports, expiration reminders, and renewal notifications
  • Respond to support requests and communicate about your account
  • Detect, prevent, and respond to security incidents, fraud, and abuse
  • Improve the Service — diagnose bugs, measure feature usage, and plan new functionality
  • Parse and extract structured data from documents you upload (such as certifications, training records, and permits) using a third-party large-language-model provider. See Section 5.1 for details on the provider and how that data is handled.
  • Comply with our legal obligations, enforce our Terms of Service, and protect the rights, property, and safety of Nexus, our customers, and the public

Marketing. If you sign up for our newsletter or create a Nexus account, we may email you about product updates, features, or company news. Every marketing email contains an unsubscribe link. Transactional emails (billing, security alerts, account changes) are not marketing and cannot be opted out of while you have an active account.

No sale of personal information. We do not sell personal information, and we do not share it with third parties for their own cross-context behavioral advertising.

5. Who We Share Information With

5.1 Service Providers (Subprocessors)

We share information with vendors who process data on our behalf under contractual confidentiality and security obligations. The principal ones are:

Provider Purpose Data category
Clerk Authentication, user and organization management Account credentials, profile data, session metadata
Stripe Subscription billing and payment processing Billing contact, payment method, transaction history
Cloudflare (R2) Object storage for uploaded files and photos User-uploaded documents, certifications, photographs
Railway Application hosting, Postgres database, Redis cache All Service data while in transit through our infrastructure
Sentry Error monitoring and diagnostics Crash reports, error context, limited request metadata
Mixpanel Product analytics Usage events, device and session metadata
Google Analytics Marketing website analytics Pageviews, referrer, device and session metadata (getnexus.pro)
Anthropic AI-assisted parsing and data extraction from uploaded documents Document contents and metadata sent at the time of processing

We update this list as our subprocessors change. A current list is available on request to privacy@getnexus.pro.

About AI-assisted document parsing. When you upload a document to Nexus, we may send its contents to Anthropic's API for parsing and structured-data extraction (for example, to pull certification dates and license numbers from an image or PDF). Under Anthropic's standard commercial API terms, the content we submit is not used to train Anthropic's models and is retained by Anthropic only for a limited period for abuse-monitoring purposes (typically 30 days) before deletion.

5.2 Your Employer

If you use Nexus as a worker, manager, or administrator at a contractor organization, that organization can view, export, and delete data associated with your account, including records you create in the field. Your employer determines who within the organization can see what.

5.3 Legal and Safety Disclosures

We may disclose information when we reasonably believe it is necessary to:

  • Comply with applicable law, regulation, subpoena, court order, or other legal process
  • Respond to a regulatory request from OSHA, EPA, state environmental agencies, or other authorities with jurisdiction
  • Enforce our Terms of Service or other agreements, or investigate potential violations
  • Protect the rights, property, or safety of Nexus, our customers, our users, or the public

5.4 Business Transfers

If Nexus is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify affected customers and require the recipient to honor the commitments in this policy.

5.5 Text Messaging (SMS)

Where an employer that uses Nexus has collected a worker's consent, we send that worker SMS text messages on the employer's behalf — for example, the upcoming week's job-site schedule. Message frequency varies but is typically about one message per week. Message and data rates may apply. Recipients can reply STOP to unsubscribe at any time, or HELP for help. See our SMS messaging terms for full details.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile phone numbers and SMS opt-in consent are used solely to deliver these messages through our messaging provider and are not sold, rented, or shared with any third party for their own purposes.

6. How Long We Keep Information

We keep personal information only as long as we need it:

  • Active accounts: for as long as your account or your employer's account is active
  • After cancellation: Customer data is retained for 90 days after subscription cancellation to allow export and account recovery, after which it is deleted from active systems within 30 days. Backups are purged on a rolling 90-day cycle.
  • Worker exposure records: Records subject to OSHA 29 CFR 1926.1101 (including exposure monitoring data, medical surveillance, and respirator fit testing) are retained for the duration of employment plus 30 years, as required by federal regulation, regardless of subscription status. We offer customers tools to export this archive at any time.
  • Billing records: retained for at least 7 years to meet tax and accounting requirements
  • Security logs: retained for 12 months

Where law requires us to keep information longer (e.g., regulatory retention obligations or in response to a legal hold), we will retain it for that period.

7. How We Protect Information

We use reasonable administrative, technical, and physical safeguards designed to protect your information:

  • TLS encryption in transit between your device and our servers
  • Encryption at rest for our database and file storage
  • Role-based access controls; data is tenant-scoped so one customer's data is never visible to another
  • Production access limited to a small number of personnel under confidentiality obligations
  • Continuous monitoring for unauthorized access and abuse
  • Regular review of dependencies and patching for known vulnerabilities

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security. If we discover a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

8. Your Privacy Choices and Rights

You can, at any time:

  • Access or correct your account profile from within the Service
  • Export your data — Customer administrators can export records on demand. Individual users can request a copy of their personal data by writing to privacy@getnexus.pro.
  • Delete your account — contact your organization administrator, or write to us. Note that records subject to regulatory retention (see Section 6) cannot be deleted before the retention period ends.
  • Opt out of marketing email by clicking the unsubscribe link in any marketing message
  • Disable location and camera access in your device settings (some field features will stop working)

State privacy rights. Residents of California, Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have additional rights, including the right to know what personal information we have collected, the right to delete it (subject to legal-retention exceptions), the right to correct inaccuracies, and the right not to be discriminated against for exercising these rights. To exercise these rights, email privacy@getnexus.pro with the subject "Privacy Rights Request" and tell us which right you'd like to exercise. We will verify your identity before responding and aim to respond within 45 days.

Do Not Track and Global Privacy Control. The Service does not respond to "Do Not Track" browser signals because there is no industry consensus on how to interpret them. We honor Global Privacy Control (GPC) signals as a valid opt-out where required by applicable law.

9. Children

The Service is intended for use by workers and administrators who are 18 years of age or older in a workplace setting. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, for changes that affect how we use existing personal information, notify affected account holders by email or in-app notice at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, complaints, or requests:

Nexus Software LLC
101 East Street
Williamsburg, MA 01096
Email: privacy@getnexus.pro
General contact: hello@getnexus.pro