GDPR Compliance

Last updated: January 23, 2025

Our Commitment to GDPR

Nexus is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and protect the rights of individuals in the European Economic Area (EEA) and United Kingdom.

1. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

You can request a copy of your personal data we hold, including information about how we process it.

Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data under certain circumstances.

Right to Restriction of Processing

You can request that we limit how we use your personal data under certain circumstances.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data for direct marketing or based on legitimate interests.

Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance: To provide our resume analysis and job matching services
Legitimate Interests: To improve our services, ensure security, and prevent fraud
Legal Obligations: To comply with applicable laws and regulations
Consent: For marketing communications and certain optional features

3. Data We Collect

Data Category	Examples	Purpose
Identity Data	Name, email, profile photo	Account management
Professional Data	Resume, skills, work history	Service delivery
Technical Data	IP address, browser type, device info	Security & analytics
Usage Data	Feature usage, preferences	Service improvement
Payment Data	Billing info (via Stripe)	Subscription management

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Active Account Data: Retained while your account is active
Inactive Account Data: Deleted after 2 years of inactivity
Resume Data: Deleted 30 days after account closure
Payment Records: Retained for 7 years for tax compliance
Security Logs: Retained for 90 days

5. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) with service providers
Data Processing Agreements (DPAs) with all processors
Adequacy decisions where applicable
Technical and organizational security measures

6. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: dpo@nexusbuild.dev

7. How to Exercise Your Rights

To exercise any of your GDPR rights:

Email us at privacy@nexusbuild.dev with your request
Include "GDPR Request" in the subject line
Provide proof of identity for security purposes
Specify which right(s) you wish to exercise
We will respond within 30 days of receiving your request

8. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

9. Privacy by Design

We implement privacy by design principles:

Data minimization - we only collect necessary data
Purpose limitation - data is used only for stated purposes
Encryption of sensitive data at rest and in transit
Regular security assessments and audits
Privacy impact assessments for new features

10. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at: https://edpb.europa.eu

11. Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our data practices or legal requirements. Significant changes will be communicated via email or prominent notice on our website.