How we handle your data

Our Commitment

Common Nexus is a data sovereignty company. We build systems that give organizations visibility and control over their own data. We hold ourselves to the same standard we ask of clients: collect only what is necessary, store it securely, never use it for anything other than the purpose stated, and make it easy to understand what we have and why.

Data We Collect

We collect data through four mechanisms. Each is described below.

SMS/Text Messaging

When you provide your phone number to Common Nexus — whether by calling our business line, submitting a web form, or during an in-person meeting — you may receive SMS messages related to appointment confirmations, call follow-ups, and customer service communications. Message frequency may vary. Standard message and data rates may apply.

You can opt out at any time by replying STOP to any message. Reply HELP for assistance, or contact us at hello@commonnexus.com or 503-891-9888.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

Consent to receive SMS is not a condition of purchase or engagement with Common Nexus.

How We Use Your Data

• Contact form: to respond to your inquiry. No other use.
• Scorecard: to deliver your PDF report and follow up if you have requested contact. No other use.
• Newsletter: to deliver the Exposure Brief newsletter. No other use.
• Analytics: to understand aggregate site traffic patterns. No individual-level use.

We do not use your data for advertising, profiling, or resale. We do not combine data across these collection points.

Data Storage and Processing

Contact, scorecard, and subscriber data is stored in Cloudflare KV, a globally distributed edge storage service operated by Cloudflare, Inc. Cloudflare acts as a sub-processor under our agreement with them.

We do not sell your data. We do not share your data with third parties for any purpose other than the delivery mechanisms described above (Cloudflare for storage, Substack for newsletter delivery). This website does not use tracking pixels, third-party analytics platforms, or advertising networks. Newsletter delivery via Substack is subject to Substack's privacy policy, which includes email open and click tracking.

Your Rights

Regardless of your jurisdiction, you have the right to:

• Access: request a copy of any data we hold about you
• Deletion: request that we delete your data from our systems
• Correction: request that we correct inaccurate data

These rights apply to residents of California (CCPA), the European Union (GDPR), and all other jurisdictions. To exercise any of these rights, email privacy@commonnexus.com with your request. We will respond within 30 days.

Cookies

This site does not use cookies. Dark mode preference is stored in your browser's localStorage, a client-side storage mechanism that never leaves your device and is never transmitted to our servers.

Third-Party Services

We use two third-party services in the operation of this site:

• Cloudflare: hosting, edge storage (Cloudflare KV), and privacy-preserving analytics. Cloudflare's privacy policy applies to their infrastructure.
• Substack: newsletter delivery for the Exposure Brief, operated at exposurebrief.com. Substack's privacy policy governs their handling of subscriber data.

We use no other third-party services. No Google services. No Meta pixel. No advertising networks.

Professional Disclaimer

Common Nexus LLC is a technology company. We are not a law firm, accounting firm, or licensed professional engineering firm. Our services and materials are technical in nature.

Nothing in our website content, reports, or assessments constitutes legal advice, tax advice, or licensed professional engineering services. Scorecard results and assessment outputs are general indications of governance maturity, not compliance determinations. We use the terms "aligned" and "gap identified" deliberately. We do not use "compliant" or "non-compliant," because those determinations require qualified professional judgment that we do not provide.

If you need legal, tax, or regulatory compliance determinations, engage qualified professionals in those disciplines.

Changes to This Policy

When our data practices change, we will update this page and revise the effective date at the top. We will not notify existing contacts of minor clarifications. Material changes (those that meaningfully alter how we collect, use, or store data) will be noted prominently.