Privacy Policy

1.Who we are

Nexus Cloud Consulting, LLC is a Tennessee limited liability company providing Salesforce development and implementation consulting to clients in the United States. This policy describes how we collect, use, store, and protect personal information in the course of doing business: responding to inquiries, preparing proposals and statements of work, delivering consulting services, and managing billing and records.

We are a single-member firm. Privacy questions are answered directly by the principal consultant. Contact us at info@nexuscloudconsulting.com.

2.Scope

This policy applies to the personal information of our clients, prospective clients, and business contacts: the people we correspond with, contract with, and work alongside during engagements. It covers information we collect directly through business dealings such as correspondence, proposals, statements of work, and invoices.

Personal data we access inside a client’s Salesforce environment belongs to that client and is handled under Section 4 and the terms of the governing engagement agreement.

3.Information we collect and how we use it

We collect only what the business relationship requires:

• Business contact information: names, titles, company affiliations, email addresses, and phone numbers of the people we work with.
• Engagement records: correspondence, proposals, statements of work, and project documentation.
• Billing information: the details needed to invoice for services and collect payment.

We use this information to deliver the services described in our statements of work, to communicate about engagements and inquiries, to invoice and keep accurate business records, and to meet legal and tax obligations.

We do not sell personal information, and we do not send marketing communications.

4.Client data in Salesforce environments

Salesforce consulting engagements routinely require access to client-controlled Salesforce environments that contain personal information about the client’s own customers, employees, or contacts. When we access that data:

• We act only on the client’s instructions and only within the access the client grants.
• We use the data solely to perform the engagement described in the statement of work, and for no other purpose.
• We do not sell it or share it with any third party.
• We do not copy it outside the client’s systems except where the engagement expressly requires it (for example, an approved data migration or sandbox seeding), and we delete any working copies when that work is complete.
• We follow the client’s security and access policies, use only credentials the client provisions, and support credential revocation at the close of the engagement.

The client remains the owner and controller of the data in its systems at all times.

5.Data storage and security

• Storage: Our business records, including email, documents, and files, are stored in the United States using Google Workspace, which encrypts data in transit and at rest.
• Access control: As a single-member firm, access to the personal information we hold is limited to the principal consultant. Client systems are accessed only through credentials the client provisions.
• Credential handling: Credentials for client systems are kept secure and are not shared.

6.Sharing and disclosure

We share personal information only as needed to operate the business:

• Service providers: A small number of providers store data on our behalf, currently Google Workspace, under their published security and privacy commitments.
• Legal requirements: We may disclose information when required by law, subpoena, or other valid legal process.

We do not sell personal information and we do not share it for advertising. Where an engagement requires it, we enter confidentiality and data protection agreements with the client and honor their terms.

7.Data retention

We keep engagement records, correspondence, and billing information for as long as the client relationship requires and as long as legal, tax, and accounting obligations demand. When records are no longer needed for either purpose, we delete them.

8.Your rights and choices

You may request access to, correction of, or deletion of the personal information we hold about you by contacting info@nexuscloudconsulting.com. We respond to requests within 30 days. We may need to verify your identity before acting on a request, and we may need to retain certain records, such as invoices, to meet legal or contractual obligations.

You will never be treated differently for exercising these rights.

9.Data breach notification

If we discover a breach affecting personal information, we will promptly assess its scope, contain it, and notify affected individuals and clients without unreasonable delay, and in any case within the 45 days required by Tennessee law (Tenn. Code Ann. § 47-18-2107), or sooner where a client agreement or another applicable state law requires. Notice will describe what happened, what information was involved, and the steps we are taking in response.

If you believe you may have been affected by a breach, contact us immediately at info@nexuscloudconsulting.com.

10.Changes and contact

We review this policy periodically and update it when our practices change. The effective date above reflects the most recent revision. For any question about this policy or about how your personal information is handled, contact Nexus Cloud Consulting, LLC at info@nexuscloudconsulting.com.