VividNexus LogoVividNexus
Legal

Privacy Policy

Overview & Commitment to Privacy

VividNexus™️, Inc. (“VividNexus,” “we,” “us,” or “our”) is committed to protecting the privacy of enterprise customers, users, and partners who access vividnexus.ai and our associated products, including the ADPI™️ (Autonomous Data Pipeline Intelligence) platform and MAP-TAG-TRANSCRIBE services. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.

This Privacy Policy applies to all services offered by VividNexus, Inc. at vividnexus.ai, including but not limited to the ADPI platform, smartData integration services, enterprise data pipeline tools, and any associated APIs, mobile applications, or embedded features (collectively, the “Services”). It also applies to information collected through our website, sales and support channels, and events.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

Information We Collect

We collect information in the following categories:

Account & Registration Data

Name, business email address, company name, job title, telephone number, billing address, and password credentials provided when you create or administer a VividNexus account.

Customer Data (Enterprise Pipelines)

Structured and semi-structured data that you or your organization upload, connect, or transmit to our Services for processing through the ADPI pipeline — including PLM records, ERP data, eCommerce feeds, VoC datasets, and BOM structures. This data is processed under the data processing terms in your enterprise agreement and is treated as confidential Customer Data

Usage & Log Data

IP address, browser type and version, operating system, referring URLs, pages visited, session duration, API call logs, error logs, and feature interaction data, collected automatically when you access our Services.

Device Data

Hardware model, operating system version, unique device identifiers, and network information.

Communications Data

Messages, support tickets, feedback forms, survey responses, and other communications you send to us.

Transaction Data

Messages, support tickets, feedback forms, survey responses, and other communications you send to us.

Third-Party Source Data

If you connect third-party data sources (such as Salesforce, SAP, or Windchill integrations) to our Services, we receive the data fields necessary to execute your configured pipeline. We do not access third-party systems beyond what you explicitly authorize.

Enterprise Note

Customer Data — the enterprise PLM, ERP, eCommerce, and VoC data you process through ADPI — is owned entirely by you. VividNexus processes it only as a data processor acting on your instructions, as described in your Data Processing Addendum (DPA). We do not use Customer Data to train AI models or for any purpose beyond delivering your contracted Services.

Data Sharing & Disclosure

We do not sell your personal information or Customer Data. We do not share your information with advertisers. We may share information only in the following circumstances:

  • Service Providers & Subprocessors. We engage vetted third-party vendors to help deliver our Services (cloud infrastructure, monitoring, payment processing, authentication). All subprocessors are bound by data protection agreements and may access data only to perform services on our behalf. A current list of subprocessors is available at vividnexus.ai/legal/subprocessors.
  • Business Transfers. In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent in-product notice before your information becomes subject to a different privacy policy.
  • Legal Requirements. We may disclose information to comply with applicable law, regulation, legal process, or governmental request, and to protect the rights, property, or safety of VividNexus, our customers, or the public.
  • With Your Consent. We may share information with third parties when you have provided explicit consent for us to do so.
  • Aggregated or De-identified Data. We may share aggregated or de-identified information that cannot reasonably identify you for research, industry analysis, or benchmarking purposes.

AI Processing & the ADPI Pipeline

Our core service involves AI-powered processing of enterprise data. The following principles govern how we handle data within the ADPI MAP-TAG-TRANSCRIBE pipeline:

  • Data Isolation. Customer Data processed through the ADPI pipeline is logically isolated per customer tenant. Your PLM, ERP, eCommerce, and VoC data is never commingled with or accessible to other customers.
  • No Model Training on Customer Data. We do not use your Customer Data — including any PLM records, BOMs, ECOs, pricing data, VoC data, or ERP records — to train, fine-tune, or improve VividNexus AI models or any third-party AI models used in our Services, unless you have provided explicit, written consent in your enterprise agreement.
  • Immutable Provenance Tagging. As part of the ADPI TAG methodology, provenance metadata (cryptographic hashes, trace identifiers, timestamps) is generated and stored for each data element processed. This metadata is maintained in your immutable audit ledger and is used solely for traceability and audit purposes as described in your service agreement.
  • Third-Party AI Models. VividNexus may use third-party AI model providers (including large language model APIs) to process data within your pipeline. When third-party AI APIs are used, data is transmitted under appropriate data protection agreements and subject to the data handling limitations specified in your enterprise agreement. You may request a list of AI subprocessors at any time.
  • Human Review. Except as required by law or as specified in your service agreement, VividNexus personnel do not access or review your Customer Data without your explicit authorization (e.g., during a support session you initiate).

Important — AI Output Disclaimer

AI-generated insights, attributions, forecasts, and recommendations produced by the ADPI platform are provided for informational and decision-support purposes only. They do not constitute legal, financial, engineering, or regulatory advice. You are solely responsible for validating AI outputs before acting on them in production, regulatory, or commercial contexts.

Data Retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:

  • Customer Data. Retained for the duration of your service agreement plus 90 days after termination, during which time you may export your data. After this period, Customer Data is securely deleted unless longer retention is required by law or requested in your enterprise agreement.
  • Account Data. Retained for the life of your account and for up to 7 years after account closure for legal, tax, and audit purposes.
  • Audit Logs & Provenance Records. Retained for a minimum of 7 years to support compliance, audit, and traceability requirements, unless a longer period is specified in your enterprise agreement.
  • Usage & Log Data. Retained for up to 24 months for security monitoring and service improvement, then deleted or anonymized.
  • Communications Data. Retained for up to 3 years to support ongoing customer relationships, then deleted.

Your Rights & Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request that we correct inaccurate or incomplete information.
  • Deletion. Request deletion of your personal information, subject to legal retention requirements and our contractual obligations to you.
  • Portability. Request your personal information in a structured, machine-readable format.
  • Objection & Restriction. Object to or request restriction of processing of your personal information in certain circumstances.
  • Withdraw Consent. Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
  • Marketing Opt-Out. Unsubscribe from marketing communications at any time by clicking “unsubscribe” in any email or emailing privacy@vividnexus.ai.

To exercise any of these rights, submit a request to brion@vividnexus.ai. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Security

VividNexus implements technical, organizational, and administrative security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • SOC 2 Type II certified infrastructure and operational controls
  • Role-based access controls (RBAC) limiting data access to authorized personnel
  • Immutable audit logging of all data access and pipeline operations
  • Regular penetration testing and vulnerability scanning
  • Cryptographic provenance hashing (SHA-256) of Customer Data elements as part of the ADPI TAG methodology
  • Incident response procedures with notification obligations
  • Employee security training and background screening

No security system is impenetrable. In the event of a data breach that triggers notification obligations under applicable law, we will notify you promptly and provide information about the nature of the breach, the data involved, and the steps we are taking.

Children's Privacy

Our Services are designed for enterprise business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verified parental consent, we will take steps to delete that information promptly. If you believe we may have inadvertently collected such information, please contact us at brion@vividnexus.ai.

International Data Transfers

VividNexus, Inc. is headquartered in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws different from your country of residence.

Where required by applicable law, we use appropriate transfer mechanisms to ensure your information receives adequate protection, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, and compliance with applicable frameworks including the EU-U.S. Data Privacy Framework.

Enterprise customers may request a Data Processing Addendum (DPA) specifying transfer mechanisms and subprocessor obligations applicable to their engagement. Contact brion@vividnexus.ai to request a DPA.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know. Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
  • Right to Delete. Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct. Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing. VividNexus does not sell or share personal information as defined under the CCPA/CPRA. You do not need to submit an opt-out request.
  • Right to Limit Use of Sensitive Personal Information. We do not use sensitive personal information for purposes beyond those permitted by CPRA without your consent.
  • Right to Non-Discrimination. We will not discriminate against you for exercising your California privacy rights.

To submit a California privacy rights request, email brion@vividnexus.ai with subject line “California Privacy Rights Request” or write to the address in Section 12 below. Authorized agents may submit requests on your behalf with appropriate documentation.