Skip to main content

Schedule a call (https://cal.com/ervin-ward-spd3sl)

NexusGate
Book

Trust

Compliance & Data Security

Not legal advice. Compliance obligations vary by jurisdiction and use case. Consult qualified counsel before launching data-driven campaigns.

DNC Compliance

All data sets provided by Nexus Gate are scrubbed against the National Do Not Call (DNC) Registry prior to delivery. We maintain automated DNC checks at the point of data export, and numbers on the registry are excluded from all delivered lists. Our process runs against the most recent FTC DNC data file.

CAN-SPAM Compliance

Our data delivery includes fields required for CAN-SPAM compliance — physical business address, accurate header information, and clear opt-out mechanisms. We do not send email on behalf of customers, but all sample data is structured to support lawful commercial email campaigns under the CAN-SPAM Act.

  • Accurate From/To/Reply-To headers in all data exports
  • Physical business address included per-list
  • Clear unsubscribe mechanism required before campaign launch
  • Suppression list hand-off included with each delivery

GDPR Opt-Out

For EU-resident contacts, data sets are delivered with explicit consent-status flags and opt-out provenance. We support Subject Access Request (SAR) workflows by providing a verifiable record of data origin and consent status per record. Removal requests are propagated to downstream data sets within 72 hours.

Data Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Sample data sets are delivered via signed, expiring URLs. Production data exports are encrypted with per-customer keys and logged for audit.

  • Data in transit: TLS 1.2 or higher on all connections
  • Data at rest: AES-256 encryption via Supabase
  • Sample deliveries: expiring signed URLs with access logging
  • Production exports: per-customer encryption keys

Audit Trail

Every data export, access event, and modification is logged with timestamps, actor identity, and record delta. Audit logs are retained for a minimum of 3 years and are available to customers upon request during the agreement term. Our logging covers:

  • Data export events (who, what, when, how many records)
  • Access to sample data sets
  • Consent and opt-out record changes
  • Suppression list updates

Related pages: Privacy Policy · Terms of Service