Validus

Validus

Privacy Policy

Version 1.0 · August 2025

At Validus, we are committed to protecting the privacy of our users, customers, and stakeholders. This Privacy Policy outlines our practices for collecting, using, storing, and sharing personal data. We comply with the most stringent applicable data protection laws, including the GDPR, CCPA, and PIPEDA.

1. Purpose

This policy explains how and why Validus processes personal data and the safeguards we apply across our products, websites, mobile apps, events, and services.

2. Scope

This policy applies to all personal data processed by Validus, including data gathered via our websites, mobile applications, events, and any other services. It covers employees, contractors, and third parties who handle personal data across the United States, Canada, the European Union, and other jurisdictions where we operate.

3. Key Principles

  • Transparency: Clear information about how we collect, use, and share personal data.
  • Data Minimization: Collect only what is necessary for stated purposes.
  • Lawfulness, Fairness, Transparency: Process data lawfully and fairly, with clear communication.
  • Purpose Limitation: Use data only for specified and legitimate purposes.
  • Accuracy: Keep data accurate and up to date.
  • Storage Limitation: Retain data only as long as needed or required by law.
  • Integrity & Confidentiality: Protect data with appropriate technical and organizational measures.
  • Accountability: Maintain records and ensure staff are trained in privacy best practices.

4. Data Collection and Usage

4.1. Data Collection

We may collect the following categories of data:

  • Personal Identification: name, email, phone, mailing address.
  • Financial Information: payment details, billing address, transaction history.
  • Technical Data: IP address, browser, OS, device identifiers.
  • Usage Data: interactions, preferences, and settings.
  • Location Data: precise geolocation (when you enable it).

We collect data via:

  • Direct interactions (forms, support, events).
  • Automated technologies (cookies, SDKs, web beacons).
  • Third-party sources (partners, public databases).

4.2. Data Usage

  • Personal Identification: account creation, authentication, communication.
  • Financial Information: payments, subscriptions, fraud prevention.
  • Technical Data: performance, troubleshooting, security.
  • Usage Data: personalization, recommendations, analytics.
  • Location Data: location-based features (e.g., nearby networking, local events).

4.3. Legal Basis for Processing

  • Consent: e.g., marketing subscriptions.
  • Contractual necessity: e.g., processing a purchase.
  • Legal obligation: e.g., tax and compliance.
  • Legitimate interests: e.g., service improvement, provided these do not override your rights.

5. Data Sharing and Disclosure

We do not sell or rent your personal information. We may share data with trusted processors (e.g., payments, IT, analytics) under contracts that require GDPR/CCPA/PIPEDA-aligned safeguards. We may disclose data if required by law or as part of a merger, acquisition, or asset transfer with appropriate protections.

International Data Transfers

  • Adequacy: Transfers to countries recognized as providing adequate protection.
  • Standard Contractual Clauses (SCCs): Where no adequacy decision exists.
  • Explicit consent: Where required, particularly for higher-risk transfers.

6. Data Subject Rights

  • Access to your personal data and processing details.
  • Rectification of inaccurate or incomplete data.
  • Erasure (subject to legal limits).
  • Restriction of processing in certain cases.
  • Data portability in a machine-readable format.
  • Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent at any time where we rely on consent.

7. Data Security

We apply appropriate technical and organizational measures, including encryption in transit and at rest where applicable, access controls, least-privilege, monitoring, and regular security assessments. We maintain incident response procedures and notify affected parties and regulators where legally required.

8. Data Retention

We retain personal data only as long as necessary for stated purposes or as required by law. When no longer needed, data is securely deleted or anonymized.

9. Compliance and Monitoring

  • Regular audits of processing activities and vendors.
  • Ongoing staff training on privacy and security.
  • Periodic policy reviews to reflect changes in practices or law.

10. Contact Information

For questions or requests regarding this Privacy Policy or your personal data, contact:

Compliance OfficerValidussupport@validus.nexus

If this policy is updated, we will revise the date/version above and, where appropriate, provide additional notice.