Skip to Content
Nemu Inc.
Privacy ManagementπŸ“‹ Client-Scoped Data Inventory and Flows

πŸ“‹ Client-Scoped Data Inventory and Flows

1. Purpose

This document describes how Nemu Inc. inventories client-scoped data, tracks data flows, and aligns with applicable privacy regulations.

2. Data Inventory

Nemu Inc. maintains an internal understanding of:

  • Types of personal and customer data processed (e.g., contact information, account metadata).
  • Systems where data is stored:
    • Supabase (databases and storage).
    • Application logs where applicable.
    • Google Workspace for support and operations.

3. Data Flows

High-level data flows include:

  • Users interacting with web or mobile clients.
  • Clients sending data to Node.js/Next.js services hosted on Render.
  • Applications reading/writing data in Supabase.
  • Support interactions logged via email or ticketing systems.

4. Regulatory Jurisdictions

Nemu Inc. considers privacy obligations such as:

  • GDPR-like principles for users in relevant regions.
  • Contractual privacy commitments to customers.

5. Policies and Procedures

  • Privacy requirements are integrated into:
    • Data classification and handling guidelines.
    • Access control and incident response policies.
  • Data minimization and purpose limitation principles guide new feature design.

6 – Collection, Use, Accuracy, Opt-Out, Secondary Use, and DSAR Support

  • Maintaining Accurate, Complete, Timely, and Relevant Client Scoped Data:
    Yes. Nemu Inc. maintains documented policies and processes to ensure client scoped data remains accurate, complete, timely, and relevant. Data is validated at collection, subject to integrity checks, and reviewed as part of operational workflows. Corrections and updates are processed promptly with full audit traceability.

  • Opt-Out of Targeted Advertising or Sale of Personal Information:
    Yes. Individuals may opt out of any processing related to targeted advertising or the sale of personal information. Nemu does not sell personal data or engage in targeted advertising, but we maintain an opt-out mechanism via our Privacy Policy and support channels (support@mynemu.com), with requests logged, verified, and fulfilled in accordance with CPRA/CCPA requirements.

  • Limiting Secondary Use of Client Scoped Data:
    Yes. Nemu Inc. has policies and processes that restrict any secondary use of client scoped data unless explicitly authorized by contract or required by applicable law. Data is used solely for its primary, intended business purpose unless further use is formally approved.

  • Support for Data Subject Access Requests (DSARs):
    Yes. Nemu Inc. maintains documented procedures to assist clients in responding to DSARs when contractually required. This includes identity verification, intake, assessment, fulfillment, documentation, and escalation of complex or regulatory matters.

7. Audit Evidence

  • Data inventory or records of data mapping exercises.
  • Architecture diagrams with data flow annotations.
  • Internal privacy policy or guidelines.

8. Compliance Mapping

  • SOC 2: CC6.1, P3.1
  • ISO 27001:2013: A.18.1.4

Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.

Last updated on
Privacy ManagementπŸ“ Data Confidentiality Agreements