Skip to Content
Nemu Inc.
Privacy Management๐Ÿ“ Data Confidentiality Agreements

๐Ÿ“ Data Confidentiality Agreements

1. Purpose

This document summarizes Nemu Inc.โ€™s use of confidentiality agreements, procedures, and related instructions for handling scoped data.

2. Employee and Contractor Agreements

  • Employment and contractor agreements include confidentiality and data protection clauses.
  • Personnel agree not to disclose customer or company confidential information except as required to perform their job.

3. Customer and Vendor Contracts

  • Contracts with customers may include:
    • Confidentiality obligations.
    • Data protection commitments.
  • Contracts with vendors and subprocessors may include:
    • Confidentiality clauses.
    • Data Processing Agreements (DPAs) where appropriate.

4. Operating Procedures

  • Access to scoped data is restricted to authorized personnel.
  • Data exports, when necessary, are limited, logged, and protected.
  • Internal guidelines instruct staff on appropriate channels for sharing data (e.g., Google Workspace within the company domain, not personal accounts).

  • Opt-In and Opt-Out Consent Management for Data Analytics: Nemu Inc. maintains policies and procedures to ensure appropriate opt-in and opt-out consent management for any use of personal information in data analytics. While Nemu does not use personal information for behavioral analytics or profiling, we still maintain mechanisms to record and honor user consent preferences where applicable.

  • De-Identification, Masking, Anonymization, and Pseudonymization Controls: Nemu Inc. uses control mechanismsโ€”including masking, tokenization, and structured pseudonymizationโ€”to protect personal information during development, troubleshooting, analytics, and other internal processes. Access to identifiable data is tightly restricted, and de-identified datasets are used whenever operationally feasible.

  • Records Retention Policy and Schedule: Nemu Inc. maintains a documented records retention policy and schedule that aligns with legal, regulatory, and contractual requirements. Personal information is retained only for as long as necessary to provide services or meet compliance obligations, after which it is securely deleted or anonymized according to policy.

6. Audit Evidence

  • Template agreements (employment, contractor, customer, vendor).
  • Example signed agreements (redacted).
  • Internal guidance or playbooks on handling scoped data.

7. Compliance Mapping

  • SOC 2: CC1.2, CC6.1
  • ISO 27001:2013: A.13.2.4, A.18.1.3

Contact: support@mynemu.com
ยฉ 2025 Nemu Inc.. All rights reserved.

Last updated on
๐Ÿ“‹ Client-Scoped Data Inventory and Flows๐Ÿ“‘ Contractual and Audit Documentation