Legal
Last updated: May 2026 · Nexafora™ · The Organizational Intelligence Standard
Nexafora™ is The Organizational Intelligence Standard — an organizational intelligence assessment company that helps organizations understand their readiness across strategic dimensions including AI adoption, M&A integration, and digital transformation. This Privacy Policy explains how we collect, use, and protect your information when you use our assessment system at assessment.nexafora.com.
We collect: (1) the email address and name you provide during intake or account creation, (2) the organizational information you enter during assessment — company name, industry, headcount, annual revenue, geography, primary goal, and AI maturity stage, (3) your responses to the assessment questions, (4) payment information processed entirely by Stripe — we never see or store your card details, (5) standard usage data such as browser type, session identifiers, and pages visited, (6) for Leadership assessments: the names, email addresses, and roles of respondents you invite to participate, (7) for logged-in advisors and assessment participants: first-party page-visit events including route, referrer, timestamp, and coarse country — recorded in Nexafora's own systems to operate and improve the service, never sold or shared with third parties.
Your information is used to: generate your diagnostic report and deliver it to you, save your results and provide access to your personal dashboard, send transactional emails including your receipt, report access link, and re-assessment reminders, contribute your data anonymously to aggregate industry benchmarks — no individual answers are ever attributed or shared, and improve the accuracy and depth of our assessment system. We do not use your information for automated decisions that carry legal consequences.
We never sell your personal information. We never share your information for third-party marketing. We share your information only with essential service providers required to operate the assessment system: Stripe (payment processing), Supabase (secure cloud database), Resend (transactional email delivery), and the AI processing providers that generate your diagnostic report — assessment data only, no personal identifiers beyond company name. Each provider is contractually bound to protect your data and may only use it to deliver services on our behalf.
For multi-stakeholder Leadership assessments, the session initiator invites respondents by email. Each respondent's individual score is visible only to the initiator in the composite report. Individual respondents receive only their personal summary — not the scores of other participants. Advisors who create sessions on behalf of client organizations have access to the composite results for that client session only.
If you are located in the European Union, United Kingdom, or European Economic Area, we process your personal data under: Contractual necessity — to deliver the assessment results you have purchased. Legitimate interests — to improve our assessment system and build aggregate benchmarks. Consent — for any marketing communications, which you may withdraw at any time. We comply with the General Data Protection Regulation (GDPR) and the UK GDPR as retained in UK law.
If you are located in Canada, we process your personal data in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only the information necessary to deliver the assessment service you have requested. You have the right to access and correct your personal information by contacting privacy@nexafora.com.
If you are located in Brazil, we process your personal data in accordance with the Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018). The legal bases for our processing are: performance of a contract, legitimate interest, and consent. You have the right to access, correct, delete, port, and restrict processing of your personal data. Contact privacy@nexafora.com to exercise these rights.
Nexafora™ serves organizations globally. Regardless of your location, we apply the same data protection standards described in this policy. If local privacy laws in your jurisdiction grant you specific rights, we will honor those rights upon verified request to privacy@nexafora.com.
We retain your assessment data and account information for as long as your account is active or as required by applicable law. Nexafora Accredited™ credential records are retained for the duration of their validity period plus 12 months. You may request deletion of your personal data at any time by emailing privacy@nexafora.com. We will complete deletion requests within 30 days, subject to any legal retention obligations.
You may have the right to: access the personal data we hold about you, correct inaccurate data, request deletion, object to or restrict processing, receive a portable copy of your data, and withdraw consent at any time. Contact privacy@nexafora.com to exercise any of these rights. We will respond within 30 days.
We use only functional cookies required for the assessment system to operate — specifically for session management and authentication. We do not use advertising cookies, behavioral tracking cookies, or third-party analytics cookies.
We protect your information using encrypted data transmission (TLS 1.2+), secure cloud database storage with role-based access controls, API key management and environment variable isolation, and regular security reviews. Payment data is processed entirely by Stripe and is never transmitted to or stored on our servers.
We may update this Privacy Policy from time to time. When we make material changes, we will update the date below. Continued use of the assessment system after changes constitutes acceptance of the updated policy. For significant changes, we will send notice to the email address associated with your account.
For privacy questions, data requests, or to exercise your rights, contact privacy@nexafora.com. EU and UK users may also contact their local data protection authority. Brazilian users may contact the Autoridade Nacional de Proteção de Dados (ANPD). Canadian users may contact the Office of the Privacy Commissioner of Canada.
Nexafora™ · privacy@nexafora.com
Terms of Service →