← Back to Nexus

Privacy Policy

Last updated: June 1, 2026

1. Scope

This Privacy Policy describes how Nexus processes personal data in connection with internal real estate CRM operations, including lead management, property records, transactional workflows, email communications, calendar events, and WhatsApp interactions.

2. Data We Process

Nexus may process contact identifiers, communication content, engagement history, property and listing details, task and calendar metadata, and operational logs necessary to provide secure and reliable CRM functionality.

3. Purpose of Processing

Data is processed to support lead follow-up, recruitment and team coordination, property marketing, transaction support, communication tracking, compliance monitoring, and service quality improvements.

4. Data Sharing

Data is shared only with authorized users and approved service providers that support hosting, authentication, messaging, and scheduling operations. Nexus does not sell personal information.

5. Retention

Data is retained according to business needs, legal obligations, and internal retention policies. Records may be archived or deleted when no longer required for operations, legal defense, or compliance.

6. Security and Rights

Nexus uses role-based access controls, audit logging, and encryption in transit and at rest to protect data. Requests related to access, correction, deletion, or restriction should be directed to your organization's designated administrator or compliance contact.

7. Google User Data

Nexus integrates with Google Calendar to provide scheduling and event features inside the CRM. When a user connects a Google account, Nexus requests only the OAuth scopes required to deliver those features. This section describes, in detail, how Nexus accesses, uses, stores, shares, retains, and deletes Google user data.

The scopes Nexus requests are:

  • https://www.googleapis.com/auth/calendar.readonly — read-only access to the calendars and events a user can view in Google Calendar.
  • https://www.googleapis.com/auth/calendar.events — access to view and edit (create, update, and delete) events on the user's calendars.

7.1 Data Accessed

Under the scopes above, Nexus may access the following types of Google user data:

  • Calendar metadata: the list of calendars the user can access, including calendar names, identifiers, time zones, and the user's free/busy status.
  • Event data: event titles/summaries, descriptions, start and end times and time zones, locations, recurrence rules, event status, organizer details, attendee names and email addresses, conferencing or meeting links, reminders, and event identifiers.

Nexus does not request access to Gmail, Google Contacts, Google Drive, or any Google user data outside the Calendar scopes listed above.

7.2 Data Usage

Nexus uses Google Calendar data solely to provide and improve user-facing scheduling features that are prominent within the application. Specifically, Nexus:

  • Reads calendar and event data (via calendar.readonly) to display the user's upcoming events inside the CRM, to associate events with the related leads, tasks, and transactions, and to help the user avoid scheduling conflicts.
  • Creates, updates, and deletes events (via calendar.events) on the user's behalf when the user schedules appointments, follow-ups, or other CRM-driven calendar actions.

Nexus does not:

  • Use Google user data for serving advertising of any kind, including retargeting, personalized, or interest-based advertising.
  • Sell Google user data.
  • Use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models.

7.3 Data Sharing

Nexus does not transfer Google user data to third parties except in the limited circumstances below:

  • Service providers: Google user data may be processed by infrastructure and hosting providers and authentication providers strictly to operate the integration on Nexus's behalf. These providers are bound by contractual obligations to protect the data and may not use it for any other purpose.
  • Legal compliance: to comply with applicable law, regulation, legal process, or an enforceable governmental request.
  • Business transfers: as part of a merger, acquisition, or sale of assets, and only with the user's explicit prior consent.

Nexus does not sell or rent Google user data, and does not share it with third parties for advertising purposes.

7.4 Data Storage and Protection

Nexus protects Google user data using the following practices:

  • OAuth access and refresh tokens are stored in encrypted form and are never exposed to end users or unauthorized personnel.
  • Google user data is encrypted in transit using TLS and encrypted at rest.
  • Access is restricted on a least-privilege, role-based basis, with audit logging of access to sensitive data.
  • Nexus does not allow humans to read Google user data unless: the user gives affirmative agreement for specific data; it is necessary for security purposes (such as investigating abuse); it is required to comply with applicable law; or the data has been aggregated and anonymized for internal operations.

7.5 Data Retention and Deletion

Nexus retains Google user data only as long as needed to provide the connected scheduling features:

  • Calendar and event data synced into the CRM is retained while the Google integration remains connected.
  • When a user disconnects the integration or requests deletion, Nexus deletes the associated Google user data and stored OAuth tokens within 30 days, except where retention is required by law.

Users can revoke access and request deletion at any time by:

  1. Disconnecting the Google integration from within Nexus, or
  2. Removing Nexus from their Google Account permissions page, or
  3. Emailing a deletion request to privacy@crmnexus.ai.

7.6 Limited Use Disclosure

Nexus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.