Nuveriq Privacy Policy
Effective Date: May 1, 2026 Last Updated: April 30, 2026
"Nuveriq" is a brand / DBA of CnergyPro Global Solutions LLC, a Texas limited liability company ("CnergyPro Global Solutions", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit nuveriq.com, interact with the Nuveriq conversational procurement agent, place orders, or otherwise use our services (the "Services").
This Policy is intended to comply with applicable U.S. state privacy laws (including the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and similar laws in other states), and with the principles of the EU General Data Protection Regulation (GDPR) and the UK GDPR for international visitors.
1. Who We Are and Data Controller
1.1 Controller. CnergyPro Global Solutions LLC (doing business as Nuveriq) is the controller of personal information collected through the Services, except where we act as a processor on behalf of an enterprise customer under a separate data processing agreement.
1.2 Contact. For privacy questions or to exercise your rights, contact [privacy@nuveriq.com] or use the contact details in Section 16.
2. Scope
2.1 This Policy applies to personal information we collect through: (a) the nuveriq.com website; (b) the Nuveriq conversational procurement agent; (c) account registration and customer self-service tools; (d) ordering, billing, shipping, and support channels; (e) email, phone, webform, and chat communications; and (f) marketing activities (webinars, content downloads, events, advertising).
2.2 This Policy does not apply to third-party websites, services, or products, which are governed by their own privacy notices.
3. Personal Information We Collect
We collect the following categories of personal information:
3.1 Identifiers and contact information — name, business email, business phone, job title, employer, account username.
3.2 Company and procurement information — company name, billing entity, shipping addresses, tax identification number, tax exemption status, purchase authorization level.
3.3 Payment information — for card payments, card information is collected and processed by our payment processor (Stripe). We do not store full card numbers. For ACH, we collect routing and account numbers as required. For NET-30 purchase-order customers, we collect credit reference information and, with consent, obtain credit reports.
3.4 Order and transaction data — Quotes, Orders, invoices, shipment tracking, Product configurations, license assignments, subscription details, returns, and support tickets.
3.5 Agent conversation content — the natural-language messages you submit to the Agent, Agent responses, and metadata (timestamps, session IDs).
3.6 Account authentication and security data — passwords (hashed), multi-factor authentication data, IP address, device and browser information, session tokens.
3.7 Website usage and analytics — pages viewed, referring URL, clicks, scroll events, time on page, device type, operating system, browser, language preference.
3.8 Cookies and similar technologies — see the Cookie Policy.
3.9 Marketing and communications data — email engagement (opens, clicks), webinar attendance, content downloads, event registrations, communication preferences.
3.10 Inferences — inferences drawn from the above categories to create a profile about preferences, behavior, and likely purchasing interests.
3.11 Sensitive personal information. We do not intentionally collect sensitive personal information such as government ID numbers (other than tax IDs required for invoicing), health information, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, or sexual orientation. Do not submit sensitive personal information through the Agent or other channels.
4. Sources of Personal Information
4.1 Directly from you — when you create an account, interact with the Agent, place an Order, contact support, register for an event, download content, or subscribe to marketing.
4.2 From your organization — when a colleague invites you to your company's Nuveriq account or includes your contact information in a business interaction.
4.3 Automatically — through cookies, pixels, server logs, and similar technologies when you visit the Services.
4.4 From third parties — credit reporting agencies (with consent) for NET-30 approvals, sanctions screening providers, data enrichment vendors, sales intelligence platforms (for example, to verify business contact data), and our Vendors and Distributor in connection with Order fulfillment.
5. How We Use Personal Information
We use personal information for the following purposes:
5.1 Provide and operate the Services — create and manage your account, authenticate users, deliver Agent responses, generate Quotes, process Orders, coordinate fulfillment, invoice, and support you.
5.2 Order fulfillment — share required information with our Distributor (Ingram Micro Inc.) and applicable Vendors to provision Products, ship hardware, activate licenses, and enable cloud services.
5.3 Payment and fraud prevention — process payments; verify identity; detect and prevent fraud, abuse, and unauthorized transactions; screen against sanctions lists (OFAC SDN, BIS Entity List).
5.4 Customer support — respond to inquiries, resolve issues, and communicate about your account and Orders.
5.5 Service improvement and analytics — understand how the Services are used, measure performance, improve usability, and develop new features. For AI Agent improvement, see Section 6.
5.6 Marketing and communications (with appropriate legal basis) — send product updates, newsletters, event invitations, and other communications consistent with your preferences and applicable law. You may unsubscribe at any time.
5.7 Security and integrity — protect the Services, your account, and our systems; investigate suspected misuse; and enforce our Terms of Service and Acceptable Use Policy.
5.8 Legal compliance — comply with applicable laws, regulations, legal process, and governmental requests; establish, exercise, or defend legal claims.
5.9 Business transactions — conduct due diligence and complete corporate transactions (mergers, acquisitions, financing, reorganization, or sale of assets), with appropriate protections.
6. AI Agent Data Handling
6.1 Agent interactions. When you interact with the Nuveriq Agent, we collect and process the content of your messages, Agent responses, and associated metadata to deliver the Service, generate Quotes, and process Orders.
6.2 LLM processing. Agent interactions are processed in part using large language models provided by third parties (currently Anthropic PBC). Processing is subject to the provider's commercial terms, which prohibit the provider from using customer data to train its foundation models absent explicit opt-in.
6.3 Use for Nuveriq Service improvement. We may use Agent conversation data to improve the Agent, including evaluating response quality, analyzing error patterns, and refining prompts and workflows. For these purposes, we apply de-identification or aggregation procedures before using content beyond operational purposes. We do not use identified customer personal information to train third-party foundation models without your explicit opt-in.
6.4 Confidential vendor data. Vendor pricing, stock, catalog, and contract data obtained through Distributor feeds is treated as confidential and is not used to train any public or third-party model. This data is used only to deliver the Services.
6.5 Opt-out for Agent training. If you do not want your identified Agent conversations used for Service improvement (beyond the operational processing needed to deliver the Service), contact [privacy@nuveriq.com]. Opt-out does not prevent processing necessary to deliver the Services, comply with legal obligations, or respond to security incidents.
6.6 Do not submit sensitive content. The Agent is a business procurement tool. Do not submit sensitive personal information, protected health information, payment card numbers (outside designated payment fields), or third-party confidential information to the Agent.
7. Disclosure of Personal Information
We disclose personal information to the following categories of recipients:
7.1 Service providers (processors). Third parties that provide infrastructure and services on our behalf under data protection obligations, including: (a) Stripe, Inc. — payment processing. (b) Avalara, Inc. — tax calculation. (c) Anthropic PBC — large language model processing for the Agent. (d) Resend (or equivalent) — transactional and marketing email delivery. (e) Hosting and infrastructure providers — cloud hosting (for example, Vercel, AWS), logging and monitoring, analytics, and security providers. (f) Customer support and ticketing platforms — to manage support inquiries. (g) Marketing and analytics platforms — for website analytics, ad performance, and email engagement.
7.2 Distributor and Vendors (independent recipients). We share Order details and required contact information with: (a) Ingram Micro Inc. — for fulfillment, shipping, provisioning, and warranty routing. (b) Vendors whose Products you purchase (for example, Microsoft, AWS, Dell, Cisco, Salesforce, Logitech, Zendesk) — for license provisioning, cloud-service activation, support routing, and warranty administration. These recipients are independent controllers or processors with their own privacy practices for the data they receive.
7.3 Professional advisors. Attorneys, accountants, auditors, bankers, and insurers under confidentiality obligations.
7.4 Legal and safety disclosures. Governmental authorities, courts, and other parties when required by law, legal process, or to protect rights, safety, or property.
7.5 Corporate transactions. Counterparties and advisors in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.
7.6 With your direction or consent. Other recipients you direct or consent to.
7.7 No sale of personal information. We do not "sell" personal information for money. Certain disclosures to advertising and analytics partners may qualify as "sharing" or "sale" under some state laws; see Section 10 for opt-out rights.
8. Cookies and Similar Technologies
We use cookies, pixels, local storage, and similar technologies for authentication, preferences, analytics, and marketing. See the Nuveriq Cookie Policy for details, the list of cookies, and instructions for managing them.
9. International Data Transfers
9.1 Primary location. We operate primarily in the United States. If you access the Services from outside the U.S., your personal information will be transferred to, stored, and processed in the United States and potentially other jurisdictions where our service providers operate.
9.2 Safeguards. For transfers of personal information from the European Economic Area, the United Kingdom, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, as applicable. Contact [privacy@nuveriq.com] for a copy of the safeguards used.
10. Your Privacy Rights
Depending on where you live and applicable law, you may have the following rights:
10.1 Access / Know. Request access to, or confirmation of, the personal information we hold about you, and information about how we process it.
10.2 Correction. Request correction of inaccurate or incomplete personal information.
10.3 Deletion. Request deletion of personal information, subject to exceptions (for example, information needed for Orders in progress, warranty records, tax and accounting records, or legal hold).
10.4 Portability. Receive a copy of your personal information in a portable format, where applicable.
10.5 Opt-out of sale / sharing / targeted advertising. Opt out of any "sale" or "sharing" of personal information, and of cross-context behavioral advertising. Submit requests via [privacy@nuveriq.com] or the opt-out link in the footer of nuveriq.com.
10.6 Opt-out of profiling with significant effects. Opt out of automated decisions producing legal or similarly significant effects. We do not currently use automated decision-making for such effects.
10.7 Non-discrimination. We will not discriminate against you for exercising your rights.
10.8 How to exercise rights. Submit requests to [privacy@nuveriq.com]. We will verify your identity before acting on requests; for authorized agents, additional authorization documentation may be required. We aim to respond within 45 days (extendable once by 45 days as permitted by law).
10.9 California-specific rights (CCPA/CPRA). California residents have the rights listed above and may designate an authorized agent. Our "Notice at Collection" is captured by this Policy. We do not knowingly sell or share the personal information of consumers under 16.
10.10 EEA/UK GDPR rights. If you are in the EEA or UK, you also have the right to object to processing, restrict processing, withdraw consent (where processing is based on consent), and lodge a complaint with your supervisory authority. Our legal bases for processing are (i) performance of a contract, (ii) legitimate interests (operating and improving the Services, security, fraud prevention, B2B marketing), (iii) consent (for optional cookies and certain marketing), and (iv) legal obligation.
11. Retention
11.1 Retention periods. We retain personal information only as long as necessary for the purposes described, then delete or anonymize it. Illustrative retention periods: (a) Account records — for the life of the account plus a reasonable period after closure. (b) Order, invoice, and financial records — generally seven (7) years to comply with tax and accounting requirements. (c) Support tickets — typically three (3) years. (d) Agent conversation content — as required to deliver and improve the Service, generally not more than twenty-four (24) months for identified data, longer for de-identified or aggregated data. (e) Marketing data — until you opt out or data becomes stale, plus a reasonable suppression period to honor opt-outs. (f) Security logs — typically twelve (12) to twenty-four (24) months, longer if required for investigations. [Specific periods to be confirmed by legal and records management.]
11.2 Legal hold. We may retain information longer when required by law or to resolve disputes, enforce agreements, or handle a legal hold.
12. Security
12.1 Safeguards. We maintain administrative, physical, and technical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Safeguards include encryption in transit (TLS 1.2+) and at rest, access controls, role-based permissions, network segmentation, logging and monitoring, vulnerability management, and employee training.
12.2 No guarantee. No method of transmission or storage is 100% secure. While we work to protect personal information, we cannot guarantee absolute security.
12.3 Account security. You are responsible for maintaining the confidentiality of your credentials and for activity under your account. Notify us immediately at [security@nuveriq.com] of suspected unauthorized access.
12.4 Breach notification. In the event of a qualifying security incident, we will notify affected individuals and regulators as required by applicable law.
13. Children's Privacy
The Services are directed to business users and are not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information, contact [privacy@nuveriq.com] and we will delete it.
14. Do Not Track
Some browsers transmit a "Do Not Track" (DNT) signal. There is no accepted standard for honoring DNT signals. We do not currently respond to DNT signals. You can manage tracking through the cookie preferences tool described in our Cookie Policy and the opt-out mechanism in Section 10.5.
15. Changes to This Policy
We may update this Policy from time to time. We will post the revised Policy with an updated "Last Updated" date. For material changes, we will provide additional notice (for example, by email or a prominent notice on the Services). Your continued use of the Services after changes take effect constitutes acceptance.
16. Contact Us
For privacy questions, to exercise your rights, or to file a complaint:
CnergyPro Global Solutions LLC (d/b/a Nuveriq) Attn: Privacy Email: [privacy@nuveriq.com] Security: [security@nuveriq.com] Mailing Address: [to be confirmed — Texas business address]
If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority.
"Nuveriq" is a brand / DBA of CnergyPro Global Solutions LLC, a Texas limited liability company.