Privacy policy

Nexus operates a professional introduction and opportunity-matching platform centred on Hong Kong. This Privacy Policy explains how we handle personal data when you use our website, dashboards, and related services.

This document is drafted for general compliance alignment under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). It is informational and does not constitute legal advice for any specific organisation or individual matter.

For the purposes described in this Policy, Nexus (as identified in your service agreement or onboarding materials) will generally act as the data user responsible for decisions about how personal data is collected and used on the platform.

Account and identity data: name, email address, password hash, role (for example job seeker or insider), and authentication-related logs necessary for security.

Professional content: CV text, anonymised tags and summaries generated to support matching, job posting content, and messaging metadata related to connection requests and unlock events.

Credits and transactions: purchase or redemption records (including promotional codes in demo environments), Stripe-related references where applicable, and ledger entries for auditability.

Technical data: device/browser type, IP-derived region signals, and diagnostic logs used to maintain reliability and investigate abuse.

We process personal data to operate the service: account creation, authentication, connecting seekers and insiders, administering credits and unlock flows, and communicating operational notices.

We may process data to improve reliability and safety, including fraud prevention, policy enforcement, debugging, and aggregated analytics that do not identify individuals.

Unless required by law or narrowly justified for safety, we avoid secondary uses that are incompatible with the original purpose of collection.

Nexus is intentionally designed so that sensitive identifiers and detailed contact paths are not exposed broadly on public pages. Additional profile elements may only become visible after deliberate actions by the parties involved (such as an unlock step tied to credits). This design supports data minimisation principles under the PDPO.

We may share limited personal data with subprocessors that provide hosting, email delivery, analytics, or payment services, subject to contracts that require appropriate confidentiality and security.

We may disclose information if required by law, competent regulators, or to protect the rights, safety, and integrity of users and the platform.

We retain personal data only as long as necessary for the purposes above, including statutory, accounting, and dispute-resolution requirements. Job postings, connection logs, and billing artefacts may be retained on different schedules aligned with legal need and product configuration.

When retention ends, we delete or irreversibly anonymise data where feasible.

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information processed. No method of transmission or storage is perfectly secure; users should use strong passwords and promptly report suspected compromise.

Subject to PDPO and any applicable exceptions, you may request access to personal data we hold about you and seek correction of inaccurate entries. You may also withdraw consent where processing is consent-based, understanding that certain features may cease to function.

Requests can be submitted using the contact route described on the Contact page. Where identity verification is appropriate, we may ask for reasonable proof before fulfilling a request.

If we send promotional communications, we will honour opt-out instructions and, where required, obtain appropriate consent before using personal data for direct marketing.

Infrastructure or subprocessors may operate outside Hong Kong. Where personal data is transferred internationally, we deploy safeguards that align with PDPO expectations, including contractual protections where appropriate.

Certain tools may summarise CV text or surface matching cues. Outputs are assistive; substantive hiring and introduction decisions remain human-led. Where outputs affect you materially, you may request further explanation or human review where operational constraints allow.

We may revise this Policy from time to time to reflect product, legal, or jurisdictional changes. Updated versions will be posted here with a revised effective date where applicable.