BY ACCESSING OR USING THIS WEBSITE, SUBMITTING INFORMATION THROUGH THIS WEBSITE, OR ENGAGING WITH ARIANA NEXUS, LLC IN ANY CAPACITY, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH ANY PROVISION OF THIS PRIVACY POLICY, DO NOT ACCESS OR USE THIS WEBSITE OR SUBMIT ANY INFORMATION TO ARIANA NEXUS. THIS PRIVACY POLICY IS SUBJECT TO CHANGE AT ANY TIME WITHOUT PRIOR NOTICE. YOUR CONTINUED USE OF THIS WEBSITE OR ENGAGEMENT WITH ARIANA NEXUS FOLLOWING ANY CHANGES CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. IT IS YOUR RESPONSIBILITY TO REVIEW THIS POLICY PERIODICALLY.
1.1. This Privacy Policy describes how Ariana Nexus, LLC and its affiliates ("Ariana Nexus," "we," "us," or "our") collect, use, disclose, retain, and protect personal information. It applies to:
1.2. This Policy applies regardless of how personal information is collected — whether online, offline, through third-party platforms, or through client engagements. Where Ariana Nexus processes personal information on behalf of a client (as a "processor" under GDPR or a "service provider" under CCPA), the client's privacy policy and our contractual agreements govern that processing. This Policy governs data Ariana Nexus collects and controls directly.
1.3. Ariana Nexus maintains its principal office at 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006, United States, and primarily operates from Virginia. We serve clients globally, including in the European Economic Area and the United Kingdom. Accordingly, this Policy addresses our obligations under both U.S. and international data protection law, including the General Data Protection Regulation (GDPR) as it applies to organizations that offer goods or services to individuals in the EEA (Article 3(2) GDPR) and the UK GDPR.
1.4. Website Limitation: This Website is a public-facing informational platform. Ariana Nexus does not collect, store, process, or transmit client data, Protected Health Information, Controlled Unclassified Information, or any other sensitive or regulated data through this Website. All client data processing occurs within Ariana Nexus's secure enterprise environment, which operates within the Microsoft 365 ecosystem and other platforms for which appropriate Business Associate Agreements, Data Processing Agreements, or equivalent contractual safeguards are in place. Any data collected through this Website is limited to the categories described in Section 3 of this Policy.
For the purposes of this Policy:
2.1. "Personal Information" or "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual.
2.2. "Protected Health Information" ("PHI") means individually identifiable health information as defined under HIPAA, 45 CFR § 160.103.
2.3. "Controlled Unclassified Information" ("CUI") means information that requires safeguarding or dissemination controls pursuant to applicable law, regulation, or government-wide policy, as defined in 32 CFR Part 2002 and NIST Special Publication 800-171.
2.4. "AI Training Data" means any data processed through Ariana Nexus's AI Data Factory for the purpose of training, validating, testing, or auditing artificial intelligence and machine learning models.
2.5. "Processing" means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
This Website collects only the following categories of information from visitors:
3.1.1. Contact and Inquiry Information: Name, email address, phone number, job title, organizational affiliation, and message content submitted through our Website contact forms, consultation requests, and event registrations.
3.1.2. Automatically Collected Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language preferences, pages viewed, links clicked, time spent on pages, referring and exit pages, navigation paths, and approximate geographic location derived from IP address.
3.1.3. For detailed information about our use of cookies and similar technologies, see our Cookie Policy.
No sensitive, regulated, or client data is collected, stored, or processed through this Website. Any representations to the contrary are incorrect. If you believe you have inadvertently submitted sensitive data through this Website, contact us immediately at privacy@ariananexus.com or (607) 697-5250.
Outside of this Website, in the course of client engagements and business operations conducted through our secure enterprise platforms, Ariana Nexus may collect and process the following categories of information under separate contractual agreements:
3.2.1. Contractual and Professional Information: Billing details, contract terms, project specifications, and compliance documentation.
3.2.2. Human Intelligence Collective Member Information: Resumes, professional certifications, language proficiency records, educational credentials, background check results (where legally required), and payment information.
3.2.3. Healthcare-Related Information: When Ariana Nexus provides interpretation, translation, or cultural competency services in clinical settings, we may process PHI on behalf of healthcare clients. All PHI processing is governed by HIPAA, applicable Business Associate Agreements ("BAAs"), and Section 11 of this Policy. No PHI processing occurs until a BAA is fully executed.
3.2.4. Government Engagement Information: When Ariana Nexus performs work under government contracts, we may process CUI. All CUI processing is governed by NIST SP 800-171, DFARS 252.204-7012, and Section 12 of this Policy.
3.2.5. AI Training Data: Text, audio, linguistic annotations, and metadata processed through the AI Data Factory. Where provided by clients, this data is governed by the applicable Data Processing Agreement.
3.2.6. Information from Third Parties: Healthcare systems, government agencies, AI platforms, and other institutional clients may provide us with information about individuals in connection with service delivery. Ariana Nexus may also receive information from publicly available professional sources, industry directories, analytics providers, background check services, and payment processors.
Ariana Nexus does not process any client data — including PHI, CUI, AI Training Data, or any other regulated or sensitive data — on any platform or system without first executing the appropriate contractual safeguards, which may include Business Associate Agreements, Data Processing Agreements, Non-Disclosure Agreements, or equivalent instruments. The specific obligations, permitted uses, and security requirements for client data are defined exclusively in the applicable engagement agreement between Ariana Nexus and the client. In the event of any conflict between this Privacy Policy and a specific engagement agreement, the engagement agreement shall control with respect to the client data governed by that agreement.
4.1. Ariana Nexus processes Personal Information for the following purposes:
4.2. Ariana Nexus does not sell Personal Information. Ariana Nexus does not share Personal Information with third parties for their own direct marketing purposes. Ariana Nexus does not use Personal Information for automated decision-making that produces legal or similarly significant effects on individuals without human oversight.
5.1. Ariana Nexus serves clients and individuals located in the European Economic Area ("EEA"), the United Kingdom, and Switzerland. Where the GDPR or UK GDPR applies — including under Article 3(2) GDPR — we process Personal Data on the following legal bases:
5.2. Where Ariana Nexus processes special categories of Personal Data (Article 9 GDPR) — including health data, ethnic origin, or linguistic data that reveals racial or ethnic origin — we rely on explicit consent, the establishment, exercise, or defense of legal claims, or processing necessary for reasons of substantial public interest, as applicable.
5.3. EU Representative: Where required under Article 27 GDPR, Ariana Nexus will designate a representative in the European Union. Ariana Nexus is actively pursuing the appointment of an EU representative as part of its European expansion roadmap, with anticipated designation by Q4 2026. Details will be published on this page and on the Trust Center once the representative is designated. For inquiries in the interim, contact privacy@ariananexus.com.
5.4. UK Representative: Where required under Article 27 of the UK GDPR, Ariana Nexus will designate a representative in the United Kingdom. Ariana Nexus is actively pursuing the appointment of a UK representative as part of its planned London office establishment. Details will be published on this page once designated. For inquiries in the interim, contact privacy@ariananexus.com.
6.1. Ariana Nexus discloses Personal Information only as follows:
6.2. Ariana Nexus does not sell Personal Information. Ariana Nexus does not share Personal Information with third parties for their own direct marketing purposes.
6.3. Disclaimer: Ariana Nexus is not responsible for the privacy practices, security measures, or actions of any third party, including clients, service providers, government authorities, or any other entity to which Personal Information is disclosed in accordance with this Section 6. Ariana Nexus's liability for any unauthorized disclosure by a third party is limited to the extent of Ariana Nexus's own negligence or willful misconduct, if any.
7.1. Ariana Nexus is headquartered in the United States and processes Personal Information primarily within the United States. When we serve clients or process data relating to individuals located outside the United States, cross-border data transfers may occur.
7.2. EEA/UK/Switzerland to United States: Where Personal Data is transferred from the EEA, UK, or Switzerland to the United States, Ariana Nexus relies on the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision (EU) 2021/914), and/or the UK International Data Transfer Agreement (IDTA), as applicable. Ariana Nexus conducts Transfer Impact Assessments where required. [Note: Ariana Nexus is evaluating self-certification under the EU-U.S. Data Privacy Framework. This section will be updated upon completion of self-certification. Current transfers rely on SCCs and/or IDTA.]
7.3. Other International Transfers: For transfers to or from other jurisdictions, Ariana Nexus relies on the legal mechanisms available under applicable law, including adequacy decisions, SCCs, or derogations as permitted under GDPR Article 49.
7.4. Data Localization: Where a client engagement or applicable law requires that Personal Data remain within a specific jurisdiction, Ariana Nexus will implement data localization controls as specified in the applicable engagement agreement.
7.5. Disclaimer: Ariana Nexus makes reasonable efforts to ensure that cross-border data transfers comply with applicable law. However, Ariana Nexus does not guarantee the data protection laws, practices, or enforcement mechanisms of any foreign jurisdiction. Individuals who provide Personal Information from outside the United States do so at their own discretion and acknowledge that their data will be transferred to and processed in the United States, which may not provide the same level of data protection as their home jurisdiction.
8.1. Ariana Nexus retains Personal Information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
8.2. Upon expiration of the applicable retention period, Personal Information is securely deleted or irreversibly anonymized. Ariana Nexus reserves the right to retain anonymized or aggregated data that does not identify any individual for any purpose, including analytics, benchmarking, and service improvement, without limitation.
9.1. Ariana Nexus implements administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, loss, or destruction. These safeguards include:
9.2. Enterprise Infrastructure: Ariana Nexus conducts all client data processing within its secure enterprise environment, which operates within the Microsoft 365 ecosystem (including Exchange, SharePoint, Teams, and related services). Where additional platforms are used for client data processing, Ariana Nexus requires the execution of a Business Associate Agreement, Data Processing Agreement, or equivalent contractual safeguard prior to any client data being processed on that platform.
9.3. Ariana Nexus is pursuing formal security certifications, including SOC 2 Type II, ISO 27001, and alignment with the NIST Cybersecurity Framework (CSF 2.0). Current security controls are designed in alignment with these frameworks. Certification timelines are forward-looking roadmap items, not representations of current certified status. The status of our certification program is disclosed on our Trust Center.
9.4. DISCLAIMER OF ABSOLUTE SECURITY: NO METHOD OF TRANSMISSION OVER THE INTERNET OR METHOD OF ELECTRONIC STORAGE IS 100% SECURE. WHILE ARIANA NEXUS IMPLEMENTS COMMERCIALLY REASONABLE SAFEGUARDS TO PROTECT PERSONAL INFORMATION, ARIANA NEXUS DOES NOT WARRANT OR GUARANTEE ABSOLUTE SECURITY AND EXPRESSLY DISCLAIMS ANY SUCH WARRANTY. ARIANA NEXUS SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS, USE, OR DISCLOSURE OF PERSONAL INFORMATION RESULTING FROM CIRCUMSTANCES BEYOND ITS REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO: ACTS OF HACKING OR OTHER CRIMINAL ACTIVITY BY THIRD PARTIES; FAILURES OF THIRD-PARTY SERVICE PROVIDERS, INTERNET SERVICE PROVIDERS, OR TELECOMMUNICATIONS CARRIERS; FORCE MAJEURE EVENTS; OR THE ACTIONS OR OMISSIONS OF THE INDIVIDUAL WHOSE DATA IS AFFECTED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ARIANA NEXUS'S TOTAL LIABILITY FOR ANY SECURITY BREACH SHALL NOT EXCEED THE AMOUNT PAID BY THE AFFECTED INDIVIDUAL TO ARIANA NEXUS IN THE TWELVE (12) MONTHS PRECEDING THE BREACH, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.
Individuals located in the EEA, UK, or Switzerland have the following rights:
California residents have the following rights under the CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.):
Virginia residents have rights under the VCDPA (Va. Code § 59.1-575 et seq.) to access, correct, delete, obtain a copy of, and opt out of processing for targeted advertising, sale, or profiling. Ariana Nexus does not sell Personal Data or use it for targeted advertising.
Delaware residents have rights under the Delaware Personal Data Privacy Act (6 Del. Code Ch. 12D) to access, correct, delete, and obtain a copy of Personal Data, and to opt out of processing for targeted advertising, sale, or profiling. The DPDPA cure period sunset occurred on December 31, 2025; the Delaware Department of Justice now has discretion to determine whether a cure opportunity is provided.
Ariana Nexus acknowledges that multiple additional U.S. states have enacted comprehensive consumer data privacy laws that may apply depending on the residency of the individual and the nature of the processing. These include, but are not limited to, the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), Oregon Consumer Privacy Act (OCPA), Texas Data Privacy and Security Act (TDPSA), Montana Consumer Data Privacy Act (MCDPA), Indiana Consumer Data Protection Act (ICDPA), Iowa Consumer Data Protection Act (ICDPA), Tennessee Information Protection Act (TIPA), New Jersey Data Privacy Act (NJDPA), New Hampshire Privacy Act, Nebraska Data Privacy Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, and Minnesota Consumer Data Privacy Act, among others. To the extent any of these laws apply to Ariana Nexus's processing activities, Ariana Nexus will honor the rights granted to residents of those states, including rights of access, correction, deletion, portability, and opt-out of sale, targeted advertising, and profiling, as applicable. Individuals may exercise these rights by contacting Ariana Nexus as described in Section 10.6.
To submit a request, contact us at:
Email: privacy@ariananexus.com
Phone: (607) 697-5250
Mail: Ariana Nexus, LLC, Attn: Privacy Office, 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006
We will verify your identity before processing your request. Response timeframes: thirty (30) days under GDPR/UK GDPR (extendable by sixty (60) days); forty-five (45) days under CCPA/CPRA (extendable by forty-five (45) days); forty-five (45) days under VCDPA, Delaware PDPA, and other applicable state privacy laws.
10.7. Limitations on Rights: Ariana Nexus reserves the right to decline or limit any request to the extent permitted by applicable law, including where: (a) compliance would require Ariana Nexus to violate other legal obligations; (b) the request is manifestly unfounded, excessive, or repetitive; (c) compliance would compromise legitimate security, fraud prevention, or compliance measures; (d) the data is subject to legal professional privilege or litigation hold; or (e) the data is retained pursuant to a contractual obligation with a client. If we decline a request, we will provide a written explanation. Individuals whose requests are declined may appeal by contacting privacy@ariananexus.com with the subject line "Privacy Rights Appeal."
11.1. Business Associate Status: When Ariana Nexus processes PHI on behalf of a Covered Entity, Ariana Nexus acts as a Business Associate under HIPAA. All such processing is governed by a BAA executed prior to any disclosure of PHI. Ariana Nexus does not accept, access, store, or process any PHI until a BAA is fully executed between Ariana Nexus and the Covered Entity.
11.2. Permitted Uses and Disclosures: Ariana Nexus uses and discloses PHI only as permitted by the applicable BAA, the HIPAA Privacy Rule (45 CFR § 164.500–534), and applicable law.
11.3. Minimum Necessary Standard: Ariana Nexus applies the minimum necessary standard (45 CFR § 164.502(b)) to all uses, disclosures, and requests for PHI.
11.4. Safeguards: Administrative, physical, and technical safeguards comply with the HIPAA Security Rule (45 CFR § 164.302–318) for all electronic PHI. PHI is processed exclusively within Ariana Nexus's secure enterprise environment and platforms for which BAAs are in place.
11.5. Breach Notification: In the event of a breach of unsecured PHI, Ariana Nexus will notify the applicable Covered Entity within thirty (30) days of discovery per the HITECH Act (42 U.S.C. § 17932) and 45 CFR § 164.410.
11.6. No PHI on This Website: Ariana Nexus does not collect, store, or process PHI through this Website. PHI is processed only within contracted client engagements on secure platforms with executed BAAs. If you believe PHI has been inadvertently submitted through this Website, contact us immediately at privacy@ariananexus.com or +1 (202) 771-0224.
11.7. De-Identification: Where Ariana Nexus de-identifies health information, it follows the Safe Harbor or Expert Determination methods specified in 45 CFR § 164.514(b).
12.1. Safeguarding Requirements: Ariana Nexus protects CUI in accordance with NIST SP 800-171. For Department of Defense contracts governed by DFARS 252.204-7012, Ariana Nexus currently complies with NIST SP 800-171 Rev. 2, consistent with the DoD class deviation issued in May 2024. Ariana Nexus is concurrently preparing for transition to NIST SP 800-171 Rev. 3 (finalized May 14, 2024), which is the current NIST standard and is already required by the General Services Administration (GSA) as of January 2026. When the DoD formally incorporates Rev. 3 into DFARS and the CMMC program, Ariana Nexus will transition accordingly.
12.2. System Security Plan: Ariana Nexus maintains a System Security Plan (SSP) and Plan of Action and Milestones (POA&M). [Note: Ariana Nexus is developing its SSP and POA&M as part of its CMMC readiness program. Target completion: Q4 2026. This section will be updated as the program matures.]
12.3. Incident Reporting: Cyber incidents affecting CUI reported to the DoD Cyber Crime Center (DC3) within seventy-two (72) hours of discovery per DFARS 252.204-7012.
12.4. Access Restrictions: CUI accessible only to personnel with verified need to know and completed security training.
12.5. Flow-Down Requirements: Safeguarding requirements flowed down to subcontractors per DFARS 252.204-7012(m).
12.6. U.S.-Based Processing: All CUI is processed and stored within the United States. No CUI is transferred outside U.S. borders unless expressly authorized by the applicable government contracting authority and in compliance with all export control regulations.
12.7. No CUI on This Website: Ariana Nexus does not collect, store, or process CUI through this Website. CUI is processed exclusively within secure, authorized enterprise environments.
13.1. Data Provenance: Ariana Nexus maintains records of the provenance of all AI Training Data, including source, consent basis, date of collection, and chain of custody.
13.2. Purpose Limitation: Client-provided AI Training Data is processed only for the purposes specified in the applicable engagement agreement. No repurposing without explicit written authorization.
13.3. Human Oversight: All AI data processing pipelines incorporate human-in-the-loop (HITL) oversight at critical quality, bias, and cultural accuracy checkpoints.
13.4. Bias Detection and Mitigation: Ariana Nexus monitors AI Training Data and outputs for cultural bias, linguistic inaccuracy, and representational harm, with particular attention to Afghan linguistic and cultural contexts.
13.5. EU AI Act Compliance: Where applicable, Ariana Nexus applies the transparency, data governance, and risk management requirements of the EU AI Act (Regulation (EU) 2024/1689), including Article 10 data governance requirements.
13.6. NIST AI RMF: Ariana Nexus aligns its AI data governance with the NIST AI Risk Management Framework (AI RMF 1.0).
13.7. Data Subject Rights in AI Context: Individuals whose Personal Data is included in AI Training Data retain all applicable rights described in Section 10. Requests for erasure or correction will be honored to the extent technically feasible and legally required.
13.8. Disclaimer: Ariana Nexus provides AI validation, annotation, and cultural accuracy services. Ariana Nexus does not guarantee the accuracy, completeness, or fitness for any particular purpose of any AI model, output, or system trained using data processed by Ariana Nexus. Clients are solely responsible for the deployment, use, and governance of their own AI systems. Ariana Nexus's liability for AI-related services is limited to the terms of the applicable engagement agreement.
14.1. Ariana Nexus does not knowingly collect Personal Information from children under the age of thirteen (13) through this Website, in accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.) and the FTC's COPPA Rule (16 CFR Part 312), as amended by the January 2025 Final Rule. If we learn that we have collected Personal Information from a child under 13 without verified parental consent, we will delete that information promptly. Ariana Nexus does not engage in targeted advertising directed at children under 13.
14.2. Minors Under 18 (Delaware PDPA): Under the Delaware Personal Data Privacy Act, Ariana Nexus does not process Personal Data of known minors aged 13 to 17 for targeted advertising, sale, or profiling without the minor's consent. Ariana Nexus does not engage in the sale of Personal Data of any known minor under 18.
14.3. In the context of healthcare interpretation and government services, Ariana Nexus may process information relating to minors under applicable engagement agreements and BAAs, in compliance with HIPAA, FERPA (20 U.S.C. § 1232g), and applicable state law.
15.1. Ariana Nexus specializes in serving institutions that work with Afghan diaspora communities across the United States, Europe, Australia, and other resettlement countries. Given the sensitivity of data relating to refugee and diaspora populations, we apply the following supplementary safeguards:
15.2. For more information about our approach to sensitive population data, see our Trust Center — Cultural Compliance Bureau and Trust Center — Privacy & Data Sovereignty — Sensitive Populations & Scholar Safety.
16.1. This Website may contain links to third-party websites, platforms, or services. Ariana Nexus is not responsible for the privacy practices, content, security measures, or data handling of third-party sites. We encourage individuals to review the privacy policies of any third-party site they visit.
16.2. Disclaimer: Ariana Nexus expressly disclaims all liability for any loss, damage, or injury arising from or related to the use of any third-party website, platform, or service accessed through links on this Website.
17.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ARIANA NEXUS, ITS OFFICERS, DIRECTORS, MEMBERS, EMPLOYEES, AGENTS, CONTRACTORS, AND AFFILIATES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY, THE COLLECTION OR PROCESSING OF PERSONAL INFORMATION, OR THE USE OF THIS WEBSITE, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND REGARDLESS OF WHETHER ARIANA NEXUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
17.2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ARIANA NEXUS'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT PAID BY THE CLAIMANT TO ARIANA NEXUS IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM; OR (B) ONE HUNDRED DOLLARS ($100).
17.3. THE LIMITATIONS IN THIS SECTION APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IN SUCH JURISDICTIONS, ARIANA NEXUS'S LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
17.4. Nothing in this Privacy Policy shall limit or exclude Ariana Nexus's liability for: (a) fraud or fraudulent misrepresentation; (b) death or personal injury caused by negligence; or (c) any other liability that cannot be excluded or limited by applicable law, including but not limited to liability under the UK Unfair Contract Terms Act 1977, the UK Consumer Rights Act 2015, or GDPR.
18.1. Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of the Commonwealth of Virginia, United States, without regard to its conflict of laws principles.
18.2. Jurisdiction and Venue: Any dispute, claim, or controversy arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Arlington County, Virginia, or the United States District Court for the Eastern District of Virginia (Alexandria Division). You irrevocably consent to the personal jurisdiction and venue of these courts and waive any objection to jurisdiction or venue.
18.3. Informal Resolution: Before initiating any formal legal proceeding, the parties agree to attempt to resolve any dispute informally by contacting Ariana Nexus at privacy@ariananexus.com or (607) 697-5250. Ariana Nexus will make reasonable efforts to resolve the matter within thirty (30) business days of receipt of the complaint.
18.4. Waiver of Class Action: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AGREE THAT ANY DISPUTE ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY SHALL BE RESOLVED ON AN INDIVIDUAL BASIS ONLY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE ACTION.
18.5. Time Limitation: ANY CAUSE OF ACTION OR CLAIM ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED. THIS PROVISION DOES NOT APPLY WHERE IT WOULD CONFLICT WITH MANDATORY STATUTORY LIMITATION PERIODS UNDER APPLICABLE LAW.
18.6. EEA/UK Data Subject Rights Preserved: Nothing in this Section 18 shall limit or restrict the rights of individuals located in the EEA, UK, or Switzerland to: (a) lodge a complaint with a competent supervisory authority under GDPR Article 77 or UK GDPR Article 77; (b) pursue a judicial remedy against a supervisory authority under GDPR Article 78; or (c) pursue a judicial remedy against a controller or processor under GDPR Article 79 in the courts of the Member State where the data subject habitually resides or works, or where the alleged infringement occurred. These statutory rights are not subject to the governing law, exclusive jurisdiction, class action waiver, or time limitation provisions of this Section 18.
19.1. To the maximum extent permitted by applicable law, you agree to indemnify, defend, and hold harmless Ariana Nexus, its officers, directors, members, employees, agents, contractors, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your violation of this Privacy Policy; (b) your provision of inaccurate, misleading, or fraudulent information to Ariana Nexus; (c) your violation of any applicable law, regulation, or third-party right; or (d) any dispute between you and a third party regarding Personal Information.
20.1. Ariana Nexus reserves the right to update, modify, or replace this Privacy Policy at any time, at its sole discretion, with or without prior notice. When we make changes, we will update the "Last Revised" date at the top of this Policy. Material changes may be communicated through the Website or by other appropriate means, but Ariana Nexus is not obligated to provide individual notice of changes except where required by applicable law.
20.2. Your continued use of this Website or engagement with Ariana Nexus services after the posting of changes constitutes your acceptance of those changes. It is your responsibility to review this Policy periodically.
20.3. If you do not agree with any changes to this Policy, your sole and exclusive remedy is to discontinue your use of this Website and engagement with Ariana Nexus.
21.1. If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable, or if modification is not possible, shall be severed from this Policy. The invalidity, illegality, or unenforceability of any provision shall not affect the validity, legality, or enforceability of the remaining provisions of this Policy.
22.1. This Privacy Policy, together with the Terms of Use, Cookie Policy, and any applicable engagement agreements, constitutes the entire agreement between you and Ariana Nexus with respect to the matters addressed herein. This Policy supersedes all prior and contemporaneous understandings, agreements, representations, and warranties regarding its subject matter.
For questions, concerns, or requests related to this Privacy Policy or our data protection practices, contact:
Ariana Nexus Privacy Office
Email: privacy@ariananexus.com
Phone: +1 (202) 771-0224
Mail: Ariana Nexus, LLC, Attn: Privacy Office, 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006
For complaints regarding our processing of Personal Data, individuals in the EEA or UK may also contact the relevant supervisory authority. Individuals in the United States may contact the Federal Trade Commission (FTC) at ftc.gov.
If you have any concerns about how your data is being handled, or if you would like to request a modification to how Ariana Nexus processes your Personal Information, please contact us before taking any other action. We are committed to resolving concerns promptly and in good faith.
JurisdictionLaw / FrameworkPrimary SectionsUnited States (Federal)HIPAA / HITECH ActSections 3, 8, 9, 11United States (Federal)COPPA (15 U.S.C. § 6501 et seq.)Section 14United States (Federal)NIST SP 800-171 Rev. 2 / Rev. 3 / DFARS 252.204-7012Section 12United States (Federal)FAR 4.703Section 8United States (Federal)NIST Cybersecurity Framework (CSF 2.0)Section 9CaliforniaCCPA / CPRA (Cal. Civ. Code § 1798.100 et seq.)Sections 4, 6, 10.2VirginiaVCDPA (Va. Code § 59.1-575 et seq.)Section 10.3DelawarePersonal Data Privacy Act (6 Del. Code Ch. 12D)Section 10.4European UnionGDPR (Regulation (EU) 2016/679)Sections 5, 7, 10.1European UnionEU AI Act (Regulation (EU) 2024/1689)Section 13.5United KingdomUK GDPR / Data Protection Act 2018Sections 5, 7, 10.1InternationalICRC Humanitarian Data ProtectionSection 15InternationalNIST AI RMF 1.0Section 13.6
This Privacy Policy is provided for informational purposes and does not constitute legal advice. This Policy is not intended to create, and does not create, any rights or obligations beyond those required by applicable law. Ariana Nexus recommends that individuals consult with qualified legal counsel regarding their specific data protection rights and obligations. Nothing in this Policy shall be construed as a waiver of any right, defense, or immunity available to Ariana Nexus under applicable law.
