Legal — Document ID: AN-LEGAL-PP-001
Ariana Nexus, LLC
Version: 1.2 | Effective Date: March 27, 2026 | Last Revised: March 27, 2026
Reviewed By: CEO & Compliance Team | Classification: Public | Next Review: March 27, 2027
Governing Entity: Ariana Nexus, LLC, a Delaware limited liability company, with its principal office at 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006, United States.
Contact: privacy@ariananexus.com | (202) 771-0224 | Ariana Nexus, LLC, 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006
BY ACCESSING OR USING THIS WEBSITE, SUBMITTING INFORMATION THROUGH THIS WEBSITE, OR ENGAGING WITH ARIANA NEXUS, LLC IN ANY CAPACITY, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH ANY PROVISION OF THIS PRIVACY POLICY, DO NOT ACCESS OR USE THIS WEBSITE OR SUBMIT ANY INFORMATION TO ARIANA NEXUS. THIS PRIVACY POLICY IS SUBJECT TO CHANGE AT ANY TIME WITHOUT PRIOR NOTICE. YOUR CONTINUED USE OF THIS WEBSITE OR ENGAGEMENT WITH ARIANA NEXUS FOLLOWING ANY CHANGES CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. IT IS YOUR RESPONSIBILITY TO REVIEW THIS POLICY PERIODICALLY.
1.1. This Privacy Policy describes how Ariana Nexus, LLC and its affiliates ("Ariana Nexus," "we," "us," or "our") collect, use, disclose, retain, and protect personal information. It applies to:
(a) Visitors to ariananexus.com and any associated digital properties (collectively, the "Website").
(b) Clients, prospective clients, and institutional partners who engage with Ariana Nexus programs and services, including clients located in the European Economic Area, the United Kingdom, and other international jurisdictions.
(c) Members of the Human Intelligence Collective, including interpreters, translators, subject-matter experts, and independent contractors.
(d) Individuals whose data is processed through the AI Data Factory, including data annotation, linguistic validation, and AI model evaluation pipelines.
(e) Individuals whose data is processed through the Cultural Compliance Bureau's validation and certification programs.
(f) Any individual whose personal information Ariana Nexus processes in the course of delivering services across its four core domains: Healthcare, AI & Technology, Government & Public Sector, and Research & Education.
1.2. This Policy applies regardless of how personal information is collected — whether online, offline, through third-party platforms, or through client engagements. Where Ariana Nexus processes personal information on behalf of a client (as a "processor" under GDPR or a "service provider" under CCPA), the client's privacy policy and our contractual agreements govern that processing. This Policy governs data Ariana Nexus collects and controls directly.
1.3. Ariana Nexus maintains its principal office at 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006, United States, and primarily operates from Virginia. We serve clients globally, including in the European Economic Area and the United Kingdom. Accordingly, this Policy addresses our obligations under both U.S. and international data protection law, including the General Data Protection Regulation (GDPR) as it applies to organizations that offer goods or services to individuals in the EEA (Article 3(2) GDPR) and the UK GDPR.
1.4. Website Limitation: This Website is a public-facing informational platform. Ariana Nexus does not collect, store, process, or transmit client data, Protected Health Information, Controlled Unclassified Information, or any other sensitive or regulated data through this Website. All client data processing occurs within Ariana Nexus's secure enterprise environment, which operates within the Microsoft 365 ecosystem and other platforms for which appropriate Business Associate Agreements, Data Processing Agreements, or equivalent contractual safeguards are in place. Any data collected through this Website is limited to the categories described in Section 3 of this Policy.
For the purposes of this Policy:
2.1. "Personal Information" or "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual.
2.2. "Protected Health Information" ("PHI") means individually identifiable health information as defined under HIPAA, 45 CFR § 160.103.
2.3. "Controlled Unclassified Information" ("CUI") means information that requires safeguarding or dissemination controls pursuant to applicable law, regulation, or government-wide policy, as defined in 32 CFR Part 2002 and NIST Special Publication 800-171.
2.4. "AI Training Data" means any data processed through Ariana Nexus's AI Data Factory for the purpose of training, validating, testing, or auditing artificial intelligence and machine learning models.
2.5. "Processing" means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
This Website collects only the following categories of information from visitors:
3.1.1. Contact and Inquiry Information: Name, email address, phone number, job title, organizational affiliation, and message content submitted through our Website contact forms, consultation requests, and event registrations.
3.1.2. Automatically Collected Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language preferences, pages viewed, links clicked, time spent on pages, referring and exit pages, navigation paths, and approximate geographic location derived from IP address.
3.1.3. For detailed information about our use of cookies and similar technologies, see our Cookie Policy.
No sensitive, regulated, or client data is collected, stored, or processed through this Website. Any representations to the contrary are incorrect. If you believe you have inadvertently submitted sensitive data through this Website, contact us immediately at privacy@ariananexus.com or (202) 771-0224.
Outside of this Website, in the course of client engagements and business operations conducted through our secure enterprise platforms, Ariana Nexus may collect and process the following categories of information under separate contractual agreements:
3.2.1. Contractual and Professional Information: Billing details, contract terms, project specifications, and compliance documentation.
3.2.2. Human Intelligence Collective Member Information: Resumes, professional certifications, language proficiency records, educational credentials, background check results (where legally required), and payment information.
3.2.3. Healthcare-Related Information: When Ariana Nexus provides interpretation, translation, or cultural competency services in clinical settings, we may process PHI on behalf of healthcare clients. All PHI processing is governed by HIPAA, applicable Business Associate Agreements ("BAAs"), and Section 11 of this Policy. No PHI processing occurs until a BAA is fully executed.
3.2.4. Government Engagement Information: When Ariana Nexus performs work under government contracts, we may process CUI. All CUI processing is governed by NIST SP 800-171, DFARS 252.204-7012, and Section 12 of this Policy.
3.2.5. AI Training Data: Text, audio, linguistic annotations, and metadata processed through the AI Data Factory. Where provided by clients, this data is governed by the applicable Data Processing Agreement.
3.2.6. Information from Third Parties: Healthcare systems, government agencies, AI platforms, and other institutional clients may provide us with information about individuals in connection with service delivery. Ariana Nexus may also receive information from publicly available professional sources, industry directories, analytics providers, background check services, and payment processors.
Ariana Nexus does not process any client data — including PHI, CUI, AI Training Data, or any other regulated or sensitive data — on any platform or system without first executing the appropriate contractual safeguards, which may include Business Associate Agreements, Data Processing Agreements, Non-Disclosure Agreements, or equivalent instruments. The specific obligations, permitted uses, and security requirements for client data are defined exclusively in the applicable engagement agreement between Ariana Nexus and the client. In the event of any conflict between this Privacy Policy and a specific engagement agreement, the engagement agreement shall control with respect to the client data governed by that agreement.
4.1. Ariana Nexus processes Personal Information for the following purposes:
(a) Service Delivery: To deliver interpretation, translation, cultural competency, AI validation, data annotation, compliance certification, and other programs.
(b) Client Engagement: To respond to inquiries, process consultation requests, negotiate and manage contracts, and maintain client relationships.
(c) Workforce Management: To recruit, onboard, credential, compensate, and manage members of the Human Intelligence Collective and employees.
(d) AI Data Factory Operations: To curate, annotate, validate, and quality-assure data for AI model training and evaluation, and to detect and mitigate cultural bias, hallucination, and inaccuracy in AI outputs.
(e) Cultural Compliance Bureau Operations: To certify the cultural, linguistic, ethical, and regulatory compliance of AI outputs, institutional policies, healthcare protocols, legal proceedings, and government programs.
(f) Compliance and Legal Obligations: To comply with applicable laws, regulations, contractual obligations, government audits, regulatory inquiries, and legal proceedings.
(g) Security and Fraud Prevention: To protect the security and integrity of our systems, data, and operations, and to detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
(h) Analytics and Improvement: To analyze Website usage, improve our services, and develop new capabilities.
(i) Communications: To send service-related communications and, where consent has been obtained or where permitted by law, provide information about Ariana Nexus programs and events. Individuals may opt out of marketing communications at any time by contacting privacy@ariananexus.com.
4.2. Ariana Nexus does not sell Personal Information. Ariana Nexus does not share Personal Information with third parties for their own direct marketing purposes. Ariana Nexus does not use Personal Information for automated decision-making that produces legal or similarly significant effects on individuals without human oversight.
5.1. Ariana Nexus serves clients and individuals located in the European Economic Area ("EEA"), the United Kingdom, and Switzerland. Where the GDPR or UK GDPR applies — including under Article 3(2) GDPR — we process Personal Data on the following legal bases:
(a) Performance of a Contract (Article 6(1)(b)): Where processing is necessary to perform or enter into a contract.
(b) Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests, provided those interests are not overridden by the individual's rights. Our legitimate interests include service delivery, business operations, security, fraud prevention, and analytics.
(c) Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with applicable law.
(d) Consent (Article 6(1)(a)): Where processing is based on freely given, specific, informed, and unambiguous consent.
(e) Vital Interests (Article 6(1)(d)): In limited circumstances, where processing is necessary to protect the vital interests of the individual or another person.
(f) Public Interest (Article 6(1)(e)): Where processing is necessary for a task carried out in the public interest.
5.2. Where Ariana Nexus processes special categories of Personal Data (Article 9 GDPR) — including health data, ethnic origin, or linguistic data that reveals racial or ethnic origin — we rely on explicit consent, the establishment, exercise, or defense of legal claims, or processing necessary for reasons of substantial public interest, as applicable.
5.3. EU Representative: Where required under Article 27 GDPR, Ariana Nexus will designate a representative in the European Union. Ariana Nexus is actively pursuing the appointment of an EU representative as part of its European expansion roadmap, with anticipated designation by Q4 2026. Details will be published on this page and on the Trust Center once the representative is designated. For inquiries in the interim, contact privacy@ariananexus.com.
5.4. UK Representative: Where required under Article 27 of the UK GDPR, Ariana Nexus will designate a representative in the United Kingdom. Ariana Nexus is actively pursuing the appointment of a UK representative as part of its planned London office establishment. Details will be published on this page once designated. For inquiries in the interim, contact privacy@ariananexus.com.
6.1. Ariana Nexus discloses Personal Information only as follows:
(a) To Clients: In the course of service delivery, as governed by applicable contracts and data processing agreements.
(b) To Service Providers: To third-party service providers who perform functions on our behalf, subject to contractual obligations requiring them to process Personal Information only as directed and to maintain appropriate security measures.
(c) To Government Authorities: Where required by law, regulation, subpoena, court order, or government request, or where necessary for the establishment, exercise, or defense of legal claims.
(d) For Compliance and Safety: Where disclosure is necessary to comply with sanctions screening, anti-money laundering, FCPA or UK Bribery Act obligations, or other regulatory requirements; or where disclosure is necessary to protect the safety, rights, or property of Ariana Nexus, our clients, our Collective members, or the public.
(e) In Corporate Transactions: In connection with a merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections and notice where required by law.
(f) With Consent: Where the individual has provided consent to a specific disclosure.
6.2. Ariana Nexus does not sell Personal Information. Ariana Nexus does not share Personal Information with third parties for their own direct marketing purposes.
6.3. Disclaimer: Ariana Nexus is not responsible for the privacy practices, security measures, or actions of any third party, including clients, service providers, government authorities, or any other entity to which Personal Information is disclosed in accordance with this Section 6. Ariana Nexus's liability for any unauthorized disclosure by a third party is limited to the extent of Ariana Nexus's own negligence or willful misconduct, if any.
7.1. Ariana Nexus is headquartered in the United States and processes Personal Information primarily within the United States. When we serve clients or process data relating to individuals located outside the United States, cross-border data transfers may occur.
7.2. EEA/UK/Switzerland to United States: Where Personal Data is transferred from the EEA, UK, or Switzerland to the United States, Ariana Nexus relies on the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision (EU) 2021/914), and/or the UK International Data Transfer Agreement (IDTA), as applicable. Ariana Nexus conducts Transfer Impact Assessments where required. [Note: Ariana Nexus is evaluating self-certification under the EU-U.S. Data Privacy Framework. This section will be updated upon completion of self-certification. Current transfers rely on SCCs and/or IDTA.]
7.3. Other International Transfers: For transfers to or from other jurisdictions, Ariana Nexus relies on the legal mechanisms available under applicable law, including adequacy decisions, SCCs, or derogations as permitted under GDPR Article 49.
7.4. Data Localization: Where a client engagement or applicable law requires that Personal Data remain within a specific jurisdiction, Ariana Nexus will implement data localization controls as specified in the applicable engagement agreement.
7.5. Disclaimer: Ariana Nexus makes reasonable efforts to ensure that cross-border data transfers comply with applicable law. However, Ariana Nexus does not guarantee the data protection laws, practices, or enforcement mechanisms of any foreign jurisdiction. Individuals who provide Personal Information from outside the United States do so at their own discretion and acknowledge that their data will be transferred to and processed in the United States, which may not provide the same level of data protection as their home jurisdiction.
8.1. Ariana Nexus retains Personal Information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
(a) Client Engagement Records: Duration of the engagement plus seven (7) years, or as required by applicable tax, audit, or contractual obligations.
(b) Human Intelligence Collective Member Records: Duration of active status plus seven (7) years.
(c) Website Visitor Data: Cookie and analytics data per our Cookie Policy. Contact form submissions retained for two (2) years unless the inquiry leads to an engagement.
(d) AI Training Data: As specified in applicable data processing agreements or, where Ariana Nexus controls the data, for the period necessary for the stated purpose.
(e) Protected Health Information: Minimum six (6) years per HIPAA (45 CFR § 164.530(j)) and applicable state law.
(f) Government Contract Records: Minimum three (3) years after final payment per FAR 4.703 and applicable agency requirements.
(g) Regulatory and Legal Hold Records: Retention extended as necessary for legal holds, regulatory investigations, or pending litigation.
8.2. Upon expiration of the applicable retention period, Personal Information is securely deleted or irreversibly anonymized. Ariana Nexus reserves the right to retain anonymized or aggregated data that does not identify any individual for any purpose, including analytics, benchmarking, and service improvement, without limitation.
9.1. Ariana Nexus implements administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, loss, or destruction. These safeguards include:
(a) Encryption: Data encrypted in transit using TLS 1.2 or higher and at rest using AES-256 or equivalent standards.
(b) Access Controls: Role-based access controls, multi-factor authentication, and least-privilege principles.
(c) Network Security: Firewalls, intrusion detection and prevention systems, and continuous monitoring.
(d) Endpoint Protection: Endpoint detection and response solutions, device management, and patch management.
(e) Employee and Contractor Training: Regular privacy and security awareness training.
(f) Incident Response: A documented incident response plan governing detection, containment, investigation, notification, and remediation.
(g) Vendor Management: Due diligence and contractual requirements for all third-party service providers.
9.2. Enterprise Infrastructure: Ariana Nexus conducts all client data processing within its secure enterprise environment, which operates within the Microsoft 365 ecosystem (including Exchange, SharePoint, Teams, and related services). Where additional platforms are used for client data processing, Ariana Nexus requires the execution of a Business Associate Agreement, Data Processing Agreement, or equivalent contractual safeguard prior to any client data being processed on that platform.
9.3. Ariana Nexus is pursuing formal security certifications, including SOC 2 Type II, ISO 27001, and alignment with the NIST Cybersecurity Framework (CSF 2.0). Current security controls are designed in alignment with these frameworks. Certification timelines are forward-looking roadmap items, not representations of current certified status. The status of our certification program is disclosed on our Trust Center.
9.4. DISCLAIMER OF ABSOLUTE SECURITY: NO METHOD OF TRANSMISSION OVER THE INTERNET OR METHOD OF ELECTRONIC STORAGE IS 100% SECURE. WHILE ARIANA NEXUS IMPLEMENTS COMMERCIALLY REASONABLE SAFEGUARDS TO PROTECT PERSONAL INFORMATION, ARIANA NEXUS DOES NOT WARRANT OR GUARANTEE ABSOLUTE SECURITY AND EXPRESSLY DISCLAIMS ANY SUCH WARRANTY. ARIANA NEXUS SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS, USE, OR DISCLOSURE OF PERSONAL INFORMATION RESULTING FROM CIRCUMSTANCES BEYOND ITS REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO: ACTS OF HACKING OR OTHER CRIMINAL ACTIVITY BY THIRD PARTIES; FAILURES OF THIRD-PARTY SERVICE PROVIDERS, INTERNET SERVICE PROVIDERS, OR TELECOMMUNICATIONS CARRIERS; FORCE MAJEURE EVENTS; OR THE ACTIONS OR OMISSIONS OF THE INDIVIDUAL WHOSE DATA IS AFFECTED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ARIANA NEXUS'S TOTAL LIABILITY FOR ANY SECURITY BREACH SHALL NOT EXCEED THE AMOUNT PAID BY THE AFFECTED INDIVIDUAL TO ARIANA NEXUS IN THE TWELVE (12) MONTHS PRECEDING THE BREACH, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.
Individuals located in the EEA, UK, or Switzerland have the following rights:
(a) Right of Access (Article 15)
(b) Right to Rectification (Article 16)
(c) Right to Erasure (Article 17), subject to applicable legal retention requirements
(d) Right to Restriction of Processing (Article 18)
(e) Right to Data Portability (Article 20)
(f) Right to Object (Article 21)
(g) Right to Withdraw Consent (Article 7(3)), without affecting the lawfulness of prior processing
(h) Right to Lodge a Complaint with a supervisory authority (UK: ICO at ico.org.uk; Germany: relevant Landesdatenschutzbehörde)
California residents have the following rights under the CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.):
(a) Right to Know — disclosure of categories and specific pieces of Personal Information collected
(b) Right to Delete — subject to applicable exceptions
(c) Right to Correct — correction of inaccurate Personal Information
(d) Right to Opt Out of Sale or Sharing — Ariana Nexus does not sell Personal Information and does not share it for cross-context behavioral advertising
(e) Right to Limit Use of Sensitive Personal Information
(f) Right to Non-Discrimination
Virginia residents have rights under the VCDPA (Va. Code § 59.1-575 et seq.) to access, correct, delete, obtain a copy of, and opt out of processing for targeted advertising, sale, or profiling. Ariana Nexus does not sell Personal Data or use it for targeted advertising.
Delaware residents have rights under the Delaware Personal Data Privacy Act (6 Del. Code Ch. 12D) to access, correct, delete, and obtain a copy of Personal Data, and to opt out of processing for targeted advertising, sale, or profiling. The DPDPA cure period sunset occurred on December 31, 2025; the Delaware Department of Justice now has discretion to determine whether a cure opportunity is provided.
Ariana Nexus acknowledges that multiple additional U.S. states have enacted comprehensive consumer data privacy laws that may apply depending on the residency of the individual and the nature of the processing. These include, but are not limited to, the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), Oregon Consumer Privacy Act (OCPA), Texas Data Privacy and Security Act (TDPSA), Montana Consumer Data Privacy Act (MCDPA), Indiana Consumer Data Protection Act (ICDPA), Iowa Consumer Data Protection Act (ICDPA), Tennessee Information Protection Act (TIPA), New Jersey Data Privacy Act (NJDPA), New Hampshire Privacy Act, Nebraska Data Privacy Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, and Minnesota Consumer Data Privacy Act, among others. To the extent any of these laws apply to Ariana Nexus's processing activities, Ariana Nexus will honor the rights granted to residents of those states, including rights of access, correction, deletion, portability, and opt-out of sale, targeted advertising, and profiling, as applicable. Individuals may exercise these rights by contacting Ariana Nexus as described in Section 10.6.
To submit a request, contact us at:
Email: privacy@ariananexus.com
Phone: (202) 771-0224
Mail: Ariana Nexus, LLC, Attn: Privacy Office, 1717 Pennsylvania Avenue NW, 10th Floor, Washington, D.C. 20006
We will verify your identity before processing your request. Response timeframes: thirty (30) days under GDPR/UK GDPR (extendable by sixty (60) days); forty-five (45) days under CCPA/CPRA (extendable by forty-five (45) days); forty-five (45) days under VCDPA, Delaware PDPA, and other applicable state privacy laws.
10.7. Limitations on Rights: Ariana Nexus reserves the right to decline or limit any request to the extent permitted by applicable law, including where: (a) compliance would require Ariana Nexus to violate other legal obligations; (b) the request is manifestly unfounded, excessive, or repetitive; (c) compliance would compromise legitimate security, fraud prevention, or compliance measures; (d) the data is subject to legal professional privilege or litigation hold; or (e) the data is retained pursuant to a contractual obligation with a client. If we decline a request, we will provide a written explanation. Individuals whose requests are declined may appeal by contacting privacy@ariananexus.com with the subject line "Privacy Rights Appeal."
11.1. Business Associate Status: When Ariana Nexus processes PHI on behalf of a Covered Entity, Ariana Nexus acts as a Business Associate under HIPAA. All such processing is governed by a BAA executed prior to any disclosure of PHI. Ariana Nexus does not accept, access, store, or process any PHI until a BAA is fully executed between Ariana Nexus and the Covered Entity.
11.2. Permitted Uses and Disclosures: Ariana Nexus uses and discloses PHI only as permitted by the applicable BAA, the HIPAA Privacy Rule (45 CFR § 164.500–534), and applicable law.
11.3. Minimum Necessary Standard: Ariana Nexus applies the minimum necessary standard (45 CFR § 164.502(b)) to all uses, disclosures, and requests for PHI.
11.4. Safeguards: Administrative, physical, and technical safeguards comply with the HIPAA Security Rule (45 CFR § 164.302–318) for all electronic PHI. PHI is processed exclusively within Ariana Nexus's secure enterprise environment and platforms for which BAAs are in place.
11.5. Breach Notification: In the event of a breach of unsecured PHI, Ariana Nexus will notify the applicable Covered Entity within thirty (30) days of discovery per the HITECH Act (42 U.S.C. § 17932) and 45 CFR § 164.410.
11.6. No PHI on This Website: Ariana Nexus does not collect, store, or process PHI through this Website. PHI is processed only within contracted client engagements on secure platforms with executed BAAs. If you believe PHI has been inadvertently submitted through this Website, contact us immediately at privacy@ariananexus.com or (202) 771-0224.
11.7. De-Identification: Where Ariana Nexus de-identifies health information, it follows the Safe Harbor or Expert Determination methods specified in 45 CFR § 164.514(b).
12.1. Safeguarding Requirements: Ariana Nexus protects CUI in accordance with NIST SP 800-171. For Department of Defense contracts governed by DFARS 252.204-7012, Ariana Nexus currently complies with NIST SP 800-171 Rev. 2, consistent with the DoD class deviation issued in May 2024. Ariana Nexus is concurrently preparing for transition to NIST SP 800-171 Rev. 3 (finalized May 14, 2024), which is the current NIST standard and is already required by the General Services Administration (GSA) as of January 2026. When the DoD formally incorporates Rev. 3 into DFARS and the CMMC program, Ariana Nexus will transition accordingly.
12.2. System Security Plan: Ariana Nexus maintains a System Security Plan (SSP) and Plan of Action and Milestones (POA&M). [Note: Ariana Nexus is developing its SSP and POA&M as part of its CMMC readiness program. Target completion: Q4 2026. This section will be updated as the program matures.]
12.3. Incident Reporting: Cyber incidents affecting CUI reported to the DoD Cyber Crime Center (DC3) within seventy-two (72) hours of discovery per DFARS 252.204-7012.
12.4. Access Restrictions: CUI accessible only to personnel with verified need to know and completed security training.
12.5. Flow-Down Requirements: Safeguarding requirements flowed down to subcontractors per DFARS 252.204-7012(m).
12.6. U.S.-Based Processing: All CUI is processed and stored within the United States. No CUI is transferred outside U.S. borders unless expressly authorized by the applicable government contracting authority and in compliance with all export control regulations.
12.7. No CUI on This Website: Ariana Nexus does not collect, store, or process CUI through this Website. CUI is processed exclusively within secure, authorized enterprise environments.
13.1. Data Provenance: Ariana Nexus maintains records of the provenance of all AI Training Data, including source, consent basis, date of collection, and chain of custody.
13.2. Purpose Limitation: Client-provided AI Training Data is processed only for the purposes specified in the applicable engagement agreement. No repurposing without explicit written authorization.
13.3. Human Oversight: All AI data processing pipelines incorporate human-in-the-loop (HITL) oversight at critical quality, bias, and cultural accuracy checkpoints.
13.4. Bias Detection and Mitigation: Ariana Nexus monitors AI Training Data and outputs for cultural bias, linguistic inaccuracy, and representational harm, with particular attention to Afghan linguistic and cultural contexts.
13.5. EU AI Act Compliance: Where applicable, Ariana Nexus applies the transparency, data governance, and risk management requirements of the EU AI Act (Regulation (EU) 2024/1689), including Article 10 data governance requirements.
13.6. NIST AI RMF: Ariana Nexus aligns its AI data governance with the NIST AI Risk Management Framework (AI RMF 1.0).
13.7. Data Subject Rights in AI Context: Individuals whose Personal Data is included in AI Training Data retain all applicable rights described in Section 10. Requests for erasure or correction will be honored to the extent technically feasible and legally required.
13.8. Disclaimer: Ariana Nexus provides AI validation, annotation, and cultural accuracy services. Ariana Nexus does not guarantee the accuracy, completeness, or fitness for any particular purpose of any AI model, output, or system trained using data processed by Ariana Nexus. Clients are solely responsible for the deployment, use, and governance of their own AI systems. Ariana Nexus's liability for AI-related services is limited to the terms of the applicable engagement agreement.
14.1. Ariana Nexus does not knowingly collect Personal Information from children under the age of thirteen (13) through this Website, in accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.) and the FTC's COPPA Rule (16 CFR Part 312), as amended by the January 2025 Final Rule. If we learn that we have collected Personal Information from a child under 13 without verified parental consent, we will delete that information promptly. Ariana Nexus does not engage in targeted advertising directed at children under 13.
14.2. Minors Under 18 (Delaware PDPA): Under the Delaware Personal Data Privacy Act, Ariana Nexus does not process Personal Data of known minors aged 13 to 17 for targeted advertising, sale, or profiling without the minor's consent. Ariana Nexus does not engage in the sale of Personal Data of any known minor under 18.
14.3. In the context of healthcare interpretation and government services, Ariana Nexus may process information relating to minors under applicable engagement agreements and BAAs, in compliance with HIPAA, FERPA (20 U.S.C. § 1232g), and applicable state law.
15.1. Ariana Nexus specializes in serving institutions that work with Afghan diaspora communities across the United States, Europe, Australia, and other resettlement countries. Given the sensitivity of data relating to refugee and diaspora populations, we apply the following supplementary safeguards:
(a) Heightened Data Protection: Personal Data relating to Afghan diaspora individuals — including refugees, asylum seekers, Special Immigrant Visa (SIV) holders, and their families — is subject to enhanced security controls, including access restrictions, encryption, and data minimization.
(b) Sanctions Compliance: Ariana Nexus conducts screening against the OFAC Specially Designated Nationals and Blocked Persons List and applicable sanctions programs as required by U.S. law.
(c) Humanitarian Data Standards: Ariana Nexus aligns its data protection practices for sensitive population data with the ICRC Handbook on Data Protection in Humanitarian Action and the UN Principles on Personal Data Protection and Privacy.
(d) No Disclosure to Foreign Governments: Ariana Nexus does not disclose Personal Data relating to Afghan diaspora individuals to any foreign government, military, intelligence service, or non-state actor, except where required by U.S. law and applicable legal process.
(e) Cultural Sensitivity: Personnel who process data relating to Afghan diaspora populations receive training on specific privacy risks, cultural considerations, and protection needs of refugee and displaced populations.
15.2. For more information about our approach to sensitive population data, see our Trust Center — Cultural Compliance Bureau and Trust Center — Privacy & Data Sovereignty.
16.1. Overview. Ariana Nexus uses SMS (Short Message Service) text messaging to communicate with clients, prospective clients, partners, and business contacts through its business phone number, +1 (202) 771-0224. SMS messaging is provided through Microsoft Teams Phone and is used exclusively for one-to-one business communications. Ariana Nexus does not use SMS for marketing, promotional campaigns, automated messaging, or mass communications.
Ariana Nexus may send the following types of SMS messages:
(a) Appointment and meeting confirmations, reminders, and scheduling coordination.
(b) Responses to inquiries submitted through our Website, email, or phone.
(c) Follow-up communications related to active or prospective business engagements.
(d) Service-related notifications, such as delivery confirmations or status updates.
(e) General business coordination messages initiated by Ariana Nexus personnel in the course of professional communications.
Ariana Nexus does not send marketing messages, promotional offers, political messages, or any content related to direct lending, loan arrangements, age-gated content, or gambling via SMS.
Ariana Nexus sends SMS messages only to individuals who have provided their phone number directly to Ariana Nexus in the course of a business engagement, inquiry, or professional correspondence. By providing your phone number to Ariana Nexus — whether through our Website contact form, email, phone call, business card, meeting, or other direct business interaction — you consent to receive business-related SMS messages from Ariana Nexus at the number provided. Consent is not required as a condition of purchasing any goods or services from Ariana Nexus.
Message frequency varies based on the nature of the business relationship and ongoing communications. Ariana Nexus does not send recurring automated messages. All messages are initiated by Ariana Nexus personnel on a one-to-one basis as needed for business purposes.
You may opt out of receiving SMS messages from Ariana Nexus at any time by replying STOP to any message received from +1 (202) 771-0224. Upon receipt of your STOP request, Ariana Nexus will cease sending SMS messages to your phone number. You may also opt out by contacting us at privacy@ariananexus.com or by calling (202) 771-0224 and requesting removal from SMS communications. Opting out of SMS does not affect your ability to receive communications from Ariana Nexus via other channels (email, phone calls, etc.).
For assistance with SMS communications, reply HELP to any message received from +1 (202) 771-0224, or contact Ariana Nexus at privacy@ariananexus.com or (202) 771-0224.
Standard message and data rates may apply depending on your mobile carrier and plan. Ariana Nexus is not responsible for any charges incurred by your mobile carrier in connection with SMS messages sent to or from your phone number.
When you send or receive SMS messages with Ariana Nexus, we may collect and retain: your phone number, the content of your messages, and the date and time of each message. This information is used solely for the business purposes described in Section 4 of this Privacy Policy and is retained in accordance with Section 8. Ariana Nexus does not sell, share, or disclose phone numbers or SMS message content to third parties for marketing or advertising purposes. No mobile opt-in data will be shared with third parties. Ariana Nexus will not sell, rent, loan, or otherwise distribute your mobile phone number, opt-in consent data, or SMS communication records to any third party for any purpose other than as required for message delivery through our telecommunications provider (Microsoft) or as required by applicable law.
Do not send Protected Health Information (PHI), Controlled Unclassified Information (CUI), classified information, Social Security numbers, financial account numbers, or any other sensitive or regulated data via SMS to Ariana Nexus. SMS is not a secure communication channel for regulated data. If you need to transmit sensitive information, please contact Ariana Nexus to arrange a secure communication method.
Carriers are not liable for delayed or undelivered messages. Ariana Nexus is not responsible for any delays, failures, or errors in the delivery of SMS messages caused by mobile carriers, network outages, or device incompatibilities.
Ariana Nexus's SMS messaging program complies with applicable federal and state regulations, including the Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227), the CTIA Messaging Principles and Best Practices, and carrier-specific requirements for 10DLC (10-Digit Long Code) business messaging registration through The Campaign Registry (TCR). Ariana Nexus's SMS brand and campaign are registered and approved in compliance with industry standards.
17.1. This Website may contain links to third-party websites, platforms, or services. Ariana Nexus is not responsible for the privacy practices, content, security measures, or data handling of third-party sites. We encourage individuals to review the privacy policies of any third-party site they visit.
17.2. Disclaimer: Ariana Nexus expressly disclaims all liability for any loss, damage, or injury arising from or related to the use of any third-party website, platform, or service accessed through links on this Website.
