NxGeN
Legal Center

Privacy Policy

Privacy Policy

Effective May 1, 2026Updated April 29, 2026

Effective Date: May 1, 2026

NxGeN Holdings Inc. ("NxGeN," "we," "us," or "our") operates an invitation-only community for next-generation members of family offices and the people they trust. This Privacy Policy explains how we handle your information when you apply for membership, use our digital platform at nxgen.club and related applications (the "Platform"), attend our events, or otherwise interact with us (collectively, the "Services").

Membership in NxGeN is a relationship of trust. Much of the information we hold about you — your family office affiliation, your investment focus, your interests, who you connect with, and what you share with peers — is sensitive. We treat it that way. The commitments below are deliberately strict: we do not sell your data, we do not share it with advertisers, and we do not use it to train machine-learning models.

By accessing the Services, you confirm that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

1. Information We Collect

1.1 Information You Provide When Applying for Membership

Membership is by invitation. When you apply, you may provide:

  • Identity and contact details: legal name, preferred name, date of birth, photograph, email, phone number, and mailing address.
  • Background information: family office affiliation (where you choose to share it), professional history, investment focus, geographies of activity, and a personal statement about why NxGeN.
  • References: the name of the existing member, partner, or NxGeN team member who introduced you, and any references you supply.

NxGeN's vetting committee reviews applications. The vetting process is human, not automated. From time to time, we may verify the identity, background, or accreditation status of an applicant or member through reputable third-party services. If we engage such a service, we will reflect it in our subprocessor list and disclose what is collected.

1.2 Profile and Activity Information You Provide as a Member

Once admitted, you choose what to add to your profile and how visibly to share it. This may include:

  • Profile content: bio, interests, "what I bring / what I'm looking for," portfolio focus, lifestyle interests, and any optional family office affiliation.
  • Trust-layer settings: which fields are visible at directory level versus profile level versus to confirmed connections only.
  • Connections: the members you connect with, your introduction requests, and intermediary approvals.
  • Peer Advisory Circle membership: the Circle you are placed in, your attendance, and any commitments you choose to log. Circle session content (discussions, recordings, transcripts) is not retained by us — see Section 4.
  • Network participation: posts, comments, and reactions in interest-based Networks (e.g., AI & Entrepreneurship, Impact Investing).
  • Givers Network listings and requests: assets you choose to share with your Inner Circle, requests you make, and offers you receive.
  • Direct messages: message metadata (who messaged whom, when) and message content. We encrypt direct-message content in transit and at rest and apply strict access controls — see Section 4.
  • Event activity: RSVPs, breakout selections, check-ins at sessions and activities, photos taken at events where you are visible, and post-event connection prompts you act on.
  • Payment information: billing details for membership dues and event fees, processed by our payment processor (Stripe). We do not store complete payment card numbers on our servers.
  • Support and feedback: information you provide when contacting NxGeN, submitting feedback, or reporting concerns.

1.3 Information We Collect Automatically

When you use the Platform, we automatically collect:

  • Device information: IP address, browser type and version, operating system, device identifiers, and language settings.
  • Usage information: pages visited, features used, session duration, and aggregated interactions with the Platform.
  • Authentication information: magic-link tokens (short-lived) and, if you opt in, biometric identifiers used by your device locally for sign-in (these never leave your device).
  • Server logs: error reports and performance data used to diagnose issues.

1.4 Information from Third Parties

We may receive information about you from:

  • The member or NxGeN team member who introduced you, in connection with your application.
  • Event partners and venues providing attendance, registration, or activity participation information for events you sign up for.
  • Publicly available sources (e.g., professional bios) that we may use to confirm details you provide.

1.5 Sensitive Information

The nature of NxGeN means members may discuss financial, family, and lifestyle matters that are sensitive to them. We do not require members to disclose financial details, family dynamics, or any other sensitive matter. Anything you share in a Circle, Network, message, or asset listing is your choice. We apply the safeguards in Section 6 to all member information, and we apply the heightened protections in Section 4 to Circle content and direct-message content specifically.

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Services: operate the Platform, run the application and onboarding flow, place you in an appropriate Peer Advisory Circle, suggest relevant Networks and connections, manage event registration and check-in, and run the Givers Network.
  • Verify identity and protect trust: confirm you are who you say you are, prevent impersonation, and investigate concerns reported by members.
  • Communicate with you: send service-related messages (e.g., onboarding, Circle scheduling, event logistics), respond to inquiries, and provide member support.
  • Process payments: charge membership dues and event fees through our payment processor.
  • Improve the Services: analyze aggregated, de-identified usage patterns to refine features and programming. We do not use your content to train machine-learning models.
  • Security and abuse prevention: detect and respond to fraud, unauthorized access, and conduct that violates our Terms of Service.
  • Legal compliance: comply with applicable laws, regulations, and lawful requests.

We will never use your information for cross-context behavioral advertising or for targeting by third parties.

3. How We Share Your Information

We share your information only as described below.

  • With other members, on your terms. Profile information is visible according to the trust-layer settings you choose (directory-level, profile-level, or confirmed-connection-level). Members are expressly prohibited from scraping, exporting, or commercially using member information — see our Terms of Service.
  • With service providers (subprocessors). We share information with vendors who help us run the Services, under contracts that require them to protect your information and use it only for our purposes. Our current subprocessors are listed in Section 11.
  • With event partners. Where you have opted into a sponsor- or partner-led experience, limited information necessary to participate (e.g., your name and the fact that you registered) may be shared with that partner. We do not provide partners with member directories or non-attendee data.
  • For legal reasons. We may disclose information when required by law, regulation, legal process, or governmental request, and to protect the rights, property, or safety of NxGeN, members, or others.
  • With your explicit consent, for purposes you have specifically agreed to.
  • In a business transfer. If NxGeN is involved in a merger, acquisition, financing, or sale of assets, your information may transfer as part of that transaction. We will notify you in advance and your information will continue to be protected by this Privacy Policy or an equivalent successor.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not provide your personal information to advertisers, data brokers, or third-party targeting platforms.

4. Heightened Protections for Circles and Direct Messages

Two parts of the Platform receive heightened protections that are stricter than what most platforms offer.

4.1 Peer Advisory Circle Confidentiality (the "Vegas Rule")

What is shared in a Circle stays in the Circle.

  • Circle sessions are not recorded and not transcribed server-side.
  • Circle session content is not stored on our servers and is not searchable within the Platform.
  • The only Circle data that persists is what you personally choose to record as your own commitments, which only you can see.
  • The facilitator may log session metadata (date, attendance) for scheduling and continuity purposes.

Circles operate on member-to-member trust. NxGeN reinforces that trust technically; members reinforce it socially through the membership commitment described in our Terms of Service.

4.2 Heightened Protections for Direct Messages

Direct-message content is sensitive by default. We protect it as follows:

  • We encrypt direct-message content in transit (TLS 1.3, or 1.2 where the client does not support 1.3) and at rest (AES-256 or equivalent).
  • Access to message-content storage is restricted to a small number of trained NxGeN personnel and only where necessary to operate the feature, investigate abuse reported to us, or comply with law.
  • We do not scan the content of direct messages for advertising or third-party targeting purposes (and we do not run advertising or third-party targeting in the first place — see Section 3).
  • We do not use direct-message content to train machine-learning models.

We are evaluating end-to-end encryption for one-to-one direct messages as the Platform matures. If and when we introduce it, we will update this Privacy Policy and notify members.

4.3 Givers Network Listings

Asset listings in the Givers Network are visible only to your Inner Circle connections. They are not searchable by the broader membership, are not displayed publicly, and are not shared with vendors except as needed to operate concierge logistics that you specifically request.

5. Data Retention

We retain your information for as long as your membership is active and as needed to provide the Services. After your membership ends:

  • Account information and profile content: deleted within sixty (60) days of termination, except where retention is required by law (e.g., financial records) or for legitimate business purposes such as resolving disputes, enforcing agreements, or preserving member-trust integrity records.
  • Direct-message content: deleted from active systems within sixty (60) days of termination. Deletion may take longer for messages exchanged with members whose accounts remain active, in which case the content is preserved on the recipient's side under their account.
  • Circle session content: ephemeral; nothing persists beyond the limited metadata described in Section 4.1.
  • Backups: information may persist in routine backups for up to ninety (90) days after deletion from active systems.
  • Aggregated, de-identified data: may be retained indefinitely because it cannot be linked back to you.

You may request earlier deletion at any time by contacting privacy@nxgen.club.

6. Data Security

We protect your information using technical and organizational measures appropriate to its sensitivity, including:

  • Encryption in transit using TLS 1.3 (or, where 1.3 is not supported by the requesting client, TLS 1.2).
  • Encryption at rest using AES-256 or an equivalent industry-standard algorithm.
  • Access controls including role-based access, the principle of least privilege, multi-factor authentication for administrative access, and automated session timeout.
  • No public indexing. Member profiles are not indexed by search engines. We enforce this through robots.txt, noindex meta tags, and authenticated routing.
  • Audit logging of access to member information.
  • Regular vulnerability scanning and penetration testing of the Platform.
  • Secure software development practices and protections against the OWASP Top 10.
  • Vendor risk management — every subprocessor in Section 11 is contractually bound to protect your information.
  • Annual third-party security audit beginning in our second operating year (Phase 2 of the Platform roadmap), with the goal of formal SOC 2 Type II attestation thereafter.

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security.

7. International Members and Data Transfers

NxGeN is a global community with members across the United States, Europe, the United Kingdom, the Middle East, and Africa. NxGeN Holdings Inc. is incorporated in Delaware, and our primary infrastructure is hosted in the United States. If you access the Services from outside the United States, your information will be transferred to, stored in, and processed in the United States.

For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable) or another lawful transfer mechanism. We perform transfer impact assessments where required.

8. Your Rights and Choices

Depending on your location, you may have the rights described below. We will respond to verified requests within the timeframes required by applicable law.

8.1 Rights Available to All Members

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct information that is inaccurate or incomplete (you can also edit most of your profile yourself).
  • Deletion: ask us to delete your information, subject to limited exceptions described in Section 5.
  • Portability: request a copy of your information in a structured, machine-readable format.
  • Opt out of non-essential communications: unsubscribe from newsletters, programming announcements, and other non-essential messages at any time. Service-related communications (e.g., security notices, billing) cannot be opted out of while your membership is active.
  • Adjust trust-layer settings: change at any time which fields are visible to which audiences.

8.2 Additional Rights for EEA, UK, and Swiss Residents

If you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to:

  • object to or restrict our processing of your personal data;
  • withdraw consent at any time where we rely on your consent;
  • lodge a complaint with your local supervisory authority.

We process your personal data on the following legal bases under the GDPR / UK GDPR:

  • Contract — to provide the Services that you have requested.
  • Legitimate interests — to operate, secure, and improve the community, prevent abuse, and protect the trust members place in NxGeN. We have balanced these interests against your rights.
  • Legal obligation — to comply with applicable law.
  • Consent — where we ask for it (e.g., optional marketing communications).

8.3 Additional Rights for California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know, delete, and correct your personal information; to opt out of "sale" or "sharing" of personal information; and to non-discrimination for exercising these rights.

We confirm: we do not sell or share personal information in the senses defined by the CCPA/CPRA. We do not engage in cross-context behavioral advertising.

8.4 Exercising Your Rights

To exercise any of these rights, contact privacy@nxgen.club. We may need to verify your identity before responding. You may also designate an authorized agent to act on your behalf, subject to verification.

9. Children's Privacy

The Services are not intended for, or directed to, individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have, we will delete it. If you believe a child has provided information to us, please contact privacy@nxgen.club.

10. Third-Party Links and Services

The Platform may contain links to third-party sites or integrate with third-party services. This Privacy Policy does not apply to those services, and we are not responsible for their practices. Review their privacy policies before using them.

11. Subprocessors

We rely on the following subprocessors to provide the Services. Each is contractually bound to protect your information.

SubprocessorLocationPurpose
---------
Google Cloud PlatformUnited StatesCloud infrastructure, database, authentication, and real-time services
VercelUnited StatesHosting and edge delivery for the Platform
SanityUnited States / EUContent management for the Learn module and editorial content
StripeUnited StatesMembership-dues and event-fee payment processing
CloudflareUnited StatesContent delivery, DDoS protection, and edge security
ResendUnited StatesTransactional email delivery

We may update this list. Material changes are published at <https://nxgen.club/legal/subprocessors> and notified to institutional partners under their Data Processing Agreements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date above and provide notice through the Platform or by email. Your continued use of the Services after the change becomes effective constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

For privacy questions or requests:

NxGeN Holdings Inc. Privacy: privacy@nxgen.club Legal: legal@nxgen.club Website: nxgen.club

EEA, UK, and Swiss residents may also contact their local supervisory authority. The lead supervisory authority for our processing of EEA personal data is the Irish Data Protection Commission.