top of page

Tel: 224.208.8537 | Email: info@rheacon.com                                               

Login

Not a member?

Sign Up

Rheacon-Systems-logo

PRIVACY POLICY FOR THE NEXUSCORE PLATFORM

Effective Date: May 15, 2026
Publisher: Rheacon Systems Legal Department

​

This Privacy Policy governs the technical, operational, and data architectural standards of the NexusCore enterprise software application ("Application" or "Software") developed and provided by Rheacon Systems. This Application operates strictly as an internal enterprise accounting and Human Resources (HR) platform deployment. It is not consumer-facing; all data parsed, verified, synchronized, and processed is handled solely in service of the internal business operations of the deploying enterprise organization acting as the data controller.

​

1. Third-Party Integration and Financial Data Architecture:

 

NexusCore integrates Plaid Link (Plaid Inc. - "Plaid") to establish automated, read-only bridges to designated corporate financial institutions. By deploying and initiating Plaid components within this corporate environment, the organization grants Plaid and NexusCore the authority to access, transmit, and format personal and business financial information. These procedures are categorized below based on technical implementation:

​

A. Bank Account Authentication and Validation Infrastructure (Plaid Auth Module)

  • Scope & Activation: The Software initializes Plaid Auth variables at Link Token generation to establish underlying connectivity structures for Automated Clearing House (ACH) and payment routing verification workflows.

  • Execution Limitations: The codebase does not actively invoke authentication-level backend retrieval routines (e.g., AuthGetAsync). No full routing or bank account numbers are read, exposed, or written to operational database streams.

  • Credential Isolation: Online banking usernames, passwords, security challenges, or multi-factor authentication (MFA) tokens are handled inside Plaid's secure webview framing. They never touch or traverse the Software's host environment.

 

B. Financial Transaction History Operations (Plaid Transactions Module)

  • Automated Synchronization: The Software utilizes an active synchronization routine (SyncTransactionsAsync) communicating with Plaid's API endpoints

      (TransactionsGetAsync) to query historical and ongoing financial events within designated windows.

  • Captured Metadata Variables: Records parsed and committed to local storage structures include transaction dates, transaction timestamps, raw payee/merchant descriptors, exact decimal amounts, automated personal finance classification categories, transactional processing status, and Plaid's unique TransactionId used as an unalterable deduplication reference key.

 

2. Scope of Internal Enterprise Data Collection:

 

NexusCore segregates operational data schemas inside the localized host framework to execute distinct corporate workflows:

  • Application Security Accounts: Usernames, encrypted authorization passwords, assigned access permission roles, systemic multi-factor authentication (MFA) flags, and specific workspace subscription access termination dates.

  • Accounts Receivable (AR) Records: Customer full legal designations, government identification numbers (e.g., driver's licenses or passports) and ID classifications, dates of birth, primary business addresses, billing vectors, contact numbers, Politically Exposed Persons (PEP) indicators, international sanction match flags, beneficial ownership schemas, and United States citizenship status logs.

  • Internal Corporate Payroll Structures: Employee first and last legal names, structural Social Security Numbers (SSN) or general Tax IDs, dates of birth, physical residence records, compensation structures, salary metrics, tax withholding elections, and unencrypted bank numbers/routing entries reserved exclusively for direct deposit distributions.

  • Accounts Payable (AP) and Vendor Registries: Vendor corporate entities, registration identifiers, designated corporate contacts, organizational phone/fax records, physical addresses, underlying entity Tax IDs, and destination banking credentials utilized to run accounts payable cycles.

 

Data Categories Explicitly Excluded from System Boundaries:

NexusCore does not parse, store, or accept transmission of primary debit/credit card account numbers (PAN), card authorization values (CVV), automated banking access passwords, biometric profiling footprints, or health-related insurance documentation.

 

3. Operational Purposes of Data Processing:

 

Data processing inside NexusCore is confined to internal corporate operations, fulfilling specific operational utilities:

  • Running Accounts Receivable/Payable pipelines, including invoicing, collections, and vendor payout executions.

  • Handling Human Resources payroll systems, calculating payroll liabilities, and executing direct deposit pathways.

  • Fulfilling statutory Know Your Customer (KYC), Anti-Money Laundering (AML), and regulatory corporate transparency mandates during onboarding processes.

  • Compiling, preparing, and structuring mandatory localized tax documentation (e.g., W-2, 1099 formats) for submittal to revenue tracking authorities.

 

4. Storage, Cryptographic Security, and Infrastructure Isolation:

 

NexusCore runs entirely under a decentralized client-side hosting architecture. All core accounting files, keys, profiles, and transactional metrics live locally on the host machine managed by the operator.

  • Cryptographic Double-Encryption Pipeline: Stored financial records, active access strings, and token definitions are sealed using AES-256-CBC encryption complemented by HMAC-SHA256 message authentication codes to prevent offline data modification.

  • Masking Implementations: Complete financial account identifiers are truncated. The system stores only the 4-digit token mask (plaidAccount.Mask) provided by the API wrapper.

  • Zero External Telemetry: The software features no built-in data harvesting engines, analytical trackers (e.g., Mixpanel), or background cloud reporting endpoints. Data files do not exit the deployment boundary, except for direct communication to Plaid's application interface.

 

5. Local Audit Trails and Session Tracking:

 

To satisfy strict regulatory financial accounting rules, the Software maintains automated system state tracking:

  • Unalterable Financial Audit Trails: Systems activities involving ledger changes generate a localized, time-stamped entry containing user account indicators and the targeted records.

  • Volatile Session Traps: User session validation and system access records run within ephemeral, in-memory buffers to maintain local application security states.

 

6. Compliance Framework Mapping:

 

The system's client-side isolation architecture supports compliance with dominant data regulations:

  • GLBA Compliance: Satisfies Safeguards Rule requirements via localized encryption and strict data minimization controls.

  • GDPR Readiness: Supports the "Right to be Forgotten" and geographic isolation boundaries by keeping all data operations entirely under the organization's local control.

  • CCPA/CPRA Alignment: Zero monetization pipelines or data sharing routines exist within the codebase to sell user or corporate data.

 

7. Storage Directories, Erasure Procedures, and Administrative Management:

 

All active accounting databases and operational logs are located within localized workspace directories:

  • Primary Workspace Path: %APPDATA%\NexusCore\

  • Backup Warehouse Path: C:\Users\<Username>\Documents\NexusCore\Backups\

 

To perform a total system erasure to comply with statutory data deletion orders, administrators must terminate active software sessions and run a recursive deletion script through administrative command utilities:

Remove-Item "$env:APPDATA\NexusCore" -Recurse -Force

Remove-Item "$env:USERPROFILE\Documents\NexusCore" -Recurse -Force

This action deletes all active tables (including users.json, companies.json, BankAccounts.enc, and the cryptographic audit_log.json), resetting the environment to a clean, blank slate.

 

8. Corporate Legal Contact Channels:

 

For structural legal inquiries, data protection compliance requests, or administrative auditing questions regarding the NexusCore software platform, direct all communications to the designated legal handler:

​

  • Department: Rheacon Systems Legal Department

  • Mailing Address: 1215 S Forums Ct Unit 2A, Wheeling, IL 60090

  • Contact Telephone: (224) 208-8537

  • Electronic Mail: legal@rheacon.com

bottom of page