Last updated: Aug 8, 2025
Table of Contents
- Terms of Use
- Guiding Principles
- Roles & Responsibilities
- Profit Optics Privacy Statement
- NAW Member-Facing Privacy Notice
- Frequently Asked Questions
- Data Lifecycle Summary
- Contact Information
1. Terms of Use:
NAW Nucleus (the “service”) is available for use by users deemed eligible by NAW. By using the service, you acknowledge and agree to the terms of NAW’s Privacy Policy and Terms of Use, and the following added terms specific to Nucleus (nucleus.naw.org).
Artificial Intelligence Assistance: The service you are interacting with is an AI-powered system designed to provide assistance and information. Artificial intelligence is an evolving technology that is probabilistic in nature. It does not represent a human and may generate responses based on patterns and data that are not always accurate, reliable or relevant.
No Professional Advice: The service is not intended to, and does not, replace professional advice (e.g., medical, legal, financial, or other expert guidance). Any information provided by the service is for informational purposes only and should not be used by you as a substitute for professional judgment and advice.
Accuracy: While we strive to provide accurate and relevant information, the service may provide incorrect, outdated, false, or incomplete information. We do not guarantee the accuracy or reliability of any content or output generated by the service.
User Responsibility: You are solely responsible for any decisions or actions you take based on the information provided by the service. NAW is not responsible or liable for any damages, losses, or consequences that arise from the use of or reliance on any content or output generated by the service. You are prohibited from using the service for any illegal, harmful, or abusive activity; or using the service or any content generated by the service to develop models or services that compete with NAW.
Content Generation: The service generates content based on input provided by you. We are not responsible for your input or any content generated through use of the service, including content that may be offensive, inappropriate, harmful, incorrect, outdated, false or incomplete.
Changes to the Service: The service may be updated or modified at any time without prior notice. We are not liable for any interruptions, errors, or issues that may arise during the use of the service.
By continuing to use the service, you agree to these terms. If you do not agree, do not use the service.
2. Guiding Principles
| Principle | What It Means in Practice |
| Need-to-Know Access | Only the smallest possible slice of data is shared with any system or person. |
| Transparency | All parties know what data is collected, why it is collected, and how long it lives. |
| Member Control | Members can request to view, export, or delete their personal Q&A history at any time. NAW will respond within 3 business days. |
| Security by Design | Encryption, access controls, and monitoring are baked in from day one. |
| Continuous Improvement | We actively review logs, feedback, and emerging best-practices to keep raising the bar. |
3. Roles & Responsibilities
| Role | Primary Duties | Example Actions |
| NAW | Data owner and controller | Provides official research content, defines retention rules, approves feature changes, analyzes usage data. |
| ProfitOptics | Processor and platform operator | Runs infrastructure, monitors quality, resolves incidents, maintains documentation. |
| OpenAI | Sub-processor for language generation | Receives scoped snippets, stores them briefly (≤ 30 days) to prevent abuse. |
| NAW Members | End-users | Ask questions, review answers, manage their personal history. |
4. ProfitOptics Privacy Statement
4.1 Data We Handle
- Source material – NAW/MDM studies, benchmarks, white papers, event transcripts.
- User submissions – Free-text questions, optional feedback ratings (thumbs up/down).
- System outputs – Generated answers with inline citations.
- Operational records – Timestamps, anonymised user ID, document IDs consulted.
4.2 How We Use That Data
- Answer generation – We send only the relevant excerpts, organization context, and the member’s question to OpenAI’s API.
- Quality review – Our analysts sample Q&A pairs to check for accuracy, bias, or gaps.
- Usage analytics – Aggregated statistics (e.g., top topics, peak hours) help NAW fine-tune content strategy across the organization..
- Security monitoring – Automated alerts flag suspicious patterns (e.g., credential stuffing, scraping).
- Personalization – When generating answers, the system may use the provided organization context (industry and size) to improve the specificity and relevance of responses. This information is never used for marketing, is not shared outside authorized processors, and is protected under the same security standards as all other data handled by Nucleus.
4.3 Storage & Retention
| Item | Default Retention | Location | Purpose |
| Q&A history | 12 months (configurable) | ProfitOptics VPC (US) | Quality, member convenience |
| Audit logs | 18 months | Same VPC | Compliance, incident forensics |
| Backup snapshots | 30 days rolling | Encrypted object store | Disaster recovery |
| OpenAI transient data | Up to 30 days | OpenAI US data centers | Abuse detection only |
Members may request accelerated deletion through NAW at any time.
4.4 Access Controls
- Single Sign-On with NAW credentials plus multi-factor authentication.
- Role-based permissions (Member, Moderator, Admin).
- Quarterly access reviews and immediate revocation upon role change.
4.5 Incident Response
- 24×7 monitoring.
- Initial notification to NAW within 24 hours of confirmation.
- Root-cause analysis and remediation plan delivered within 5 business days.
5. NAW Member-Facing Privacy Notice
A clear, non-technical description of what happens when you use Nucleus.
5.1 What Nucleus Does
Nucleus lets you ask plain-English questions about NAW content. It quickly finds the best passages, sends those passages (but not the full library) to a trusted language service, and shows you a concise answer with links back to the original sources.
5.2 What We Collect
- Your question – so we can find the answer.
- Organization context – To personalize responses, Nucleus may include limited, non-identifying information about your organization with your inquiry, such as its general industry category and approximate size (e.g., small, mid-size, large). This data is not tied to an individual and is used solely to tailor the relevance and applicability of answers. It is treated as confidential and protected under the same security protocols applied to all other member data.
- The answer we generate – so you can read it later.
- Optional feedback – thumbs up or down help us improve.
5.3 Who Sees Your Data
- You – Your personal history is visible only to you.
- NAW Moderators – A small team checks random samples for accuracy and relevance.
- ProfitOptics Engineers – They maintain the platform and may review logs while fixing bugs.
- No Advertisers, No Data Brokers – We do not sell or share your data outside these roles.
5.4 How This Differs from Public ChatGPT
| Topic | Nucleus (API) | Public ChatGPT |
| Data retention by provider | ≤ 30 days | Indefinite (per current litigation hold) |
| Training usage | Never used to tune models | Opt-out required (and not always available) |
| Visibility | Only NAW ecosystem | OpenAI staff + any linked third-party plugins |
| Content focus | Your NAW/MDM library | General internet + user prompts |
5.5 Your Controls
- Delete one question – Click the trash-can icon next to it.
- Delete everything – Email [email protected]; we will confirm within seven days.
- Export your history – Click Settings → Export My Data for a zip file.
6. Frequently Asked Questions
| Question | Short Answer |
| Do you store my personal files? | No, only the official NAW/MDM documents and your typed questions. |
| Can my boss see what I ask? | Not unless your boss is an NAW Moderator with explicit privileges. |
| Are my questions used to advertise to me later? | Absolutely not. We do not run ads or transfer data to marketers. |
| Where are the servers located? | In a US-based virtual private cloud managed by ProfitOptics. |
| How secure is the system? | All traffic uses modern encryption, and third-party penetration tests are run annually. |
| Will my data ever leave the United States? | No. Data residency is US-only under current architecture. |
7. Data Lifecycle Summary
- Ask – Member submits a question via the secure Nucleus web app.
- Retrieve – System finds the most relevant NAW/MDM snippets.
- Generate – Snippets + question sent to OpenAI API; answer returned.
- Store – Q&A pair written to encrypted database; entry added to audit log.
- Review – Moderators periodically inspect samples.
- Expire – After 12 months (or sooner on request) the Q&A pair is purged and backups age out.
8. Contact Information
| Topic | Contact |
| General privacy queries | [email protected] |
| Data deletion or export | [email protected] |
| Security incidents | [email protected] |
| Platform feedback | [email protected] |
