Privacy Policy

Your privacy is our top priority

Next Move Technologies, Inc. builds Next Move™ for people facing life's hardest transitions. Protecting their data (and yours) is foundational to the work. This policy explains what we collect, why we collect it, how we use it, and the rights you have.

Last updated: April 5, 2026  ·  Effective: April 5, 2026

At a glance

  • We are Next Move Technologies, Inc., a Delaware C-Corporation headquartered in New York, NY.
  • We do not sell or rent personal information. Ever.
  • We do not share personal information with advertisers or data brokers.
  • End users of Next Move™ (incarcerated individuals, youth, veterans, survivors, and people in recovery) never pay and are never charged for access.
  • We collect the minimum data needed to run the service and evaluate its impact.
  • We apply heightened protections to data from sensitive populations and work to align with CCPA/CPRA, the NY SHIELD Act, COPPA, FERPA, 42 CFR Part 2, CJIS, GDPR, PIPEDA, and other frameworks as they apply to our deployments.
  • You can reach our privacy team any time at privacy@nextmove.one.

1. Who We Are and What This Policy Covers

Next Move Technologies, Inc. (referred to in this policy as "Next Move™," "we," "us," or "our") is a Delaware C-Corporation headquartered in New York, NY. We operate the Next Move™ decision training platform and the marketing website at nextmove.one.

This Privacy Policy applies to:

  • The Next Move™ marketing website at nextmove.one and any subdomains we operate
  • The Next Move™ decision training platform, whether delivered on correctional facility tablets, on community computers, or on personal devices
  • Communications we receive through our contact forms, demo request forms, email, and investor inquiries

Our institutional customers (Departments of Corrections, reentry agencies, alternative-to-incarceration programs, community supervision providers, and similar organizations) may also have their own privacy policies that apply to your use of a deployed program. Where a customer's policy provides stronger protections, those stronger protections apply.

2. Information We Collect

We collect different categories of information depending on how you interact with Next Move™.

a. Information you give us through the website.

  • Contact and demo request forms: name, email address, phone number (optional), organization, role, and any message you include.
  • Newsletter or investor updates: email address and, where you choose to provide it, name and organization.
  • Email you send us: the content of any message sent to an @nextmove.one address, plus any information you voluntarily include.

b. Information the website collects automatically.

  • Server logs: IP address, user agent, referrer, and timestamps, used for security, abuse prevention, and diagnosing errors.
  • Privacy-respecting analytics: aggregate visit data (page views, device type, approximate region) used to improve the site. We do not use advertising cookies or cross-site tracking pixels.

c. Information generated by people using the Next Move™ training platform.

  • Session and scenario data: which scenarios were started or completed, choices made inside branching scenarios, time on task, and completion rates. Where possible, this data is associated only with a randomized session identifier, not with a name or personal account.
  • Language and device data: the language selected (English, Spanish, French, or Haitian Creole) and basic device characteristics needed to render content correctly.
  • Program-assigned identifiers: where a deployment requires a roster (for example, a reentry program tracking participation for supervision compliance), the licensing organization may assign a participant ID. That ID is managed by the licensing organization, not by Next Move™.

d. Information we may receive from institutional partners.

  • Roster information provided by a licensing organization to enable program-level reporting, strictly under a written data processing agreement.
  • Aggregate evaluation data shared with or received from research partners (see Section 5).

We do not knowingly collect Social Security numbers, driver's license numbers, passport numbers, financial account numbers, biometric identifiers, precise geolocation, or full medical records through the website or the platform. If any deployment would require us to collect categories of information beyond what is described above, we will update this policy and notify affected users before that collection begins.

3. How We Use Information

We use the information we collect for a limited set of purposes:

  • Operate the platform. Deliver scenarios, remember language preference, render content on the device you are using, and keep the service running reliably.
  • Communicate with you. Respond to contact forms, demo requests, investor inquiries, and other messages you send us.
  • Improve content and design. Analyze aggregate and de-identified patterns to improve scenario accuracy, translations, accessibility, and usability.
  • Evaluate outcomes. Support research partnerships conducted under written data sharing agreements.
  • Security and integrity. Detect, investigate, and prevent security incidents, fraud, abuse, and misuse.
  • Legal compliance. Meet our obligations under applicable law and respond to lawful requests from government authorities.

We do not use personal information for advertising, ad targeting, or to build profiles about you for sale or disclosure to third parties.

4. Legal Bases for Processing (EU, UK, and Canada)

If you are located in the European Economic Area, United Kingdom, or Canada, we rely on the following lawful bases for processing your personal information:

  • Legitimate interests: operating and improving the platform, securing our systems, and responding to inquiries, balanced against your privacy rights.
  • Consent: where you provide it, for example when you opt in to a mailing list or a research study.
  • Contract: where processing is necessary to provide a service you or your organization has requested.
  • Legal obligation: where we must process information to comply with the law.

5. How We Share Information

We share information only in the limited circumstances listed below.

  • Service providers (processors). We use a small number of vendors to host the site and platform, send email, and perform privacy-respecting analytics. These providers process data only on our instructions under written agreements that require them to protect the data and use it only for the purposes we specify. Current categories include: cloud hosting (Amazon Web Services), email delivery, and aggregate analytics.
  • Licensing organizations. When a Department of Corrections, reentry agency, ATI program, or similar organization licenses Next Move™, we may share aggregate and de-identified engagement reports with that organization for their program management. We do not share individually identifying information with licensing organizations unless a written data sharing agreement specifically authorizes it.
  • Research partners. We may engage research partners to conduct independent evaluations of Next Move™ under written research partnerships. Data shared with research partners is limited to what is strictly necessary for the study and is handled under the study's approved protocol. We will update this policy to reflect any active research partnerships.
  • Legal and safety disclosures. We may disclose information if we reasonably believe disclosure is required by law (such as a subpoena, court order, or other legal process), necessary to enforce our terms, or necessary to protect the rights, property, or safety of any person. Where we are legally permitted, we will notify affected users.
  • Business transfers. If Next Move™ is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. Any successor will be bound by this policy or provide equivalent protection, and we will notify affected users.

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act as amended by the California Privacy Rights Act.

6. Data Retention

We keep personal information only as long as we need it for the purposes described in this policy, to comply with legal obligations, or to enforce our agreements. Our general retention targets are:

  • Contact and demo request messages: up to 24 months after our last substantive communication with you, then deleted or anonymized.
  • Email newsletter subscriptions: until you unsubscribe, plus a short retention period to honor your unsubscribe request.
  • Server logs: up to 90 days, then purged or aggregated.
  • Scenario and session data: retained in identifiable form only as long as needed to serve the deployment, after which it is aggregated or de-identified.
  • Research evaluation data: retained in accordance with the research protocol approved for that study.

Where a licensing organization or applicable law (including records retention laws that apply to corrections agencies) requires us to retain data for a longer period, we will retain that data only for the legally required time and only for the legally required purpose.

7. Data Security and Breach Notification

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, alteration, disclosure, or destruction, including:

  • HTTPS (TLS) encryption for all data in transit
  • Encryption at rest for data stored on Amazon Web Services
  • Role-based access controls, least-privilege access, and audit logging for internal systems
  • Multi-factor authentication for administrative accounts
  • Regular security reviews, dependency updates, and vulnerability assessments
  • Alignment with the FBI CJIS Security Policy for deployments that touch criminal justice information systems
  • Alignment with the reasonable safeguards requirements of the New York SHIELD Act

No system is completely secure. If we experience a data breach involving personal information, we will notify affected individuals and regulators as required by applicable law, including the New York SHIELD Act breach notification requirements. If you believe your information has been compromised, please email privacy@nextmove.one immediately.

8. Special Notice for People Using Next Move™ Inside a Correctional Facility

If you are using Next Move™ on a tablet or computer provided inside a jail, prison, or detention facility, important limits apply to your privacy:

  • Facility staff and the facility's tablet provider may, under policies set by the facility, monitor, record, audit, or restrict content accessed on facility-provided devices. Those policies are set by the facility, not by Next Move™.
  • Information you enter into scenarios, including choices you make and notes you record, may be visible to facility staff as part of the facility's tablet monitoring program.
  • Using Next Move™ does not create an attorney-client relationship, a confidential counseling relationship, or a protected medical record. Next Move™ is educational decision training, not legal advice, medical care, or mental health treatment.
  • Where Next Move™ is used as part of an education program that receives federal funding, records we create may be subject to the Family Educational Rights and Privacy Act (FERPA). Those rights are defined by FERPA, not by this policy.

Next Move™ collects the minimum information needed to operate the training and report program-level outcomes to the facility or agency that licensed the platform. We do not share your individual choices with facility staff unless a written data sharing agreement specifically requires it for the program you are enrolled in.

9. Special Notice for Domestic Violence Survivors

We recognize that survivors of domestic violence, sexual assault, stalking, and human trafficking face safety risks when personal information is shared or stored improperly. If you are a survivor, the following protections apply:

  • We will not require or request your home address as a condition of using Next Move™.
  • We acknowledge state Address Confidentiality Programs (ACPs). If you participate in a state ACP and you need to provide a mailing address to us or to a licensing organization, you may use your substitute ACP address.
  • If you reach out to us about safety concerns, we will not share your contact information with anyone outside Next Move™ without your specific written permission, except where we are legally required to do so.
  • If you ever need us to delete a message you sent us or a record of your interaction with the service for safety reasons, email privacy@nextmove.one and we will prioritize that request.

10. Minors and Foster Youth

Next Move™ is designed for adults navigating high-stakes life transitions. Our active and planned modules are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information in accordance with the Children's Online Privacy Protection Act (COPPA).

A future Next Move™ module will serve young people aging out of foster care. Most users in that cohort are between 17 and 21, but some may be under 18. For any deployment that reaches users under 18, we will:

  • Apply the stronger of federal COPPA rules, applicable state children's privacy laws, and the California Age-Appropriate Design Code where it applies.
  • Offer high-privacy default settings and avoid profiling of minors for purposes unrelated to the program.
  • Honor the confidentiality requirements in state child welfare records laws and, where applicable, FERPA.
  • Recognize that once a youth reaches the age of majority, rights over their records transfer to them.

If you are a parent, legal guardian, caseworker, or youth and you have a question about how Next Move™ handles data from young people, email privacy@nextmove.one.

11. Health, Mental Health, and Recovery Information

Next Move™ is educational decision training. It is not a healthcare service, a medical record, or clinical treatment. Scenarios may cover topics like recovery, mental health, and trauma because those topics are part of real life transitions, but your interactions with those scenarios are not a treatment record and are not covered by HIPAA unless a specific deployment meets the conditions that make us a HIPAA Business Associate.

If we deliver a substance use recovery module through a program that is federally assisted within the meaning of 42 CFR Part 2, we will comply with the heightened confidentiality requirements of Part 2, including the revised consent, disclosure, and accounting requirements that took effect in 2026. In those cases, a separate Part 2 Notice of Privacy Practices will be provided alongside this policy.

12. Cookies, Analytics, and Tracking

The nextmove.one website uses only the cookies and similar technologies that are necessary to operate the site, plus a privacy-respecting analytics tool to help us understand how the site is used in aggregate. We do not use cookies for cross-site behavioral advertising, and we do not use advertising pixels from third parties such as ad networks.

We honor the Global Privacy Control (GPC) signal as an opt-out of sale and sharing under the CCPA/CPRA and any state law that recognizes it. You can also set your browser to refuse cookies or to alert you when cookies are being set.

13. Video Content

If a scenario includes video content and we collect information about which videos you view, we will obtain any consent required under the Video Privacy Protection Act (VPPA) and similar state laws before disclosing viewing information to third parties. We will not bundle VPPA consent with consent to use the service.

14. Your Privacy Rights

Depending on where you live, you may have some or all of the rights described below.

a. California residents (CCPA and CPRA). You have the right to:

  • Know what categories and specific pieces of personal information we have collected about you
  • Know the business or commercial purposes for collection, the categories of sources, and the categories of third parties with whom we share information
  • Delete personal information we have collected about you, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share, but you retain this right)
  • Limit the use and disclosure of sensitive personal information
  • Be free from retaliation for exercising your privacy rights

California residents can also designate an authorized agent to make a request on their behalf. We will verify agent authority before responding.

b. Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, New Jersey, and other states with comprehensive privacy laws. You have rights that include access, correction, deletion, data portability, and opt out of targeted advertising, the sale of personal data, and certain profiling. We will respond to verified requests within the timeframes set by your state's law.

c. New York residents (SHIELD Act). We maintain reasonable administrative, technical, and physical safeguards for private information of New York residents, and we will notify you of any data breach in accordance with New York law.

d. EU, UK, and Canadian residents (GDPR, UK GDPR, PIPEDA, Quebec Law 25). You have rights to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your supervisory authority. Where we rely on consent, you may withdraw that consent at any time.

e. How to exercise your rights. Send a request to privacy@nextmove.one. We will respond within the time period required by applicable law. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising any privacy right.

15. International Users

Next Move™ is based in the United States, and the information we collect is processed on infrastructure located in the United States. If you access Next Move™ from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States. Where required by law, we rely on appropriate safeguards (including Standard Contractual Clauses) for international transfers of personal data.

16. Third-Party Links

Our website may contain links to third-party websites that are not operated by Next Move™. This policy does not apply to those sites. We encourage you to read the privacy policies of any third-party site you visit.

17. Changes to This Policy

We may update this Privacy Policy as our platform evolves, as new modules launch, and as privacy law changes. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, post a prominent notice on the site or notify you by email. Your continued use of the platform after an update constitutes your acceptance of the updated policy.

18. Contact Us

If you have questions, concerns, or requests about this policy or your personal information, please contact us.

If you are not satisfied with our response, you may contact your state attorney general, the California Privacy Protection Agency, your EU or UK supervisory authority, or the Office of the Privacy Commissioner of Canada, as applicable.

Notice About This Document

This Privacy Policy was prepared as a research-backed working draft pending review by legal counsel. It reflects the privacy frameworks we expect to apply as Next Move™ expands across all 50 states and launches additional modules for veterans, foster youth, domestic violence recovery, substance use recovery, and court navigation. Certain provisions will be refined once counsel completes a formal review and once specific deployments trigger specific frameworks (for example, 42 CFR Part 2 for a federally assisted substance use recovery deployment, FERPA for a prison education program, CJIS for a direct criminal justice information systems integration, or GDPR for an EU-facing deployment). Nothing in this policy creates a contract, a warranty, or a legal representation on which any reader should rely in lieu of advice from their own counsel.

Next Move Technologies, Inc. is a Delaware C-Corporation. Next Move™ is a trademark of Next Move Technologies, Inc. (USPTO filing pending.) This Privacy Policy is effective as of April 5, 2026.