CMG Nexus CMG Nexus

Privacy Policy

Privacy Policy

CMG Nexus is a multi-tenant commercial operations platform for ordering, field work, receivables, reporting, document handling and accounting-provider sync. This policy explains how we handle personal information in Australia and New Zealand.

Last updated 21 June 2026 Terms of Service

1. Scope

This policy applies to CMG Nexus websites, applications, portals, APIs, integrations, support channels and related services. Where a tenant uses CMG Nexus for its own staff, customers, drivers, buyers or suppliers, that tenant controls how its business data is used inside its workspace.

We aim to handle personal information consistently with the Privacy Act 1988 (Cth) and the Australian Privacy Principles where they apply.

2. Information we collect

Depending on the features used, CMG Nexus may collect or process:

  • account details such as name, email, phone number, role, tenant, login and authentication data;
  • business profile data such as company name, ABN/ACN, addresses, buyer contacts, accounts contacts and delivery locations;
  • customer, product, invoice, credit note, payment status, order, statement and catalogue metadata synced from an authorised accounting or commerce provider;
  • field activity data such as visit notes, KPI entries, route activity, location pings and device details where the tenant enables location features and the user grants or is required to provide access for the role;
  • support, message, upload and document data, including PDFs, photos, delivery evidence, PODs and operational records submitted by users;
  • security and audit data such as IP address, user agent, session identifiers, timestamps, action logs, provider responses and error logs.

Users should not upload unnecessary sensitive information. If sensitive information is included in an operational document, we process it only for the service purpose requested by the tenant.

3. How we use information

We use information to:

  • provide and secure the CMG Nexus platform;
  • authenticate users and enforce tenant roles, permissions and approval rules;
  • sync authorised accounting-provider data and maintain operational reporting views;
  • support orders, catalogues, field tasks, routes, KPI visits, receivables, statements and document workflows;
  • create audit trails for critical actions, including document export, sync, order submission, credit note and refund-related actions;
  • detect misuse, spam, fraud, unauthorised access and system abuse;
  • provide support, troubleshoot issues and improve reliability.

We do not sell personal information.

4. Accounting data boundary

CMG Nexus is an operational layer. A tenant's accounting platform remains the accounting source of truth. CMG Nexus reads, analyses and presents authorised data from connected providers and may create orders, draft quotes, draft invoices or authorised invoices only where the tenant has enabled that workflow and the acting user has permission.

Credit note, refund and write-back workflows are restricted to authorised users and are logged with user, time, tenant, entity and provider-response details where available. CMG Nexus does not make tax, accounting, legal or financial decisions for the tenant.

5. Sharing and disclosure

We may disclose information to:

  • tenant administrators and authorised workspace users according to configured permissions;
  • connected accounting, payment, mapping, communication, storage, document and infrastructure providers;
  • professional advisers, regulators or law enforcement where required by law;
  • service providers that help us host, monitor, secure, support and operate the platform.

Some providers may store or process information outside Australia. Where this occurs, we take reasonable steps to use appropriate contractual, technical and organisational controls.

6. Security and retention

We use reasonable technical and organisational safeguards, including role-based access, audit logging, provider token protection, backup controls and monitoring. No internet service can be guaranteed to be completely secure, so tenants must also manage their own user access, device security and internal approvals.

We retain operational records, audit logs and synced records for as long as needed to provide the service, meet legal or accounting record requirements, resolve disputes, protect the platform and support tenant audit obligations.

7. Access, correction and complaints

To request access to, correction of, or deletion of personal information held by CMG Nexus, contact us at privacy@cmgflow.com. If your information is controlled by a tenant workspace, we may need to refer the request to that tenant or work with them to respond.

If you have a privacy complaint, contact us first so we can investigate. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.