Eight concrete questions to ask any automation vendor before signing a mandate. Designed so you can shop without a sales pitch — including if you decide not to work with NEXURA.
« Which cybersecurity and data-protection certifications does the person designing your system actually hold? »
Vague answers: "we take security seriously," "Law 25 compliance included." No certification names, no documents, no renewal dates.
Named certifications (CCIP, ISO/IEC 27032 Foundation, ISO/IEC 27001, CISSP, SOC 2…), with the holder identified by name and verifiable directly with the issuing body.
« Can you give me a price range before we book a call? »
Systematic refusal: "it depends on your needs, let's hop on a call." No magnitude, no range, no fixed offering on the site.
A public range (free assessment, fixed-fee review, tiered monthly retainers, project ranges). The prospect can form a view before investing 30 minutes on a video call.
« What does your Law 25 offering actually cover, and what does it not? »
"Consent banner + privacy policy = Law 25 compliant." Wrong. Law 25 also covers the incident register, data categorization, Privacy Impact Assessments (EFVP), designation of a Privacy Officer, and cross-border transfer obligations.
An explicit list: what's covered (consent, transparency, subprocessor contracts, IP hashing, secret segmentation, incident register…) and what isn't (and therefore stays with you or requires a separate engagement).
« If we stop working together in 18 months, what do I keep and what do I lose? »
Proprietary platform, access to your own CRM through an intermediary account, scripts that never leave the vendor's environment, exit fees. That's disguised lock-in.
Code, scripts, configurations, API accounts, credentials — all kept in your name. Exit documented to the same standard as onboarding. Bringing it back in-house is a planned-for path, not a fight.
« When a production failure hits, how does the partner diagnose it? »
Partner automates but has no infrastructure access. When something breaks, it's days of back-and-forth email, or a support ticket to a third party.
The option to host the automation layer directly with a server provider, with real-time access to logs, metrics, and deployments. Problems diagnosed in minutes, not days.
« Which operational signals do you watch differently depending on the month? »
A system calibrated to the annual average. One dashboard, one follow-up format, routing rules frozen 12 months a year.
An explicit understanding that movers don't face the same pressure as accountants, that roofers react to storms, that snow-removers sign their contracts before the first flake. The system bends to the demand curve.
« If I prefer to handle everything in writing, is that possible? »
"We absolutely need to talk on the phone to move forward." Calls often exist to avoid putting precise commitments in writing.
Written first — email, structured forms, shared documents. Calls happen when the substance warrants it, not as a gatekeeping step. Everything stays traceable.
« Do I have to switch my CRM, my host, or my stack to work with you? »
"We only work on HubSpot" or "you need to migrate to Microsoft 365." The partner is selling their favourite tool, not your solution.
Partner works around your existing stack — HubSpot, Salesforce, Pipedrive, Zoho, Notion, Airtable, Excel, Google Workspace, Microsoft 365. Migration is an option when justified, never a prerequisite.
Most evaluation grids published online are written to push toward one vendor. This one is neutral by construction. If another vendor passes all eight with a stronger answer than ours, choose them.