Privacy & Security

Account data such as name, email, phone number, role, and credentials (passwords are stored only as salted hashes, never in plain text).

Service data created by practitioners and patients, which may include appointments, prescriptions, reminders, messages, and uploaded documents or results.

Technical and usage data such as log information and device metadata used to operate, secure, and improve the Service.

To provide the Service — scheduling, messaging, reminders, record-keeping — and to deliver communications between practitioners and patients.

To secure the platform, prevent abuse, comply with legal obligations, and support and improve our features. We do not sell personal information.

Some information processed through the Service may relate to a person's health. Where a practitioner uses the Service to communicate with patients, the practitioner is generally the controller of that information and is responsible for the lawful basis and consents for its processing; we act as a processor/service provider on their behalf.

We handle such information only as needed to provide the Service and as instructed by the practitioner, consistent with applicable law.

We apply administrative, technical, and organizational safeguards designed to protect information, including encryption of data in transit (HTTPS/TLS), encrypted storage at our infrastructure providers, hashed passwords, role-based access controls that limit data to those who need it, and audit logging of sensitive actions.

We rely on reputable infrastructure and processing partners and review access on an ongoing basis. No method of transmission or storage, however, is perfectly secure (see disclaimer below).

We share information with service providers (sub-processors) that help us operate the Service — for example, hosting, database, messaging, and payment providers — under contractual confidentiality and security obligations, and only to the extent needed to perform their function.

We may disclose information when required by law, to protect rights and safety, or in connection with a business transfer, subject to appropriate protections.

We retain information for as long as needed to provide the Service and as required by the practitioner's record-keeping obligations and applicable law. On valid request and where no legal obligation requires retention, information may be deleted or de-identified.

Depending on your jurisdiction, you may have rights to access, correct, export, or delete certain personal information. Patients should generally direct such requests to their practitioner as the controller; we will support practitioners in fulfilling valid requests. You may contact us at legal@nouvos.one for privacy inquiries.

If we become aware of a security incident affecting personal information that we process, we will act promptly to investigate and mitigate it and will notify affected practitioners and, where applicable, authorities and individuals as required by law.

The Service may process and store information in countries other than your own. Where we transfer information across borders, we take steps intended to provide an appropriate level of protection consistent with applicable law.

While Nouvos Solutions LLC implements safeguards designed to protect information, no software, transmission, or storage system can be guaranteed to be completely secure. We cannot warrant that information will never be accessed, disclosed, altered, or destroyed by a breach of any of our safeguards, and we expressly disclaim any such guarantee to the maximum extent permitted by law. You are responsible for keeping your credentials confidential and for the security of the devices you use to access the Service.

For privacy or security questions, contact legal@nouvos.one.