Privacy Policy

1. Introduction

NurseOS ("we," "our," or "us") is committed to protecting the privacy and security of all individuals whose personal and health data we process. This Privacy Policy describes how NurseOS collects, uses, discloses, and safeguards your information when you use our platform, including our web application, mobile application, and related services (collectively, the "Service"). This policy applies to all users of the Service, including nurses, healthcare facility administrators, patients, and other healthcare professionals.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you register on the platform, including your full name, email address, phone number, professional license number, country, state of origin, and other identifying information necessary for account creation and verification.

2.2 Health and Clinical Data

As a healthcare platform, we process clinical and health-related data including patient demographics, vital signs, medical records, nursing assessments, care plans, medication orders, laboratory results, and clinical notes. This data is entered by authorized healthcare professionals as part of routine clinical documentation and care delivery.

2.3 Professional Data

We collect professional information including nursing credentials, certifications, competencies, continuing professional development (CPD) records, and employment history through our NurseID module. This information supports credential verification and professional portfolio management.

2.4 Usage and Technical Data

We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, device identifiers, pages visited, time spent on pages, and links clicked. We also collect data about your interactions with AI-powered features, including queries submitted and suggestions accepted or rejected.

3. How We Use Your Information

We use the information we collect for the following purposes: providing and maintaining the Service, including clinical documentation, referral management, analytics, and educational features; verifying professional credentials and identity; facilitating secure communication between healthcare professionals; generating AI-powered clinical decision support and smart charting; analyzing platform usage to improve our services and develop new features; complying with legal obligations and regulatory requirements; sending you important notifications about your account, subscription, and security updates; and providing customer support and responding to your inquiries.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances: with other authorized users within your healthcare facility who have appropriate access permissions; with receiving facilities when you initiate a patient referral through the CareGrid module; with professional verification bodies when you request credential verification; with service providers who perform services on our behalf, subject to strict data protection agreements; when required by law, regulation, or legal process; and in connection with a merger, acquisition, or sale of assets, with appropriate protections for your data.

All data sharing is governed by role-based access controls and the principle of minimum necessary access. Healthcare professionals only access patient data for patients under their direct care.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Clinical and health data is retained in accordance with applicable healthcare records retention laws and regulations, which may require retention for periods of up to 10 years or more depending on the jurisdiction. When you request account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law. De-identified and aggregated data may be retained indefinitely for research and analytics purposes.

6. Patient Rights

Patients (or their authorized representatives) have the right to: access their health records maintained on the platform; request corrections to inaccurate or incomplete health information; request restrictions on certain uses and disclosures of their health information; receive an accounting of disclosures of their health information; request that their data be deleted, subject to legal retention requirements; and be informed of any data breach that affects their personal health information. To exercise these rights, patients should contact their healthcare facility or reach out to us directly through the contact information provided below.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption at rest and in transit (AES-256 and TLS 1.3), role-based access controls, multi-factor authentication, regular security audits and penetration testing, and continuous monitoring for unauthorized access. Despite our best efforts, no method of electronic transmission or storage is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.

8. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: