NNEXUS
Sign InHome
Back to Home

Privacy Policy

Effective Date: March 2026

Important Notice

Nexus is an educational platform and is NOT a covered entity under HIPAA. Do not enter real patient data or protected health information. All clinical scenarios and data are for educational purposes only.

1. Introduction

Nexus ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our platform, including our website and mobile applications.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

Account Information

When you create an account, we collect your email address, password (hashed), professional role, and license information for authentication and service delivery.

Usage Analytics

We collect information about how you interact with Nexus, including:

  • Features accessed (drug reference, calculators, exam prep)
  • Search queries and diagnostic tool usage
  • Study progress and exam performance
  • Device type, browser type, and IP address

Preferences & Settings

We store your display preferences, theme settings, and notification preferences through browser localStorage and our database.

Payment Information

We do not store credit card information directly. Payment processing is handled by Stripe, and we only receive transaction confirmation and subscription status.

3. How We Use Your Information

We use collected information for:

  • Providing, maintaining, and improving our Services
  • Processing subscriptions and managing your account
  • Personalizing your experience and learning recommendations
  • Analyzing usage patterns to optimize features
  • Communicating with you about service updates and security
  • Complying with legal obligations

4. Data Storage & Security

Encryption

All data transmitted between your device and Nexus is encrypted in transit using TLS 1.3. Data stored in our Supabase database is encrypted at rest using AES-256 encryption.

Local Storage

User preferences, display settings, and local draft data are stored in your browser's localStorage. This data remains on your device and is not transmitted to our servers unless explicitly saved.

Server Infrastructure

Nexus uses Supabase for authentication, database storage, and real-time services. Supabase maintains SOC 2 Type II compliance and follows industry-standard security practices.

5. Third-Party Services

Nexus integrates with the following third-party services:

Supabase (Authentication & Database)

Supabase handles user authentication, session management, and data persistence. Your account credentials are managed by Supabase's secure authentication system.

Stripe (Payment Processing)

Stripe processes all subscription payments. We do not store your payment card information. Stripe complies with PCI DSS standards.

Anthropic (AI Services)

Nexus uses Anthropic's Claude API for AI-powered clinical support features. Your prompts and interactions with AI features are transmitted to Anthropic's servers for processing. Please review Anthropic's privacy policy at anthropic.com/privacy.

Each third-party service maintains its own privacy policy. We encourage you to review them independently.

6. HIPAA Disclaimer

Nexus is NOT a HIPAA-covered entity and does not comply with HIPAA regulations.

Do not use Nexus to store, process, or transmit Protected Health Information (PHI) or any real patient data. This platform is designed exclusively for educational purposes.

Healthcare professionals should use HIPAA-compliant platforms and Electronic Health Records (EHR) systems for patient data. Nexus is a learning and reference tool, not a clinical information system.

7. Data Retention

We retain your account information and usage data for as long as your account is active or as needed to provide Services.

  • Active Accounts: All data is retained during your subscription
  • Inactive Accounts: After 12 months of inactivity, we may delete your account and associated data
  • Aggregated Data: We retain aggregated analytics and usage patterns indefinitely

8. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we update or correct inaccurate information
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Opt-out: Opt out of certain data uses and marketing communications

To exercise any of these rights, contact us at support@nexus.health.

9. Children's Privacy

Nexus is intended for healthcare professionals and students aged 18 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information and terminate the child's account.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@nexus.health

Privacy Policy Updates: We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Effective Date" above and posting the updated policy on this page.