Trusted & Secure

Privacy Policy (B2B Users)

How we handle your organization's data with integrity.

Effective Date: April 1, 2026

This Privacy Policy describes how Novaq ("Novaq", "we", "us", or "our") collects, uses, stores, shares, and protects information when business, enterprise, institutional, healthcare, and professional users ("B2B Users", "Organizations", "you") access or use Novaq's services, platforms, applications, APIs, dashboards, and related offerings (collectively, the "Services").

Privacy First

Novaq is designed with a privacy-first and local-first architecture, prioritizing user control, data minimization, and transparency.

Note: This policy applies only to B2B usage of Novaq. If you are an individual consumer or end user, a separate Consumer Privacy Policy applies.

1.Introduction

We allow Organizations to access or use Novaq's services. This policy details our data practices for such B2B usage.

2.Definitions

  • Organization: Any company, hospital, clinic, caregiver agency, insurer, or professional entity using Novaq.
  • Authorized Users: Employees, contractors, clinicians, caregivers, or representatives authorized by an Organization to access Novaq.
  • Customer Data: All data submitted to or generated within Novaq by or on behalf of an Organization.
  • Personal Data: Any information that identifies or relates to an identifiable individual, as defined under applicable privacy laws.
  • Processing: Any operation performed on data, including collection, storage, analysis, transmission, or deletion.

3.Information We Collect

3.1 Information Provided by Organizations

We collect information voluntarily provided, including:

  • Organization name, address, and contact details
  • Administrator and Authorized User names, emails, phone numbers
  • Account credentials and access permissions
  • Billing, subscription, and transaction information
  • Configuration settings and usage preferences

3.2 Customer Data Submitted Through the Services

Depending on use, Customer Data may include:

  • Health Data: Vitals, activity metrics, care notes
  • Communication: Messages, calls metadata, dashboards
  • Documents: Uploaded for storage, analysis, or AI assistance
  • Coordination: Scheduling, task, and care coordination data

Novaq processes this data strictly on behalf of the Organization.

3.3 Automatically Collected Data

  • Device type, operating system, and app version
  • IP address, region, and time zone
  • Usage logs, performance metrics, and error reports
  • Vercel Analytics data (anonymized page views and website performance metrics)
  • Device fingerprint data (screen resolution, timezone, hardware info) for secure device verification

Used only for security, reliability, and service improvement.

4.How We Use Information

Novaq uses information solely to:

  • Provide, operate, and maintain the Services
  • Enable secure collaboration between Authorized Users
  • Support health, care, and operational workflows
  • Provide AI-assisted features when enabled by the Organization
  • Improve system performance, reliability, and usability
  • Comply with legal, regulatory, and contractual obligations

We do not sell, rent, or monetize Customer Data.

5.AI & Automated Processing

5.1 AI Usage Principles

  • AI processing is purpose-limited
  • AI operates only on data explicitly provided or approved
  • AI outputs do not replace professional or medical judgment
  • AI models do not train on Customer Data by default

5.2 Offline & Local Processing

  • Certain AI and automation features run locally on-device where supported
  • Offline commands and basic intelligence do not transmit data externally

6.Data Ownership

Organizations retain full ownership of their Customer Data.

  • Novaq acts strictly as a data processor, not a data controller.
  • Authorized Users access data only as permitted by the Organization.

7.Data Sharing & Disclosure

Novaq shares data only in the following cases:

7.1 With Service Providers

Trusted vendors may process limited data for cloud infrastructure, security monitoring, payment processing, or customer support.

All vendors are bound by strict confidentiality and data protection agreements.

7.2 Legal & Regulatory Requirements

We may disclose data if required to comply with laws, court orders, prevent fraud, or protect safety.

7.3 Business Transfers

In the event of a merger, acquisition, or restructuring, data may be transferred subject to continued privacy protections.

8.Data Security

Novaq implements industry-standard security measures, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Audit logs and monitoring
  • Secure authentication mechanisms

Regular security testing and updates are performed.

No system is 100% secure, but we continuously work to protect your data.

9.Data Retention

Data is retained only as long as necessary to provide the Services.

Retention periods are configurable by the Organization.

Upon contract termination, data is deleted or returned upon request, subject to legal obligations.

10.International Data Transfers

If data is transferred across borders:

  • We use appropriate safeguards such as standard contractual clauses.
  • We comply with applicable data transfer laws and regulations.

11.Compliance

Novaq is designed to support compliance with:

  • GDPR
  • HIPAA (where applicable)
  • Pan-Canadian Interoperability Standards (Connected Care for Canadians Act)
  • Local data protection regulations

Organizations remain responsible for their own regulatory compliance.

12.Rights of Organizations & Users

Depending on jurisdiction, you may have rights to:

  • Access — Request a copy of data we process
  • Correct — Update inaccurate information
  • Delete — Request data deletion
  • Restrict — Limit processing of your data

Requests should be directed to your Organization's administrator or Novaq support.

13.Age Restriction

MINORS ARE STRICTLY PROHIBITED

All Authorized Users of Novaq's B2B Services must be at least 18 years of age. There is no parental or guardian consent option. If we discover that an Authorized User is under 18, their access will be terminated immediately and all associated data deleted.

14.Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or directly to Organizations.

15.Contact Us

For privacy-related questions or requests:

Novaq Privacy Team

novaq.app@outlook.com

novq.app

16.Governing Law

This Privacy Policy is governed by the laws applicable in the jurisdiction specified in your Organization's agreement with Novaq.