Privacy Policy

Effective Date: October 14, 2025

1. Introduction

Welcome to Nexus Health, a precision wellness company dedicated to empowering health through AI-driven clinical insights. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use the Nexus Health Customer Portal ("Portal"), hosted at portal.nexushealth.me.

By using the Portal, you consent to the practices described in this Privacy Policy.

2. Who We Are

Nexus Health, Inc. ("Nexus Health", "we", "our", or "us") operates a suite of clinical intelligence systems, including:

  • BaselineONE™ – clinician workflows, reporting, QA, and onboarding.
  • BioMatrix™ – AI-based health interpretation and supplement protocol generation.
  • CSE™ (Couples Simulation Engine) – relationship-based health modeling for partners and family optimization.

Each system is built with HIPAA-grade encryption, pseudonymized data layers, and clinically governed AI logic for health optimization.

3. Information We Collect

We collect the following categories of information through the Portal:

a. Personal Information

  • Name, date of birth, email address, contact details.
  • Clinician or partner account identifiers (if applicable).

b. Health & Clinical Data

  • Uploaded lab reports (blood, DNA, or functional panels).
  • Health intake forms, questionnaires, and session notes.
  • Generated clinical insights, recommendations, and AI-based reports (e.g., BioMatrix™ outputs).

c. Technical & Usage Data

  • Device and browser metadata (IP address, operating system, device type).
  • Login activity, usage metrics, and session duration.
  • Cookies or tokens used for authentication and session security.

d. Support & Communication Data

  • Messages submitted through customer support or clinician chat.
  • Service requests, bug reports, or feedback logs.

4. How We Use Your Information

Your data is used solely for clinical, operational, and service improvement purposes, including:

  • Generating personalized health analyses via BioMatrix™ and BaselineONE™.
  • Supporting clinician-patient collaboration and care management.
  • Improving AI accuracy, interpretive models, and user experience.
  • Ensuring compliance with applicable medical, data protection, and audit standards.
  • Communicating essential updates, system notices, or clinical advisories.

5. Data Protection & Security

Nexus Health employs enterprise-grade security measures, including:

  • AES-256 encryption (in transit and at rest).
  • Pseudonymized session identifiers (e.g., NH-[Client]-[Date]-[Code]).
  • Multi-factor authentication for clinician access.
  • Automated anomaly detection, intrusion monitoring, and QA-layer verification.
  • HIPAA, GDPR, and SOC 2–aligned data management protocols.

No raw personal identifiers (name, address, email) are ever embedded in analytic AI reasoning or outputs.

6. Data Storage & Retention

  • Data is stored on encrypted, U.S.-based cloud infrastructure.
  • Clinical reports are retained for 7 years in compliance with healthcare data retention standards.
  • You may request deletion of your data at any time, except where retention is required by law or ongoing clinical obligations.

7. Data Sharing & Disclosure

We do not sell or lease your information. Data is shared only in the following situations:

  • With your authorized clinician or health provider for care delivery.
  • With service partners (e.g., secure hosting, analytics) under strict Business Associate Agreements (BAAs).
  • As required by law (e.g., court orders, HIPAA compliance audits).

All third-party vendors are vetted for HIPAA and GDPR compliance.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access or obtain a copy of your data.
  • Request correction or deletion of inaccurate data.
  • Withdraw consent to processing.
  • Request data portability (for export to another provider).
  • File a complaint with your local data protection authority.

You may exercise these rights by emailing privacy@nexushealth.me.

9. Cookies & Tracking

The Portal uses minimal cookies strictly necessary for secure operation and user authentication. No third-party advertising or behavioral tracking cookies are used.

Cookies used:

  • session_id – authentication token.
  • user_pref – saves interface preferences (light/dark mode).
  • csrf_token – prevents cross-site request forgery attacks.

10. Children's Privacy

The Portal is intended for users 18 years or older. We do not knowingly collect data from minors without verified guardian consent and clinician oversight.

11. International Data Transfers

If you are accessing the Portal from outside the United States, your data may be transferred to and processed on U.S. servers. We maintain Standard Contractual Clauses (SCCs) to ensure GDPR-compliant transfers.

12. Changes to This Policy

We may update this Privacy Policy periodically. Any updates will be posted on this page with an updated "Effective Date." Significant changes will be communicated via email or system notifications.

13. Contact Us

For privacy concerns, data access requests, or compliance inquiries:

Nexus Health Privacy Office

Email: privacy@nexushealth.me

14. Summary of Core Commitments

  • HIPAA-compliant encryption and pseudonymization.
  • No sale or misuse of personal or health data.
  • Transparent AI operation aligned with clinical ethics.
  • Full user control over consent, access, and data retention.
  • Continuous QA and privacy monitoring by BaselineONE™ compliance layer.

Last updated: October 14, 2025