Back to Home

Privacy Policy

Last Updated: March 13, 2026

1. Introduction

NIRVAAAN ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare platform.

2. Information We Collect

2.1 Personal Information

  • Name, email address, phone number
  • Date of birth, gender
  • Profile photo (optional)
  • Wallet address (for Web3 features)

2.2 Medical Information

  • Symptoms and health concerns you report
  • Medical history and records you upload
  • Prescriptions and diagnoses from healthcare providers
  • Vital signs (heart rate, blood pressure, etc.)
  • AI-generated health analysis and recommendations

2.3 Usage Information

  • Device information (IP address, browser type, operating system)
  • Log data (access times, pages viewed, actions taken)
  • Voice recordings (when using voice input feature)
  • Transaction history (appointments, payments)

3. How We Use Your Information

  • Provide AI-powered symptom analysis and health recommendations
  • Connect you with healthcare providers
  • Process appointments and payments
  • Maintain your medical records securely
  • Send notifications about appointments and prescriptions
  • Improve our AI models and platform features
  • Comply with legal obligations
  • Prevent fraud and ensure platform security

4. HIPAA Compliance

NIRVAAAN is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) for protecting your Protected Health Information (PHI).

  • All PHI is encrypted in transit and at rest
  • Access to PHI is restricted to authorized personnel only
  • We maintain audit logs of all PHI access
  • Business Associate Agreements (BAAs) are in place with third-party services
  • Regular security assessments and updates are performed

5. Data Sharing and Disclosure

We share your information with:

  • Healthcare Providers: Doctors you consult with on the platform
  • Service Providers: Supabase (database), OpenAI (AI analysis), payment processors
  • Legal Requirements: When required by law or to protect rights and safety

We do NOT:

  • Sell your personal or medical information to third parties
  • Share your data for marketing purposes without consent
  • Use your medical data to train AI models without anonymization

6. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA) support
  • Regular security audits and penetration testing
  • Row-level security (RLS) in our database
  • Zero-knowledge proofs for blockchain transactions

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal and medical data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Export your data in a machine-readable format
  • Opt-out: Disable notifications and data sharing preferences
  • Revoke Consent: Withdraw consent for data processing at any time

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and maintain session security. You can control cookie preferences through your browser settings.

9. Third-Party Services

Our platform integrates with:

  • Supabase: Database and authentication (HIPAA-compliant configuration)
  • OpenAI: AI-powered symptom analysis (data anonymized)
  • Vercel: Hosting and deployment
  • Web3 Wallets: MetaMask, WalletConnect (decentralized, user-controlled)

10. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Medical records are retained for 7 years as required by law. You may request earlier deletion subject to legal and regulatory requirements.

11. Children's Privacy

NIRVAAAN is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us.

12. International Users

If you access NIRVAAAN from outside the United States, your information may be transferred to and processed in the U.S. By using the platform, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. Your continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@nirvaaan.app
Data Protection Officer: dpo@nirvaaan.app
Address: [Your Company Address]