1. About This Policy
Nuvilo ("Nuvilo," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Nuvilo mobile application and website (collectively, the "Service").
Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.
This policy applies to users in the United States, United Kingdom, and Canada, and is designed to comply with applicable privacy laws including the California Consumer Privacy Act (CCPA), the UK General Data Protection Regulation (UK GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Quebec's Law 25.
2. Information We Collect
2.1 Information You Provide Directly
- Account registration details (name, email address, password)
- Profile information you choose to add
- Support and feedback submissions
- Communications with our team
2.2 Information Collected Automatically
- Device identifiers (device ID, advertising ID)
- Operating system and app version
- IP address and general geographic region (country/state level)
- App usage data (screens viewed, features used, session duration)
- Crash logs and diagnostic data
- Search queries made within the app (facility searches)
2.3 Location Information
See Section 3 for full details on location data collection.
3. Location Permissions
The Nuvilo app requires access to your device's location to provide its core functionality, identifying healthcare facilities near you and generating navigation directions.
3.1 Foreground Location
When you have the app open and actively use it, we access your precise GPS location to display nearby facilities on the map and calculate distances. This location data is transmitted to our servers solely to fulfil the search request and is not stored beyond the duration of the session.
3.2 Background Location
Nuvilo does not request or use background location access. Location is only accessed when you have the app open in the foreground.
3.3 Revoking Location Permissions
You may revoke location permissions at any time via your device Settings. Without location permission, the app will still function in limited mode, you can search facilities manually by entering an address, but the real-time proximity features will be unavailable.
3.4 Location Data Storage
Your precise location coordinates are never stored on our servers. Only a general area (city/postcode level) may be logged for aggregate analytics to understand which regions use the app, and this data is never linked to an individual user.
4. How We Use Your Data
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service
- To personalise your in-app experience (e.g., saved facilities, recent searches)
- To send transactional communications (account confirmation, support replies)
- To send optional product update notifications (you may opt out at any time)
- To analyse aggregate usage trends and improve app features
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To respond to your enquiries and support requests
We do not sell your personal data. We do not use your data to build advertising profiles or serve targeted advertisements.
5. Analytics
We use analytics tools to understand how users interact with Nuvilo in aggregate. Analytics data is anonymised and cannot be linked back to individual users. The purposes of analytics include:
- Understanding which features are most used to guide product development
- Identifying performance bottlenecks and crash patterns
- Measuring the effectiveness of new features and updates
- Understanding geographic usage distribution at a country/region level
You may opt out of analytics data collection within the app settings under Privacy → Analytics.
6. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies. The following categories of cookies are used:
- Strictly Necessary Cookies: Required for the website to function (e.g., session management, security tokens). These cannot be disabled.
- Analytics Cookies: Help us understand site traffic and user journeys. Disabled by default; enabled only with your explicit consent.
- Preference Cookies: Remember your choices (e.g., language, cookie consent settings).
You can manage your cookie preferences at any time by clicking "Cookie Settings" in the website footer. Withdrawing consent will not affect the lawfulness of processing prior to withdrawal.
The Nuvilo mobile application does not use browser cookies. Device identifiers serve a similar session management function within the app.
7. Third-Party Services
We work with a limited number of trusted third-party service providers to operate the Service. These providers are contractually bound to process your data only as directed by us and in accordance with this policy.
- Mapping & Navigation: We integrate with mapping providers to render maps and route guidance. These providers receive your location to generate routes and are bound by their own privacy policies.
- Cloud Infrastructure: Our servers are hosted on enterprise-grade cloud platforms with SOC 2 Type II certification.
- Crash Reporting: We use a third-party crash reporting service that captures anonymised diagnostic logs when the app crashes.
- Customer Support: We use a support ticketing platform to manage user enquiries. Your email and message content are processed by this provider.
We do not share your data with advertising networks, data brokers, or any third party for commercial gain.
8. Data Storage & Security
Your data is stored on servers located in the United States. For users in the UK and Canada, data may be transferred to the US subject to appropriate safeguards (Standard Contractual Clauses for UK users; equivalent protections under PIPEDA for Canadian users).
We implement technical and organisational security measures appropriate to the risk, including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls limiting employee data access
- Regular penetration testing and vulnerability assessments
- Multi-factor authentication for all staff accessing production systems
No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law.
- Account data: Retained while your account is active and for 90 days following deletion.
- Support communications: Retained for 3 years for legal and quality assurance purposes.
- Anonymised analytics data: Retained indefinitely in aggregate, non-identifiable form.
- Location data: Not stored on our servers beyond the active session.
You may request deletion of your data at any time. See Section 10 for your rights.
10. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal obligations.
- Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances.
- Right to Data Portability: Request your data in a structured, machine-readable format.
- Right to Object: Object to processing based on our legitimate interests.
- Right to Opt Out of Sale (CCPA): We do not sell personal data, so this right is automatically honoured.
- Right to Lodge a Complaint: You may complain to your supervisory authority (e.g., ICO in the UK, OPC in Canada, your state AG in the US).
To exercise any of these rights, contact us at hello@nuvilo.cloud. We will respond within 30 days (or sooner as required by law).
11. Children's Privacy
Nuvilo is not directed at children under the age of 13 (or 16 in the UK/EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@nuvilo.cloud and we will take prompt action to delete such data.
12. International Users
Nuvilo is operated from the United States. If you access our Service from outside the US, your information will be transferred to, stored, and processed in the US. By using the Service, you consent to this transfer. We implement appropriate safeguards to ensure your data receives a level of protection consistent with the laws of your home jurisdiction.
UK users: We rely on Standard Contractual Clauses (SCCs) as the lawful transfer mechanism for international data transfers.
Canadian users: Data transfers are governed by PIPEDA and equivalent contractual protections.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and, where required by law, by sending you a direct notification. The "Last updated" date at the top of this page will always reflect the most recent version.
Continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
14. Contact Us
For any privacy-related questions, requests, or concerns, please contact our Data Protection team:
- Email: hello@nuvilo.cloud
- Postal Address: Nuvilo Technologies Inc., 350 Fifth Avenue, Suite 4200, New York, NY 10118, United States
- Response Time: We aim to acknowledge all requests within 5 business days and resolve them within 30 calendar days.
UK residents may also contact the Information Commissioner's Office (ICO) at ico.org.uk. Canadian residents may contact the Office of the Privacy Commissioner at priv.gc.ca.