Nodera Health
Legal

Privacy Policy

This policy describes how Nodera Health, Inc. ("Nodera", "we", "us") collects, uses, and protects information when you interact with our website, request a demo, or use our operational infrastructure for healthcare clinics.

Effective February 26, 2026

1. What we collect

We collect only the information you provide to us directly and the minimum operational data needed to deliver our service:

  • Account & contact data — name, work email, role, clinic name, phone (when you request access or sign in to the clinic / vendor portal).
  • Operational data — workflow records, vendor activations, program configurations, and audit logs created in the course of using the platform.
  • Usage telemetry — page views, feature interactions, and email open / click events (used to improve the product and detect drift).

Nodera does not collect protected health information (PHI) directly. Clinics retain ownership and control of any patient data they choose to attach to a workflow or roster record.

2. How we use it

  • To provide, secure, and improve the Nodera platform.
  • To send transactional emails (login links, workflow updates, billing receipts) via Resend.
  • To send opt-in marketing communications (you can unsubscribe at any time from the footer of any email).
  • To detect operational drift and notify your admins via the daily digest.

3. Sub-processors

We rely on a small set of vetted sub-processors. Each is contractually bound to the same confidentiality standards Nodera operates under:

  • MongoDB Atlas — primary database, US-east region, encryption at rest.
  • Resend — transactional + digest email delivery.
  • Stripe — payments and billing (we never store full card data).
  • Anthropic Claude — AI summarization for vendor applications and intelligence reports.
  • Emergent — Kubernetes-based hosting infrastructure.

4. Data retention

Operational data is retained for the duration of your subscription and for 90 days after cancellation, after which it is permanently deleted unless a longer retention period is legally required (e.g. financial records held for tax compliance).

5. Your rights

You can request a copy, export, or deletion of your account data at any time by emailing privacy@noderahealth.com. We respond within 30 days.

6. Security

All traffic is encrypted in transit (TLS 1.2+). Database access is gated by role-based authentication, and admin actions are logged. We do not store passwords in plain text — password hashes use bcrypt with per-user salts.

7. Children

Nodera is a B2B platform sold to licensed healthcare clinics. We do not knowingly collect data from anyone under 18.

8. Changes to this policy

We will post the effective date of any material change at the top of this page and, where appropriate, notify account admins via email.

9. Contact

Questions, requests, or concerns: privacy@noderahealth.com.

Back to Nodera Health

Nodera Health

The infrastructure layer enabling licensed clinics to deploy and scale cash-pay programs through workflow automation, vendor coordination, and financial workflow enablement.

Nodera Health provides operational infrastructure only and does not provide healthcare services, clinical oversight, prescribing, diagnostics interpretation, or patient care management. Clinics retain full control of clinical decisions. Vendors operate independently. Payment flows are handled by third-party providers.

© 2026 Nodera Health, Inc.

Made with Emergent