Privacy Policy

KCraft Studio LTD, operating NexusHealth ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare platform.

We use the information we collect to:

• Provide and maintain our services
• Process and manage patient examinations
• Send administrative communications
• Improve our platform and develop new features
• Comply with legal obligations

We process your personal data on the following legal bases:

• Performance of a contract (Art. 6(1)(b)): Processing necessary to provide our services, manage your account, and process patient examinations
• Consent (Art. 6(1)(a)): Where you have given explicit consent, e.g., for marketing communications or optional analytics cookies
• Legitimate interest (Art. 6(1)(f)): For platform improvement, security monitoring, and fraud prevention, where our interests do not override your rights
• Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with applicable laws and regulations

We may share your information with:

• Cloud Infrastructure: AWS/Google Cloud for secure hosting and data storage
• Analytics Providers: For aggregated usage insights to improve our services
• Payment Processors: Stripe for secure subscription payment handling
• Email Services: For transactional and administrative communications

All third-party providers are contractually bound to protect your data and only use it for the specified purposes. We do not sell your personal information.

We use cookies and similar tracking technologies to enhance your experience on our platform. For detailed information about the types of cookies we use, how to manage your cookie preferences, and your choices regarding cookies, please see our Cookie Policy.

We implement industry-standard security measures to protect your data, including:

• AES-256-GCM encryption at rest
• TLS 1.3 encryption in transit
• Role-based access controls
• Comprehensive audit logging
• Regular security assessments

We retain your data for the following periods:

• Account data: Duration of your account plus 30 days after account deletion
• Health data (PHI): In accordance with applicable healthcare regulations (up to 10 years)
• Audit logs: 7 years, as required for regulatory compliance
• Cookie consent records: 1 year from the date of consent

After these periods, data is securely deleted or anonymized.

Under GDPR, you have the right to:

• Access your personal information (Art. 15)
• Correct inaccurate data (Art. 16)
• Request deletion of your data (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

Supervisory Authority: You have the right to lodge a complaint with the Commissioner for the Protection of Personal Data of Cyprus (website: dataprotection.gov.cy).

NexusHealth does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any analytical features within the platform serve solely as decision-support tools for healthcare professionals, who retain full clinical decision-making authority.

The provision of personal data (name, email, professional credentials) is a contractual requirement necessary for account creation and use of our services. Without this data, we cannot provide you with access to the NexusHealth platform. The provision of health data is necessary for the performance of clinical documentation services.

If you have questions about this Privacy Policy, please contact us at: