Privacy Policy

Last Updated: November 24, 2025

Platform Coverage:

iOS Mobile App Android Mobile App Web Application Institutional Dashboard

Welcome to NurseKind AI, a comprehensive educational technology platform designed for nursing education programs to evaluate and improve humanistic care practices in student-patient interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including:

iOS & Android Mobile Applications - Available on the Apple App Store and Google Play Store for individual students and faculty
Web Application - Accessible at nursekindai.com for recording, reviewing, and analyzing interactions
Institutional Dashboard - For nursing program administrators, faculty, and super administrators to manage and analyze student performance

By using NurseKind AI, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve our services.

1.1 Personal Information You Provide Directly

When creating an account or using our services, you may provide:

Account Information: Name, email address, password (hashed and encrypted)
Institutional Affiliation: Educational institution name, program details, role (student/faculty/administrator)
Educational Records: Student ID (if applicable), course enrollment information
Payment Information (Mobile Apps): Processed by Apple's In-App Purchase system (iOS) and Google Play Billing (Android); we do not directly store credit card details

1.2 Interaction Data Generated Through Platform Use

Audio Recordings:

Voice recordings of simulated student-patient interactions
Transcriptions of these recordings (generated via AssemblyAI)
Speaker diarization data (identifying different speakers in the recording)
Metadata: Recording duration, timestamp, device used

Important: These recordings should contain ONLY simulated interactions with actors or peers, NOT real patient interactions. Recording real patient interactions without proper HIPAA authorization violates patient privacy laws.

AI Analysis Results:

Empathy scores, communication quality assessments
Therapeutic presence evaluations
Detailed feedback on humanistic care practices
NCSBN Clinical Judgment Measurement Model alignment scores

1.3 Technical & Usage Data

Automatically Collected Information:

Device Information: Device type, operating system, app version
Usage Patterns: Feature usage, session duration, interaction frequency
Log Data: IP addresses, browser type (web app), error logs
Cookies & Local Storage: For session management and user preferences (web app only)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core Educational Services

Assessment & Feedback: Process audio recordings through AI models (OpenAI GPT-4) to generate detailed evaluations of humanistic nursing behaviors
Progress Tracking: Monitor student development over time and across multiple interactions
Faculty Tools: Provide faculty and administrators with aggregated performance analytics and individual student reports
NCLEX Preparation: Align assessments with NCSBN Clinical Judgment Measurement Model for standardized exam readiness

2.2 Platform Operations

Account Management: Create and maintain user accounts, authenticate users, manage subscriptions
Technical Support: Respond to support requests, troubleshoot issues, improve platform functionality
Security & Compliance: Detect and prevent fraud, abuse, or security vulnerabilities
Communications: Send service-related emails (account confirmations, password resets, subscription updates)

2.3 Research & Improvement (With Consent)

Product Development: Analyze aggregated usage patterns to improve AI accuracy and user experience
Educational Research: Conduct de-identified research on nursing education outcomes (only with institutional and IRB approval)

FERPA Compliance: For students under institutional subscriptions, we act as a "school official" with a legitimate educational interest. All data use complies with the Family Educational Rights and Privacy Act (FERPA) regulations.

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), UK, or other jurisdictions with similar data protection laws:

Contractual Necessity: Processing is necessary to provide our educational services under our Terms of Service
Legitimate Interests: Improving our platform, preventing fraud, ensuring security (where not overridden by your rights)
Legal Obligations: Complying with FERPA, tax laws, and other applicable regulations
Consent: For optional data uses like marketing communications or research participation (where you've explicitly opted in)

4. How We Share Your Information

We do not sell your personal information. We share data only in limited circumstances:

4.1 Within Your Educational Institution

For Students Under Institutional Subscriptions:

Your faculty and program administrators can view your recordings, transcripts, and assessment results
Aggregated performance data may be shared with institutional decision-makers for program improvement
Your institution controls who has access to student data within their account

4.2 Third-Party Service Providers

We work with trusted vendors who help operate our platform:

AI & Transcription Services:

AssemblyAI: Transcribes audio recordings and performs speaker diarization
- Data Processing Agreement (DPA) in place
- Complies with GDPR and CCPA
- Audio retained temporarily for processing, then deleted per their retention policy
OpenAI (GPT-4): Analyzes transcripts for empathy, communication, and clinical judgment
- Data Processing Agreement (DPA) in place
- Uses Enterprise API (not used for model training)
- Transcripts processed in real-time, not stored by OpenAI long-term
Anthropic (Claude): Alternative AI provider for specific analysis tasks
- Similar privacy protections as OpenAI
- Not used for model training without explicit consent

Infrastructure & Database Services:

Supabase: Backend database for user accounts, recordings metadata, assessment results
- SOC 2 Type II certified
- Data encrypted at rest and in transit
- Row Level Security (RLS) policies enforce access controls
Apple (iOS App) & Google (Android App): Handles In-App Purchases and app distribution
- Payment information processed directly by Apple
- We receive only anonymized transaction confirmations

4.3 Legal Compliance & Protection

We may disclose information if required by law or to protect rights:

Legal Requests: Comply with court orders, subpoenas, or legal processes
Law Enforcement: Respond to lawful requests from government authorities
Safety: Protect the safety and rights of NurseKind AI users, staff, or the public
Enforcement: Enforce our Terms of Service or investigate suspected violations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you and provide choices about your data before any such transfer.

5. Data Retention & Deletion

5.1 How Long We Keep Your Data

Active Accounts:

Student Accounts: Data retained for the duration of the institutional subscription plus 1 year for academic record purposes (in compliance with FERPA)
Individual Subscribers: Data retained while subscription is active plus 90 days after cancellation
Faculty/Admin Accounts: Retained while employed by the institution or as long as institutional subscription is active

Inactive Accounts:

Accounts inactive for 2+ years: We send deletion notices and anonymize data if no response within 60 days
Canceled subscriptions: Data retained for 90 days, then deleted unless legally required to retain

Audio Recordings:

Original audio files deleted 180 days after upload (transcripts and assessments retained)
Exception: Users can request early deletion of specific recordings

Aggregated Data:

De-identified, aggregated analytics retained indefinitely for research and product improvement

5.2 Your Right to Deletion

You can request deletion of your data at any time:

Students: Contact your institution's NurseKind administrator or email [email protected]
Individual Subscribers: Delete your account in the app settings or email [email protected]
Institutions: Contact your account manager or email [email protected]

Exceptions to Deletion:

We may retain data if required by law (e.g., financial records for tax purposes)
De-identified data used in aggregated research may not be deleted
Backup systems may retain data for up to 90 days after deletion request

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Rights for All Users

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Portability: Receive your data in a machine-readable format (JSON or CSV)

6.2 Additional Rights (GDPR, CCPA, etc.)

For EEA/UK Users (GDPR):

Right to Object: Object to processing based on legitimate interests
Right to Restriction: Request we limit processing of your data in certain circumstances
Right to Withdraw Consent: Withdraw consent for processing at any time (doesn't affect prior lawful processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority

For California Users (CCPA):

Right to Know: Request details about what personal information we collect, use, disclose, and sell (we don't sell)
Right to Delete: Request deletion of personal information (with exceptions)
Right to Opt-Out: Opt out of the "sale" of personal information (not applicable as we don't sell)
Right to Non-Discrimination: We won't discriminate against you for exercising your rights

6.3 How to Exercise Your Rights

To make a privacy rights request:

Email [email protected] with subject "Privacy Rights Request"
Specify which right(s) you wish to exercise
Provide sufficient information to verify your identity (name, email associated with account)
We will respond within 30 days (or as required by applicable law)

Verification Process: We may ask for additional information to verify your identity before processing requests to prevent unauthorized access.

7. Data Security

We implement industry-standard security measures to protect your information:

7.1 Technical Safeguards

Encryption:
- Data encrypted in transit using TLS 1.2+ (HTTPS)
- Data encrypted at rest (AES-256 encryption for database and file storage)
- Passwords hashed using bcrypt with salts
Access Controls:
- Multi-factor authentication (MFA) available for all users
- Role-based access control (RBAC) - users see only data they're authorized to access
- Row Level Security (RLS) policies in Supabase database
Infrastructure Security:
- Regular security audits and penetration testing
- Automated backup systems with 30-day retention
- Firewall protection and intrusion detection systems

7.2 Organizational Safeguards

Employee Training: All staff trained on data privacy and security best practices
Access Restrictions: Employee access to personal data limited to those with legitimate business need
Confidentiality Agreements: All employees and contractors sign non-disclosure agreements (NDAs)
Incident Response Plan: Procedures in place for detecting, responding to, and recovering from security incidents

7.3 Limitations

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security, but we commit to:

Promptly notifying affected users in the event of a data breach
Cooperating with law enforcement and regulatory authorities
Taking immediate action to contain and remediate security incidents

8. FERPA Compliance (For Institutional Users)

NurseKind AI complies with the Family Educational Rights and Privacy Act (FERPA) when used by educational institutions.

8.1 NurseKind AI as a "School Official"

Under FERPA, we function as a "school official" with a "legitimate educational interest" in student education records:

Purpose: We process student data solely to provide educational assessment services contracted by the institution
Access Limitations: We do not use student data for purposes outside the scope of our services
No Re-Disclosure: We do not re-disclose personally identifiable student information without institutional authorization (except as permitted by FERPA)

8.2 Student Rights Under FERPA

Students have the following rights regarding their educational records:

Right to Inspect: Request to review your NurseKind AI records through your institution
Right to Amend: Request correction of inaccurate or misleading records
Right to Consent: Control disclosure of personally identifiable information (except in FERPA-permitted circumstances)
Right to File a Complaint: File complaints about FERPA violations with the U.S. Department of Education

To Exercise FERPA Rights: Contact your institution's registrar or NurseKind AI administrator.

8.3 Directory Information

We do not treat any student data as "directory information." All student records in NurseKind AI are treated as protected educational records requiring consent for disclosure.

8.4 Parental Access (For Students Under 18)

Parents of students under 18 may have rights to access their child's educational records under FERPA. Contact your institution for details on parental access procedures.

9. International Data Transfers

NurseKind AI is based in the United States. If you access our services from outside the U.S., your information will be transferred to, stored in, and processed in the United States and potentially other countries where our service providers operate.

Legal Protections for International Transfers:

Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to the U.S.
Data Protection Addenda: Our contracts with third-party processors include appropriate data protection terms
Privacy Shield: While invalidated, we maintain practices consistent with former Privacy Shield principles
Adequacy Decisions: We comply with applicable adequacy decisions and transfer mechanisms

Data Protection Standards: Regardless of where data is processed, we apply consistent security and privacy protections as described in this policy.

10. Third-Party Services & Links

Our services integrate with and link to third-party services with their own privacy policies:

10.1 Third-Party Privacy Policies

AssemblyAI: Privacy Policy
OpenAI: Privacy Policy
Anthropic: Privacy Policy
Supabase: Privacy Policy
Apple (IAP): Privacy Policy

We encourage you to review these third-party privacy policies. We are not responsible for the privacy practices of third-party services.

10.2 External Links

Our platform may contain links to external websites or resources. We are not responsible for the privacy practices or content of these third-party sites. Clicking external links is at your own risk.

11. Children's Privacy (COPPA Compliance)

NurseKind AI is designed for use by nursing students and educators, typically 18 years of age or older. We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If you believe we have inadvertently collected information from a child under 13:

Contact us immediately at [email protected]
We will take prompt steps to delete such information
Parents/guardians have the right to review and request deletion of their child's information

For Students Under 18: Educational institutions using NurseKind AI for students under 18 are responsible for obtaining any necessary parental consent as required by FERPA and applicable state laws.

12. Cookies & Tracking Technologies

Our web platform uses cookies and similar tracking technologies to provide and improve our services.

12.1 Types of Cookies We Use

Essential Cookies: Required for core functionality

Authentication cookies (keep you logged in)
Session management cookies
Security cookies (prevent fraud and abuse)

Functional Cookies: Enhance user experience

Preference cookies (remember your settings)
Language and regional preferences

Analytics Cookies: Help us improve our services

Usage statistics (aggregate, non-identifying)
Performance monitoring
Error tracking for debugging

12.2 Managing Cookies

You can control cookies through your browser settings:

Block all cookies (may impact functionality)
Accept only essential cookies
Delete cookies after each session

Note: Disabling essential cookies may prevent you from accessing certain features of our web platform, including login functionality.

12.3 Do Not Track

Our platform does not currently respond to "Do Not Track" (DNT) browser signals. We do not track users across third-party websites for advertising purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

How We Notify You of Changes:

Updating the "Last Updated" date at the top of this policy
In-app notifications for material changes (mobile app)
Email notifications to institutional administrators for significant changes
Banner notice on web platform for 30 days after updates

Material Changes: For significant changes that substantially alter our data practices or your rights, we will:

Provide 30 days advance notice
Obtain renewed consent where legally required
Provide clear information about what changed and why

Your Continued Use: Continued use of NurseKind AI after changes become effective constitutes acceptance of the updated Privacy Policy. If you disagree with changes, discontinue use and contact us about data deletion.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Notify affected users without unreasonable delay (typically within 72 hours of discovery)
Notify relevant regulatory authorities as required by law (e.g., HHS for FERPA violations, state attorneys general for certain breaches)
Provide information about: what happened, what data was affected, what we're doing to address it, and what you can do to protect yourself
Offer credit monitoring services if financial information was compromised (though we don't store financial data directly)

15. Contact Information & Privacy Inquiries

General Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: [email protected]

Subject Line: "Privacy Policy Inquiry"

Mailing Address:
NurseKind AI
Attn: Privacy Officer
c/o Dr. Stacie Dee
Hofstra Northwell School of Nursing
Hempstead, NY 11549

Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.):

Email: [email protected]

Subject: "Privacy Rights Request - [Type of Request]"

Institutional Partnerships

For institutional privacy inquiries or data processing agreements:

Email: [email protected]

Subject: "Institutional Privacy Inquiry"

Regulatory Complaints

FERPA Complaints: U.S. Department of Education, Student Privacy Policy Office
https://studentprivacy.ed.gov/file-a-complaint

FTC Complaints: Federal Trade Commission
https://www.ftc.gov/complaint

GDPR Complaints (EU): Your local Data Protection Authority
Find your DPA

Response Time: We will respond to all privacy inquiries within 30 days (or as required by applicable law).

16. Consent & Agreement

By using NurseKind AI (including the iOS mobile app, Android mobile app, web application, or institutional dashboard), you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms of Service.

For Individual Users: Your use of the app or website constitutes consent to our data practices as described.

For Institutional Users: Your institution's subscription agreement incorporates this Privacy Policy. Your use of NurseKind AI under an institutional subscription constitutes acceptance of these terms.

If you do not agree: Please do not use NurseKind AI. Contact your institution's administrator or our support team for alternatives.

Privacy Policy

Last Updated: January 22, 2026

INTRODUCTION

NurseKind AI, LLC ("NurseKind," "we," "us," or "our") provides an artificial intelligence-powered educational assessment platform (the "Platform") designed to evaluate humanistic nursing behaviors in student-patient interactions. This Privacy Policy describes how we collect, use, disclose, and protect information when educational institutions ("Institution," "Customer," or "School") and their students ("Students" or "Users") use our Platform.

This Privacy Policy applies to information collected through:

The NurseKind AI mobile application (iOS and Android)
The NurseKind AI web-based faculty dashboard
Canvas Learning Management System (LMS) integration
Any related services, features, or content we offer

IMPORTANT EXCLUSIONS AND SCOPE LIMITATIONS

NOT HIPAA-Regulated - Educational Simulations Only

NURSEKIND AI IS NOT SUBJECT TO THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA).

Important Distinctions:

The Platform processes SIMULATED student-patient interactions, NOT real patient care
Students practice communication skills using scenarios, actors, simulated patients, or case studies
NO actual patient Protected Health Information (PHI) is processed or stored
Platform is used for educational assessment, NOT healthcare delivery or clinical documentation

Student Responsibilities:

Students MUST NOT submit recordings of actual patient interactions
Students MUST NOT include real patient names, medical record numbers, dates of birth, or other identifiable patient information
Students MUST use only simulated, hypothetical, or role-play scenarios as instructed by their educational program

Violations of this policy may result in immediate account termination and notification to the student's institution.

NOT a Clinical Decision Support Tool

THE PLATFORM IS AN EDUCATIONAL ASSESSMENT TOOL ONLY, NOT A CLINICAL DECISION SUPPORT SYSTEM.

Platform Purpose:

Evaluate communication skills and humanistic behaviors in educational contexts
Provide formative feedback for student learning and professional development
Support nursing education program assessment and improvement
Supplement faculty evaluation with AI-powered insights

The Platform is NOT Used For:

Clinical diagnosis or patient treatment decisions
Patient care recommendations or protocols
Determination of clinical competency for licensure or certification
Replacement of clinical preceptor evaluation
Direct patient care or treatment planning
Medical decision-making of any kind

Educational Context Only: All assessments and feedback are provided in the context of nursing education and student development, not clinical practice.

Supplemental Assessment Tool - Faculty Oversight Required

AI-GENERATED ASSESSMENTS REQUIRE FACULTY REVIEW AND PROFESSIONAL JUDGMENT.

Faculty Authority and Responsibility:

Faculty retain SOLE AUTHORITY for all grading and educational decisions
AI-generated scores and feedback are ADVISORY only and inform, not replace, professional judgment
High-stakes decisions (grades, clinical progression, graduation eligibility) require human faculty review
Faculty should review actual recordings when making critical competency determinations
Educational institutions maintain full responsibility for student assessment and progression decisions

Platform Limitations:

AI assessments may contain errors, inaccuracies, or limitations
Technology cannot account for all contextual factors in human interactions
Assessment frameworks are evidence-based but not infallible
Results represent ONE data point among multiple evaluation methods

NurseKind Assumes NO Responsibility For:

Grading decisions made by faculty or institutions
Student progression or graduation determinations
Clinical competency assessments
Licensure or certification recommendations
Educational outcomes or student performance

The Platform is designed to support and enhance faculty evaluation, never to replace human professional judgment in educational decision-making.

FERPA COMPLIANCE AND SCHOOL OFFICIAL DESIGNATION

Education Records

NurseKind AI acknowledges that certain information collected through the Platform, including audio recordings of student-patient interactions, assessment scores, performance analytics, and related educational data, constitutes "education records" as defined under the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. § 1232g and 34 C.F.R. Part 99.

School Official Status

The Institution designates NurseKind AI as a "school official" with "legitimate educational interests" in student education records pursuant to FERPA 34 C.F.R. § 99.31(a)(1). NurseKind AI operates under the direct control of the Institution with respect to the use and maintenance of education records and uses such records only for authorized educational purposes as directed by the Institution.

Institutional Control

The Institution retains ownership and control of all student education records. NurseKind AI acts solely as a service provider and data processor on behalf of the Institution. We do not use student education records for any purpose other than providing the Platform services as authorized by the Institution.

INFORMATION WE COLLECT

Information Collected Directly from Students

When Students use the Platform, we collect:

Student Account Information:

Name
Email address
Student identification number (as provided by Institution)
Program/course enrollment information
Academic institution affiliation

Audio Recording Data:

Voice recordings of student-patient interaction simulations
Audio file metadata (duration, timestamp, file format)
Interaction context information (scenario type, clinical setting)

Assessment Response Data:

Student self-assessments
Reflection notes
Response to AI-generated feedback

Usage Information:

Platform access times and frequency
Features accessed
Device information (device type, operating system, browser type)
IP address and general location data

Information Received from Institutions

We receive the following information from educational institutions:

Student roster data (names, email addresses, student IDs)
Course enrollment information
Program affiliation and academic year
Faculty/instructor assignments
Institutional configuration preferences

Information Collected from Canvas LMS Integration

Current Canvas Integration (Read-Only):

Student roster synchronization
Course enrollment data
User authentication credentials

Future Canvas Integration (When Implemented):

Assessment score data for grade passback
Assignment completion status
Course grading configuration

Information Generated by Our Platform

The Platform generates:

Audio transcriptions of student recordings
AI-generated assessment scores and feedback
Performance analytics and trends
Comparative benchmarking data (anonymized and aggregated)
Progress tracking metrics

HOW WE USE INFORMATION

Educational Services

We use collected information to:

Transcribe and analyze student-patient interaction audio recordings
Generate AI-powered assessment scores evaluating humanistic nursing behaviors
Provide personalized feedback on communication skills, empathy, and therapeutic techniques
Enable faculty review of student performance
Track student progress over time
Generate performance reports and analytics for faculty and administrators
Facilitate Canvas LMS integration for roster management and (future) grade synchronization

Platform Improvement

We may use aggregated, de-identified, and anonymized information that cannot reasonably identify individual students to:

Improve AI assessment algorithms and accuracy
Enhance Platform features and functionality
Conduct internal research and development
Generate industry benchmarking reports for nursing education

Communication

We use contact information to:

Send Platform-related notifications and updates
Provide technical support
Respond to inquiries
Communicate important security or privacy updates

We do NOT use student information for:

Marketing or promotional purposes
Selling or renting to third parties
Behavioral advertising
Creating student profiles for non-educational purposes

ARTIFICIAL INTELLIGENCE AND THIRD-PARTY SERVICES

AI Processing Services

NurseKind AI utilizes third-party artificial intelligence services to analyze student recordings:

AssemblyAI (Transcription Service):

Purpose: Converts audio recordings to text transcripts with speaker diarization
Data Shared: Audio recordings, file metadata
Processing Location: United States
Data Usage: AssemblyAI processes audio strictly for transcription purposes and does not use customer data to train their models
Privacy Policy: https://www.assemblyai.com/legal/privacy-policy

OpenAI (AI Analysis Service):

Purpose: Analyzes transcripts to generate assessment scores and feedback on humanistic nursing behaviors
Data Shared: Anonymized transcripts (student names replaced with generic identifiers), interaction context
Processing Location: United States
Data Usage: Student data is NOT used to train AI models by default. OpenAI API does NOT use customer data for model training. We have executed OpenAI's Student Data Processing Addendum confirming that student data will NOT be used for training, model improvement, or any purpose beyond generating assessments for the specific student submission. Any use of student data for training would require explicit written agreement with the educational institution.
Privacy Policy: https://openai.com/policies/privacy-policy

Infrastructure and Data Storage

Supabase (Database and Authentication):

Purpose: Secure data storage, user authentication, database management
Data Shared: All Platform data including audio files, transcripts, assessment scores, user accounts
Processing Location: United States
Security: SOC 2 Type II certified, encryption at rest and in transit
Privacy Policy: https://supabase.com/privacy

Firebase Cloud Functions (Backend Processing):

Purpose: Secure API request handling, business logic execution
Data Shared: API requests, processing instructions
Processing Location: United States
Privacy Policy: https://firebase.google.com/support/privacy

Payment Processing (for Individual Student Subscriptions)

RevenueCat (iOS In-App Purchases):

Purpose: Manage iOS subscription purchases
Data Shared: Purchase information, subscription status (no financial data stored by NurseKind)
Processing Location: United States
Privacy Policy: https://www.revenuecat.com/privacy

Subprocessor Commitments

All third-party service providers (subprocessors) have agreed to:

Maintain appropriate technical and organizational security measures
Use student data only for providing contracted services
Comply with FERPA requirements and educational data protection standards
Notify NurseKind immediately of any data security incidents
Delete or return data upon termination of services

We maintain a current list of all subprocessors and will notify Institutions of any changes to our subprocessor list with at least 30 days advance notice.

INFORMATION SHARING AND DISCLOSURE

Sharing with Institutions

We share student information with the educational institution that authorized the student's access:

Faculty/instructors can access audio recordings, transcripts, assessment scores, and performance analytics for their enrolled students
Program administrators can access aggregated performance data and analytics for their programs
Institutional administrators can access system-wide usage and performance metrics

Sharing at Student Direction

Students may share their own assessment results and feedback as they choose. The Platform may provide features allowing students to export or share their individual performance data.

Legal Obligations

We may disclose information when required by law or legal process:

To comply with valid legal process (subpoena, court order, warrant)
To comply with FERPA-permitted disclosures
To protect the rights, property, or safety of NurseKind, our users, or the public
In connection with an investigation of fraud, intellectual property infringement, or other unlawful activity

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, student information may be transferred to a successor entity, subject to the same privacy protections and with notice to affected Institutions.

What We Do NOT Do with Student Information

We do NOT:

Sell or rent student information to third parties
Share student information with third parties for their marketing purposes
Use student information for behavioral advertising or ad targeting
Create student profiles for non-educational purposes
Disclose student information to law enforcement without valid legal process (except in emergencies involving threat of death or serious bodily harm)

DATA SECURITY

Security Measures

NurseKind AI implements industry-standard security measures to protect student information:

Technical Safeguards:

AES-256 encryption for data at rest
TLS 1.2+ encryption for data in transit
Secure API authentication using JWT tokens
Multi-factor authentication for administrative access
Regular security vulnerability scanning and penetration testing
Automated security monitoring and intrusion detection

Physical Safeguards:

Data stored in SOC 2 Type II certified data centers
Redundant backup systems with geographic distribution
Disaster recovery and business continuity plans

Administrative Safeguards:

Limited Personnel Access: Currently, only two company principals (founders) have access to student data - Dr. Stacie A. Dee (CEO) and [Co-Founder]. See Personnel Disclosure document for complete details.
Both principals have completed FERPA training and signed confidentiality agreements
When employees are hired in the future, background checks will be required before data access
Mandatory FERPA and data privacy training for all personnel with data access
Principle of least privilege access controls
Audit logging of all data access and modifications
Incident response plan and procedures

Data Breach Notification

In the event of a data breach involving student education records, we will:

Notify the affected Institution within 24 hours of confirming the breach
Provide detailed information about the nature and scope of the breach
Describe the measures taken to address the breach
Offer recommendations to mitigate potential harm
Cooperate fully with the Institution's breach response procedures
Notify affected individuals as required by applicable law or at Institution's direction

DATA RETENTION AND DELETION

Retention During Active Use

While a student is actively enrolled in courses using the Platform, we retain:

Audio recordings and transcripts
Assessment scores and feedback
Performance analytics and progress data

Retention After Course Completion

After a student completes a course or program:

Data is retained for 60 days to allow for grade disputes, academic review, or late access needs
After 60 days, student data is automatically deleted unless the Institution requests extended retention

Deletion Upon Request

Institutions may request immediate deletion of student data at any time. Upon receipt of such request, we will:

Delete all student education records within 5 business days
Provide written certification of deletion
Ensure deletion from all backup systems within 30 days

Contract Termination

Upon termination of an Institution's agreement with NurseKind:

Default Retention Period: All student education records will be deleted within 30 days of contract termination
This 30-day period allows for final data exports and transition activities
Institutions may request immediate deletion (completed within 5 business days) or extended retention (by written agreement only)
Institutions may request data export in machine-readable format (CSV, JSON) before deletion
Written certification of deletion will be provided upon request
Deletion includes all copies in backup systems (completed within 60 days of termination)

Individual Student Requests

Students who wish to delete their own data should contact their Institution, as the Institution is the data controller for education records. Institutions may then request deletion on behalf of the student.

STUDENT AND PARENT RIGHTS

FERPA Rights

Students (and parents, if applicable) have rights under FERPA including:

Right to inspect and review education records
Right to request amendment of inaccurate records
Right to consent to disclosure of education records (except where FERPA permits disclosure without consent)
Right to file complaints with the U.S. Department of Education

These rights are exercised through the Institution, not directly through NurseKind. Students should contact their school's registrar or designated FERPA official.

Access to Information

Students may request access to their information stored in the Platform by contacting their Institution or by submitting a request to [email protected]. We will respond within 30 days.

Correction of Information

Students who believe their information is inaccurate or incomplete may request correction through their Institution. We will work with the Institution to make appropriate corrections within 30 days.

Data Portability

Students may request a copy of their data in a structured, machine-readable format by contacting their Institution. We will provide such data within 30 days of a valid request.

CHILDREN'S PRIVACY

The Platform is designed exclusively for students aged 18 and older enrolled in post-secondary nursing education programs. We do not knowingly collect information from individuals under 18. If we become aware that we have inadvertently collected information from someone under 18, we will promptly delete such information.

STATE-SPECIFIC PRIVACY RIGHTS

California

California students have additional rights under the California Consumer Privacy Act (CCPA) and Student Online Personal Information Protection Act (SOPIPA):

SOPIPA Commitments:

We will not use student information for targeted advertising
We will not create student profiles for non-educational purposes
We will not sell student information
We will not disclose student information except as authorized

CCPA Rights:

Right to know what personal information is collected
Right to delete personal information (exercised through Institution)
Right to opt-out of sale of personal information (we do not sell information)

New York

Under New York Education Law § 2-d, we provide:

Parents' Bill of Rights (available at https://nursekind.ai/parents-bill-of-rights)
Supplemental information about data collection and use
Commitment to data security and breach notification
Employee training on student data privacy

Parents and eligible students may contact their school district to exercise rights under Education Law § 2-d.

Colorado

Under Colorado's Student Data Transparency and Security Act:

We maintain a transparent list of all data elements collected
We implement comprehensive data security measures
We prohibit use of student data for targeted advertising
We provide data deletion upon authorized request

INTERNATIONAL USERS

The Platform is designed for use in the United States only. All data is stored on servers located in the United States. If you access the Platform from outside the United States, you acknowledge that your information will be transferred to, stored in, and processed in the United States.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. We will:

Post the updated Privacy Policy on our website with a new "Last Updated" date
Notify Institutions at least 30 days before material changes take effect
Obtain Institution consent for material changes that expand data collection or use
Maintain previous versions for Institution reference

Continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy, subject to Institution's consent rights.

CONTACT INFORMATION

For questions about this Privacy Policy or our privacy practices:

Privacy Officer

NurseKind AI, LLC

418 Broadway STE Rive

Albany, NY, 12207, USA

Email: [email protected]

Phone: (to be provided)

For FERPA-related inquiries, students should contact their Institution's registrar or FERPA official.

To file a complaint regarding our privacy practices:

Family Policy Compliance Office

U.S. Department of Education

400 Maryland Avenue, SW

Washington, DC 20202-8520

Website: https://studentprivacy.ed.gov/file-a-complaint

TRANSPARENCY COMMITMENT

We are committed to transparency in our data practices. Additional resources available at https://nursekind.ai/privacy:

Current list of all third-party subprocessors
Data Processing Agreement template
Security and compliance certifications
Frequently Asked Questions about student data privacy
Instructions for data access, correction, and deletion requests

This Privacy Policy is effective as of the "Last Updated" date above and applies to all information collected on or after that date.

Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide Directly

1.2 Interaction Data Generated Through Platform Use

1.3 Technical & Usage Data

2. How We Use Your Information

2.1 Core Educational Services

2.2 Platform Operations

2.3 Research & Improvement (With Consent)

3. Legal Basis for Processing (GDPR Compliance)

4. How We Share Your Information

4.1 Within Your Educational Institution

4.2 Third-Party Service Providers

4.3 Legal Compliance & Protection

4.4 Business Transfers

5. Data Retention & Deletion

5.1 How Long We Keep Your Data

5.2 Your Right to Deletion

6. Your Privacy Rights

6.1 Rights for All Users

6.2 Additional Rights (GDPR, CCPA, etc.)

6.3 How to Exercise Your Rights

7. Data Security

7.1 Technical Safeguards

7.2 Organizational Safeguards

7.3 Limitations

8. FERPA Compliance (For Institutional Users)

8.1 NurseKind AI as a "School Official"

8.2 Student Rights Under FERPA

8.3 Directory Information

8.4 Parental Access (For Students Under 18)

9. International Data Transfers

10. Third-Party Services & Links

10.1 Third-Party Privacy Policies

10.2 External Links

11. Children's Privacy (COPPA Compliance)

12. Cookies & Tracking Technologies

12.1 Types of Cookies We Use

12.2 Managing Cookies

12.3 Do Not Track

13. Changes to This Privacy Policy

14. Data Breach Notification

15. Contact Information & Privacy Inquiries

General Inquiries

Privacy Rights Requests

Institutional Partnerships

Regulatory Complaints

16. Consent & Agreement

Student & Faculty Login

Privacy Policy

INTRODUCTION

IMPORTANT EXCLUSIONS AND SCOPE LIMITATIONS

NOT HIPAA-Regulated - Educational Simulations Only

NOT a Clinical Decision Support Tool

Supplemental Assessment Tool - Faculty Oversight Required

FERPA COMPLIANCE AND SCHOOL OFFICIAL DESIGNATION

Education Records

School Official Status

Institutional Control

INFORMATION WE COLLECT

Information Collected Directly from Students

Information Received from Institutions

Information Collected from Canvas LMS Integration

Information Generated by Our Platform

HOW WE USE INFORMATION

Educational Services

Platform Improvement

Communication

ARTIFICIAL INTELLIGENCE AND THIRD-PARTY SERVICES

AI Processing Services

Infrastructure and Data Storage

Payment Processing (for Individual Student Subscriptions)

Subprocessor Commitments

INFORMATION SHARING AND DISCLOSURE

Sharing with Institutions

Sharing at Student Direction

Legal Obligations

Business Transfers

What We Do NOT Do with Student Information

DATA SECURITY