Privacy Policy

Last Updated: November 24, 2025

Welcome to NurseKind AI, a comprehensive educational technology platform designed for nursing education programs to evaluate and improve humanistic care practices in student-patient interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including:

• iOS Mobile Application - Available on the Apple App Store for individual students and faculty
• Web Application - Browser-based access at nursekindai.com for recording and analysis
• Institutional Dashboard - Admin portal for nursing program management and oversight

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use any of our services.

1. Information We Collect

We collect different types of information depending on how you use NurseKind AI:

1.1 Audio Recordings

When you use the recording feature on either the mobile app or web application:

• We collect audio recordings of student-patient interactions for educational assessment purposes
• Audio files are recorded via your device's microphone (mobile) or browser microphone access (web)
• iOS recordings are in M4A format (44.1kHz, 128kbps); web recordings are in WebM format
• Recordings require explicit microphone permission from you before any data is collected
• Audio recordings are temporarily stored during the transcription and analysis process
• Recordings are automatically deleted from our servers after analysis is complete

1.2 Transcribed Content & Analysis Data

Audio recordings are transcribed and analyzed using third-party AI services:

• Transcription: Complete text transcriptions created via AssemblyAI
• Speaker Diarization: Identification and separation of different speakers (student vs. patient)
• AI Analysis: Assessment of humanistic behaviors, empathy, and communication quality using OpenAI models
• Assessment Reports: Scores, feedback, and developmental recommendations
• Conversation Content: Full dialogue between students and patients for educational evaluation
• Metadata: Timestamps, assessment dates, and session information

1.3 Account Information (Institutional Users)

When your nursing program provides you with institutional access via our web platform:

• Email address (used for authentication and communication)
• Institutional affiliation (nursing school/program name)
• Role designation (student, faculty, administrator, coordinator)
• Account credentials (passwords are encrypted and never stored in plain text)
• Login activity and session information
• User preferences and dashboard settings

1.4 Purchase Information (Individual Users)

For iOS app users who purchase assessment credits:

• Transaction details processed through Apple In-App Purchases
• Credit balance and usage history
• Product IDs (single assessment, 5-pack, 10-pack)
• Purchase receipts and transaction timestamps
• Promo code redemption records (e.g., NURSE1 promotional codes)

Important: Financial information (credit card details, payment methods) is handled exclusively by Apple and is never collected, processed, or stored by NurseKind AI.

1.5 Device & Usage Information

We automatically collect certain technical information:

• Device Data: iOS version, device model, unique device identifiers, browser type and version
• Usage Statistics: Features accessed, assessment frequency, session duration
• Performance Data: Loading times, error reports, crash logs
• IP Address: For security, fraud prevention, and approximate location (not GPS coordinates)
• Cookies & Similar Technologies: Used on web platform for authentication and preferences (see Section 15)

1.6 Educational Records

For institutional subscriptions, we may collect and process:

• Student assessment results and performance data
• Faculty feedback and annotations
• Program-level analytics and aggregate statistics
• Institutional usage reports for administrative purposes
• Training completion records and participation data

1.7 Information We Do NOT Collect

To protect your privacy, NurseKind AI explicitly does NOT collect:

• Social Security Numbers or government-issued ID numbers
• Precise GPS location or real-time geolocation tracking
• Contacts, photos, or other media from your device (beyond recordings you create)
• Biometric data or facial recognition information
• Information from minors under age 13
• Health insurance information or medical records unrelated to educational assessments

2. How We Use Your Information

We use collected information for the following legitimate educational and operational purposes:

2.1 Core Educational Functionality

• Record and transcribe student-patient interactions for assessment
• Analyze communication patterns and humanistic nursing behaviors using AI
• Generate detailed feedback on empathy, patient-centered care, and therapeutic communication
• Provide actionable educational insights and improvement recommendations
• Create performance reports for students and faculty review
• Track student progress over multiple assessments

2.2 Service Delivery & Account Management

• Authenticate users and maintain secure account access
• Process institutional subscriptions and individual credit purchases
• Deliver AI-powered analysis through integrated services
• Manage user roles and permissions (admin, faculty, student)
• Provide customer support and respond to inquiries
• Send service-related notifications and updates

2.3 Institutional Administration

• Enable program administrators to manage student and faculty accounts
• Generate aggregate usage statistics and institutional reports
• Support compliance with accreditation requirements (AACN, CCNE/ACEN)
• Facilitate program assessment and quality improvement initiatives
• Provide training materials and implementation support

2.4 Platform Improvement & Development

• Monitor and analyze platform performance and usage patterns
• Detect, prevent, and address technical issues and bugs
• Improve AI model accuracy and assessment quality
• Develop new features based on user needs and feedback
• Conduct research to advance nursing education technology
• Test and validate new assessment methodologies

2.5 Legal Compliance & Safety

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and acceptable use policies
• Protect the rights, property, and safety of NurseKind AI, our users, and the public
• Prevent fraud, abuse, and unauthorized access
• Respond to legal requests from government authorities

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services under our Terms of Service
• Legitimate Interests: Improving our platform, conducting research, and ensuring security
• Legal Obligation: Complying with applicable laws and regulations
• Consent: Where you have explicitly consented to specific processing activities

4. Disclosure of Your Information

We share your information only with trusted third-party service providers and in specific circumstances outlined below:

4.1 AI & Transcription Service Providers

To deliver core functionality, we share data with:

• AssemblyAI: Audio recordings are sent to AssemblyAI for transcription and speaker diarization services. AssemblyAI processes audio according to their privacy policy and data processing agreements.
• OpenAI: Transcribed text is processed using GPT-4o and other models for AI-powered humanistic behavior analysis and assessment generation.
• Anthropic (Claude): May be used for alternative AI analysis perspectives and quality assurance (optional feature).

These services process your data in accordance with their own privacy policies and data processing agreements. We have implemented appropriate safeguards with these providers.

4.2 Authentication & Infrastructure Services

• Supabase: Provides secure authentication, user management, and database services for web platform users. Data is encrypted in transit and at rest.
• Cloud Hosting Providers: Web application and data storage infrastructure (with encryption and access controls)
• CDN Providers: Content delivery for fast, secure access to platform resources

4.3 Apple Inc.

• In-app purchase transactions are processed through Apple's App Store
• Apple handles all payment processing and financial information
• We receive only purchase confirmation and product information from Apple
• Apple's Privacy Policy governs their data practices

4.4 Analytics & Performance Monitoring

We may use service providers for:

• Application performance monitoring and error tracking
• Aggregate usage analytics (no personally identifiable information)
• Technical support and system maintenance

4.5 Educational Institutions

For institutional subscriptions:

• Student assessment data and performance reports are accessible to authorized faculty and administrators at your institution
• Aggregate program-level statistics may be shared with institutional leadership
• Data sharing is controlled by your institution's role-based access policies
• Institutions act as data controllers and determine access permissions

4.6 Legal Requirements & Safety

We may disclose your information when required by law or necessary to:

• Comply with valid legal processes (subpoenas, court orders, government requests)
• Enforce our Terms of Service or investigate potential violations
• Protect the rights, property, or safety of NurseKind AI, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

4.7 Business Transfers

In the event of a merger, acquisition, bankruptcy, dissolution, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

4.8 With Your Consent

We may share information for other purposes with your explicit consent or at your direction (e.g., sharing assessment results with external evaluators).

5. Educational Privacy Compliance

5.1 FERPA Compliance (Family Educational Rights and Privacy Act)

NurseKind AI is designed to support compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, which protects the privacy of student education records.

Our FERPA commitments:

• School Official Status: NurseKind AI acts as a "school official" with legitimate educational interests when processing student data on behalf of institutions
• Limited Use: We use student education records solely to provide the contracted educational services
• No Unauthorized Disclosure: We do not disclose education records to third parties without institutional authorization, except as required by law
• Access Controls: We maintain appropriate access controls so that only authorized personnel can access student records
• Data Security: We implement reasonable security measures to protect education records from unauthorized access
• Subcontractor Management: Our third-party service providers (AI/transcription services) are contractually required to protect education records

Institutional Responsibilities:

• Educational institutions are responsible for obtaining any necessary parental consent for students under 18
• Institutions control student access rights and must facilitate FERPA requests (access, amendment, disclosure accounting)
• Institutions should review and approve data sharing agreements with NurseKind AI
• Students must be informed through institutional policy about how NurseKind AI will be used for educational assessment

5.2 Protection of Pupil Rights Amendment (PPRA)

NurseKind AI does not conduct surveys, analyses, or evaluations that collect information concerning the protected areas outlined in PPRA without appropriate notice and consent:

• Political affiliations or beliefs
• Mental or psychological problems
• Sexual behavior or attitudes
• Illegal, anti-social, self-incriminating, or demeaning behavior
• Critical appraisals of family members
• Legally recognized privileged relationships
• Religious practices, affiliations, or beliefs
• Income (except as required to determine program eligibility)

5.3 State-Specific Education Privacy Laws

We comply with applicable state-level student privacy laws, including but not limited to:

• California: Student Online Personal Information Protection Act (SOPIPA) and AB 1584
• New York: Education Law 2-d
• Texas: HB 2087
• Other state-specific requirements as applicable

5.4 Accreditation & Professional Standards

Our assessment methodology aligns with:

• AACN Essentials (American Association of Colleges of Nursing)
• NCSBN Clinical Judgment Measurement Model
• CCNE and ACEN accreditation standards
• INACSL Healthcare Simulation Standards

6. Healthcare Privacy Considerations

Why This Matters:

Recorded student-patient interactions may inadvertently contain Protected Health Information (PHI) about actual patients. HIPAA compliance is the responsibility of the healthcare facility or educational institution where recordings occur.

User Responsibilities:

• Obtain Consent: Secure appropriate consent from patients before recording any interactions
• De-identify PHI: Remove or obscure patient names, dates of birth, medical record numbers, and other identifiers
• Use Simulated Patients: We strongly recommend using standardized/simulated patients rather than real patients
• Institutional Policies: Follow your institution's policies regarding recording and use of clinical interactions
• Clinical Site Requirements: Ensure recordings comply with clinical site regulations and HIPAA business associate agreements
• Never Record: Do not record interactions without explicit patient consent or institutional approval

Best Practice Recommendation:

Use NurseKind AI exclusively with simulated patient scenarios (standardized patients, mannequin-based simulations, role-play exercises) to completely eliminate PHI concerns while achieving educational objectives.

7. Data Storage, Retention, and Security

7.1 Data Storage Locations

Local Storage (Mobile App):

• Credit balance and purchase history stored locally on device using AsyncStorage
• App preferences and settings stored locally
• Audio recordings temporarily stored during processing, then immediately deleted

Cloud Storage (Web Platform):

• User account information stored in secure, encrypted databases (Supabase)
• Assessment transcripts and analysis results stored with encryption at rest
• Institutional data segregated with role-based access controls
• Servers located in secure data centers with redundancy and backup

Third-Party Storage:

• AssemblyAI stores transcriptions according to their retention policy (typically 30-90 days)
• OpenAI processes data but does not store transcripts beyond active analysis
• All third-party storage complies with applicable data protection laws

7.2 Data Retention Periods

• Audio Recordings: Deleted immediately after transcription is complete (typically within minutes to hours)
• Transcripts & Assessments: Retained for the duration of institutional subscription or as required by educational records retention policies
• Account Information: Retained for active accounts; deleted within 90 days of account closure
• Usage Analytics: Aggregate data retained indefinitely for platform improvement; individual data anonymized after 2 years
• Financial Records: Retained for 7 years to comply with tax and accounting requirements

Institutions may request custom retention periods to comply with their records retention policies.

7.3 Data Security Measures

We implement industry-standard security practices:

Technical Controls:

• Encryption in transit using TLS 1.2+ for all data transmission
• Encryption at rest using AES-256 for stored data
• Secure authentication using bcrypt password hashing (never storing passwords in plain text)
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Automated malware scanning and threat detection

Administrative Controls:

• Role-based access controls limiting data access to authorized personnel only
• Multi-factor authentication for administrative accounts
• Regular employee security training and awareness programs
• Confidentiality agreements with all employees and contractors
• Incident response plan for data breaches or security events

Physical Controls:

• Data centers with 24/7 physical security and monitoring
• Redundant power and network infrastructure
• Regular backups stored in geographically distributed locations

7.4 Data Deletion & Account Closure

Individual Users (Mobile App):

• Delete the app from your device to remove all locally stored information
• Contact us at info@nursekindai.com to request deletion of server-side data

Institutional Users (Web Platform):

• Request account deletion through your institution's administrator
• Institutional administrators can delete individual or bulk user accounts
• When your institution's subscription ends, we will delete or return all institutional data within 90 days unless legally required to retain

Data Portability: Institutional users can request export of their assessment data in standard formats (CSV, JSON, PDF) before account closure.

8. Your Privacy Rights

8.1 General Rights (All Users)

You have the right to:

• Access: Request access to the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your data for certain purposes
• Restrict: Request restriction of processing in certain circumstances
• Opt-Out: Opt out of marketing communications (though we send minimal marketing)

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (note: we do NOT sell your information)
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment

Sensitive Personal Information Notice: We process audio recordings of conversations, which may constitute sensitive personal information under CPRA. We use this information solely for educational assessment purposes as described in this policy.

Do Not Sell My Personal Information: NurseKind AI does not sell personal information and has not sold personal information in the past 12 months.

8.3 European Privacy Rights (GDPR, UK GDPR, Swiss DPA)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under applicable data protection laws:

• Right of Access: Obtain confirmation of whether we process your data and access to your data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing, including profiling
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

EU Representative: If you are in the EU and have concerns about our data practices, you may contact your local supervisory authority. We are committed to working with regulators to resolve any complaints.

8.4 Student Rights Under FERPA

For students at institutions using NurseKind AI:

• Right to Inspect: Request to review your education records maintained by your institution
• Right to Amend: Request correction of records you believe are inaccurate or misleading
• Right to Consent: Consent to disclosures of education records (with certain exceptions)
• Right to File Complaint: File a complaint with the U.S. Department of Education regarding alleged FERPA violations

Note: FERPA rights are exercised through your educational institution, not directly through NurseKind AI. Contact your institution's registrar or FERPA officer for requests related to education records.

8.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: info@nursekindai.com
• Subject Line: "Privacy Rights Request - [Your State/Region]"
• Include: Description of request, your contact information, and verification details

We will respond to verified requests within:

• 30 days for most requests
• 45 days for CCPA requests (with possible 45-day extension)
• 1 month for GDPR requests (with possible 2-month extension for complex requests)

Verification: To protect your privacy, we will verify your identity before fulfilling privacy rights requests. Verification may require providing identifying information or confirming details about your account.

9. International Data Transfers

NurseKind AI is based in the United States. If you access our services from outside the U.S., your information will be transferred to, stored in, and processed in the United States and potentially other countries where our service providers operate.

Legal Protections for International Transfers:

• Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to the U.S.
• Data Protection Addenda: Our contracts with third-party processors include appropriate data protection terms
• Privacy Shield: While invalidated, we maintain practices consistent with former Privacy Shield principles
• Adequacy Decisions: We comply with applicable adequacy decisions and transfer mechanisms

Data Protection Standards: Regardless of where data is processed, we apply consistent security and privacy protections as described in this policy.

10. Third-Party Services & Links

Our services integrate with and link to third-party services with their own privacy policies:

10.1 Third-Party Privacy Policies

• AssemblyAI: Privacy Policy
• OpenAI: Privacy Policy
• Anthropic: Privacy Policy
• Supabase: Privacy Policy
• Apple (IAP): Privacy Policy

We encourage you to review these third-party privacy policies. We are not responsible for the privacy practices of third-party services.

10.2 External Links

Our platform may contain links to external websites or resources. We are not responsible for the privacy practices or content of these third-party sites. Clicking external links is at your own risk.

11. Children's Privacy (COPPA Compliance)

NurseKind AI is designed for use by nursing students and educators, typically 18 years of age or older. We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If you believe we have inadvertently collected information from a child under 13:

• Contact us immediately at info@nursekindai.com
• We will take prompt steps to delete such information
• Parents/guardians have the right to review and request deletion of their child's information

For Students Under 18: Educational institutions using NurseKind AI for students under 18 are responsible for obtaining any necessary parental consent as required by FERPA and applicable state laws.

12. Cookies & Tracking Technologies

Our web platform uses cookies and similar tracking technologies to provide and improve our services.

12.1 Types of Cookies We Use

Essential Cookies: Required for core functionality

• Authentication cookies (keep you logged in)
• Session management cookies
• Security cookies (prevent fraud and abuse)

Functional Cookies: Enhance user experience

• Preference cookies (remember your settings)
• Language and regional preferences

Analytics Cookies: Help us improve our services

• Usage statistics (aggregate, non-identifying)
• Performance monitoring
• Error tracking for debugging

12.2 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may impact functionality)
• Accept only essential cookies
• Delete cookies after each session

Note: Disabling essential cookies may prevent you from accessing certain features of our web platform, including login functionality.

12.3 Do Not Track

Our platform does not currently respond to "Do Not Track" (DNT) browser signals. We do not track users across third-party websites for advertising purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

How We Notify You of Changes:

• Updating the "Last Updated" date at the top of this policy
• In-app notifications for material changes (mobile app)
• Email notifications to institutional administrators for significant changes
• Banner notice on web platform for 30 days after updates

Material Changes: For significant changes that substantially alter our data practices or your rights, we will:

• Provide 30 days advance notice
• Obtain renewed consent where legally required
• Provide clear information about what changed and why

Your Continued Use: Continued use of NurseKind AI after changes become effective constitutes acceptance of the updated Privacy Policy. If you disagree with changes, discontinue use and contact us about data deletion.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users without unreasonable delay (typically within 72 hours of discovery)
• Notify relevant regulatory authorities as required by law (e.g., HHS for FERPA violations, state attorneys general for certain breaches)
• Provide information about: what happened, what data was affected, what we're doing to address it, and what you can do to protect yourself
• Offer credit monitoring services if financial information was compromised (though we don't store financial data directly)

---

15. Contact Information & Privacy Inquiries

---

16. Consent & Agreement

By using NurseKind AI (including the iOS mobile app, web application, or institutional dashboard), you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms of Service.

For Individual Users: Your use of the app or website constitutes consent to our data practices as described.

For Institutional Users: Your institution's subscription agreement incorporates this Privacy Policy. Your use of NurseKind AI under an institutional subscription constitutes acceptance of these terms.

If you do not agree: Please do not use NurseKind AI. Contact your institution's administrator or our support team for alternatives.

---