Privacy Policy

Last Updated: November 24, 2025

Welcome to NurseKind AI, a comprehensive educational technology platform designed for nursing education programs to evaluate and improve humanistic care practices in student-patient interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including:

• iOS & Android Mobile Applications - Available on the Apple App Store and Google Play Store for individual students and faculty
• Web Application - Accessible at nursekindai.com for recording, reviewing, and analyzing interactions
• Institutional Dashboard - For nursing program administrators, faculty, and super administrators to manage and analyze student performance

By using NurseKind AI, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve our services.

1.1 Personal Information You Provide Directly

When creating an account or using our services, you may provide:

• Account Information: Name, email address, password (hashed and encrypted)
• Institutional Affiliation: Educational institution name, program details, role (student/faculty/administrator)
• Educational Records: Student ID (if applicable), course enrollment information
• Payment Information (Mobile Apps): Processed by Apple's In-App Purchase system (iOS) and Google Play Billing (Android); we do not directly store credit card details

1.2 Interaction Data Generated Through Platform Use

Audio Recordings:

• Voice recordings of simulated student-patient interactions
• Transcriptions of these recordings (generated via AssemblyAI)
• Speaker diarization data (identifying different speakers in the recording)
• Metadata: Recording duration, timestamp, device used

AI Analysis Results:

• Empathy scores, communication quality assessments
• Therapeutic presence evaluations
• Detailed feedback on humanistic care practices
• NCSBN Clinical Judgment Measurement Model alignment scores

1.3 Technical & Usage Data

Automatically Collected Information:

• Device Information: Device type, operating system, app version
• Usage Patterns: Feature usage, session duration, interaction frequency
• Log Data: IP addresses, browser type (web app), error logs
• Cookies & Local Storage: For session management and user preferences (web app only)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core Educational Services

• Assessment & Feedback: Process audio recordings through AI models (OpenAI GPT-4) to generate detailed evaluations of humanistic nursing behaviors
• Progress Tracking: Monitor student development over time and across multiple interactions
• Faculty Tools: Provide faculty and administrators with aggregated performance analytics and individual student reports
• NCLEX Preparation: Align assessments with NCSBN Clinical Judgment Measurement Model for standardized exam readiness

2.2 Platform Operations

• Account Management: Create and maintain user accounts, authenticate users, manage subscriptions
• Technical Support: Respond to support requests, troubleshoot issues, improve platform functionality
• Security & Compliance: Detect and prevent fraud, abuse, or security vulnerabilities
• Communications: Send service-related emails (account confirmations, password resets, subscription updates)

2.3 Research & Improvement (With Consent)

• Product Development: Analyze aggregated usage patterns to improve AI accuracy and user experience
• Educational Research: Conduct de-identified research on nursing education outcomes (only with institutional and IRB approval)

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), UK, or other jurisdictions with similar data protection laws:

• Contractual Necessity: Processing is necessary to provide our educational services under our Terms of Service
• Legitimate Interests: Improving our platform, preventing fraud, ensuring security (where not overridden by your rights)
• Legal Obligations: Complying with FERPA, tax laws, and other applicable regulations
• Consent: For optional data uses like marketing communications or research participation (where you've explicitly opted in)

4. How We Share Your Information

We do not sell your personal information. We share data only in limited circumstances:

4.1 Within Your Educational Institution

For Students Under Institutional Subscriptions:

• Your faculty and program administrators can view your recordings, transcripts, and assessment results
• Aggregated performance data may be shared with institutional decision-makers for program improvement
• Your institution controls who has access to student data within their account

4.2 Third-Party Service Providers

We work with trusted vendors who help operate our platform:

AI & Transcription Services:

• AssemblyAI: Transcribes audio recordings and performs speaker diarization
  • Data Processing Agreement (DPA) in place
  • Complies with GDPR and CCPA
  • Audio retained temporarily for processing, then deleted per their retention policy
• OpenAI (GPT-4): Analyzes transcripts for empathy, communication, and clinical judgment
  • Data Processing Agreement (DPA) in place
  • Uses Enterprise API (not used for model training)
  • Transcripts processed in real-time, not stored by OpenAI long-term
• Anthropic (Claude): Alternative AI provider for specific analysis tasks
  • Similar privacy protections as OpenAI
  • Not used for model training without explicit consent

Infrastructure & Database Services:

• Supabase: Backend database for user accounts, recordings metadata, assessment results
  • SOC 2 Type II certified
  • Data encrypted at rest and in transit
  • Row Level Security (RLS) policies enforce access controls
• Apple (iOS App) & Google (Android App): Handles In-App Purchases and app distribution
  • Payment information processed directly by Apple
  • We receive only anonymized transaction confirmations

4.3 Legal Compliance & Protection

We may disclose information if required by law or to protect rights:

• Legal Requests: Comply with court orders, subpoenas, or legal processes
• Law Enforcement: Respond to lawful requests from government authorities
• Safety: Protect the safety and rights of NurseKind AI users, staff, or the public
• Enforcement: Enforce our Terms of Service or investigate suspected violations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you and provide choices about your data before any such transfer.

5. Data Retention & Deletion

5.1 How Long We Keep Your Data

Active Accounts:

• Student Accounts: Data retained for the duration of the institutional subscription plus 1 year for academic record purposes (in compliance with FERPA)
• Individual Subscribers: Data retained while subscription is active plus 90 days after cancellation
• Faculty/Admin Accounts: Retained while employed by the institution or as long as institutional subscription is active

Inactive Accounts:

• Accounts inactive for 2+ years: We send deletion notices and anonymize data if no response within 60 days
• Canceled subscriptions: Data retained for 90 days, then deleted unless legally required to retain

Audio Recordings:

• Original audio files deleted 180 days after upload (transcripts and assessments retained)
• Exception: Users can request early deletion of specific recordings

Aggregated Data:

• De-identified, aggregated analytics retained indefinitely for research and product improvement

5.2 Your Right to Deletion

You can request deletion of your data at any time:

• Students: Contact your institution's NurseKind administrator or email [email protected]
• Individual Subscribers: Delete your account in the app settings or email [email protected]
• Institutions: Contact your account manager or email [email protected]

Exceptions to Deletion:

• We may retain data if required by law (e.g., financial records for tax purposes)
• De-identified data used in aggregated research may not be deleted
• Backup systems may retain data for up to 90 days after deletion request

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Rights for All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a machine-readable format (JSON or CSV)

6.2 Additional Rights (GDPR, CCPA, etc.)

For EEA/UK Users (GDPR):

• Right to Object: Object to processing based on legitimate interests
• Right to Restriction: Request we limit processing of your data in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing at any time (doesn't affect prior lawful processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

For California Users (CCPA):

• Right to Know: Request details about what personal information we collect, use, disclose, and sell (we don't sell)
• Right to Delete: Request deletion of personal information (with exceptions)
• Right to Opt-Out: Opt out of the "sale" of personal information (not applicable as we don't sell)
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights

6.3 How to Exercise Your Rights

To make a privacy rights request:

1. Email [email protected] with subject "Privacy Rights Request"
2. Specify which right(s) you wish to exercise
3. Provide sufficient information to verify your identity (name, email associated with account)
4. We will respond within 30 days (or as required by applicable law)

Verification Process: We may ask for additional information to verify your identity before processing requests to prevent unauthorized access.

7. Data Security

We implement industry-standard security measures to protect your information:

7.1 Technical Safeguards

• Encryption:
  • Data encrypted in transit using TLS 1.2+ (HTTPS)
  • Data encrypted at rest (AES-256 encryption for database and file storage)
  • Passwords hashed using bcrypt with salts
• Access Controls:
  • Multi-factor authentication (MFA) available for all users
  • Role-based access control (RBAC) - users see only data they're authorized to access
  • Row Level Security (RLS) policies in Supabase database
• Infrastructure Security:
  • Regular security audits and penetration testing
  • Automated backup systems with 30-day retention
  • Firewall protection and intrusion detection systems

7.2 Organizational Safeguards

• Employee Training: All staff trained on data privacy and security best practices
• Access Restrictions: Employee access to personal data limited to those with legitimate business need
• Confidentiality Agreements: All employees and contractors sign non-disclosure agreements (NDAs)
• Incident Response Plan: Procedures in place for detecting, responding to, and recovering from security incidents

7.3 Limitations

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security, but we commit to:

• Promptly notifying affected users in the event of a data breach
• Cooperating with law enforcement and regulatory authorities
• Taking immediate action to contain and remediate security incidents

8. FERPA Compliance (For Institutional Users)

NurseKind AI complies with the Family Educational Rights and Privacy Act (FERPA) when used by educational institutions.

8.1 NurseKind AI as a "School Official"

Under FERPA, we function as a "school official" with a "legitimate educational interest" in student education records:

• Purpose: We process student data solely to provide educational assessment services contracted by the institution
• Access Limitations: We do not use student data for purposes outside the scope of our services
• No Re-Disclosure: We do not re-disclose personally identifiable student information without institutional authorization (except as permitted by FERPA)

8.2 Student Rights Under FERPA

Students have the following rights regarding their educational records:

• Right to Inspect: Request to review your NurseKind AI records through your institution
• Right to Amend: Request correction of inaccurate or misleading records
• Right to Consent: Control disclosure of personally identifiable information (except in FERPA-permitted circumstances)
• Right to File a Complaint: File complaints about FERPA violations with the U.S. Department of Education

To Exercise FERPA Rights: Contact your institution's registrar or NurseKind AI administrator.

8.3 Directory Information

We do not treat any student data as "directory information." All student records in NurseKind AI are treated as protected educational records requiring consent for disclosure.

8.4 Parental Access (For Students Under 18)

Parents of students under 18 may have rights to access their child's educational records under FERPA. Contact your institution for details on parental access procedures.

9. International Data Transfers

NurseKind AI is based in the United States. If you access our services from outside the U.S., your information will be transferred to, stored in, and processed in the United States and potentially other countries where our service providers operate.

Legal Protections for International Transfers:

• Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to the U.S.
• Data Protection Addenda: Our contracts with third-party processors include appropriate data protection terms
• Privacy Shield: While invalidated, we maintain practices consistent with former Privacy Shield principles
• Adequacy Decisions: We comply with applicable adequacy decisions and transfer mechanisms

Data Protection Standards: Regardless of where data is processed, we apply consistent security and privacy protections as described in this policy.

10. Third-Party Services & Links

Our services integrate with and link to third-party services with their own privacy policies:

10.1 Third-Party Privacy Policies

• AssemblyAI: Privacy Policy
• OpenAI: Privacy Policy
• Anthropic: Privacy Policy
• Supabase: Privacy Policy
• Apple (IAP): Privacy Policy

We encourage you to review these third-party privacy policies. We are not responsible for the privacy practices of third-party services.

10.2 External Links

Our platform may contain links to external websites or resources. We are not responsible for the privacy practices or content of these third-party sites. Clicking external links is at your own risk.

11. Children's Privacy (COPPA Compliance)

NurseKind AI is designed for use by nursing students and educators, typically 18 years of age or older. We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If you believe we have inadvertently collected information from a child under 13:

• Contact us immediately at [email protected]
• We will take prompt steps to delete such information
• Parents/guardians have the right to review and request deletion of their child's information

For Students Under 18: Educational institutions using NurseKind AI for students under 18 are responsible for obtaining any necessary parental consent as required by FERPA and applicable state laws.

12. Cookies & Tracking Technologies

Our web platform uses cookies and similar tracking technologies to provide and improve our services.

12.1 Types of Cookies We Use

Essential Cookies: Required for core functionality

• Authentication cookies (keep you logged in)
• Session management cookies
• Security cookies (prevent fraud and abuse)

Functional Cookies: Enhance user experience

• Preference cookies (remember your settings)
• Language and regional preferences

Analytics Cookies: Help us improve our services

• Usage statistics (aggregate, non-identifying)
• Performance monitoring
• Error tracking for debugging

12.2 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may impact functionality)
• Accept only essential cookies
• Delete cookies after each session

Note: Disabling essential cookies may prevent you from accessing certain features of our web platform, including login functionality.

12.3 Do Not Track

Our platform does not currently respond to "Do Not Track" (DNT) browser signals. We do not track users across third-party websites for advertising purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

How We Notify You of Changes:

• Updating the "Last Updated" date at the top of this policy
• In-app notifications for material changes (mobile app)
• Email notifications to institutional administrators for significant changes
• Banner notice on web platform for 30 days after updates

Material Changes: For significant changes that substantially alter our data practices or your rights, we will:

• Provide 30 days advance notice
• Obtain renewed consent where legally required
• Provide clear information about what changed and why

Your Continued Use: Continued use of NurseKind AI after changes become effective constitutes acceptance of the updated Privacy Policy. If you disagree with changes, discontinue use and contact us about data deletion.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users without unreasonable delay (typically within 72 hours of discovery)
• Notify relevant regulatory authorities as required by law (e.g., HHS for FERPA violations, state attorneys general for certain breaches)
• Provide information about: what happened, what data was affected, what we're doing to address it, and what you can do to protect yourself
• Offer credit monitoring services if financial information was compromised (though we don't store financial data directly)

---

15. Contact Information & Privacy Inquiries

---

16. Consent & Agreement

By using NurseKind AI (including the iOS mobile app, Android mobile app, web application, or institutional dashboard), you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms of Service.

For Individual Users: Your use of the app or website constitutes consent to our data practices as described.

For Institutional Users: Your institution's subscription agreement incorporates this Privacy Policy. Your use of NurseKind AI under an institutional subscription constitutes acceptance of these terms.

If you do not agree: Please do not use NurseKind AI. Contact your institution's administrator or our support team for alternatives.