Privacy Policy
Privacy Policy
Last Updated: April 22, 2026 Effective Date: April 22, 2026 Version: 3.1
1. INTRODUCTION
1.1 About This Policy
This Privacy Policy explains how 1001511837 ONTARIO INC. (operating as Nursio) collects, uses, discloses, and protects your personal information when you use our educational platform for nursing professionals.
1.2 Contact Information
1001511837 ONTARIO INC. (operating as Nursio) 1025 King Street Est, Unit 107 Cambridge, Ontario, N3H3P5, Canada
Email: contact@nursio.io
1.3 Our Commitment
We are committed to protecting your privacy in accordance with:
- PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
- Loi 25 (Quebec Privacy Law)
- CCPA (California Consumer Privacy Act) - for California residents
2. DATA WE COLLECT
2.1 Account Information
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication, communications |
| First and last name | Personalization of your learning experience |
| Password (encrypted) | Account security |
2.2 Profile Data
| Data | Purpose |
|---|---|
| User type | Tailoring content to your professional level |
| Language preference | Displaying content in your preferred language |
| Subscription plan | Managing your access to features |
2.3 Usage Data
| Data | Purpose |
|---|---|
| Courses completed | Tracking your educational progress |
| Simulation scores | Measuring learning outcomes |
| Time spent learning | Understanding engagement patterns |
2.4 Quick Notes Content
Quick Notes you create are stored to provide the service. These notes are intended for your personal professional reference and must be de-identified:
- Your personal clinical notes - for professional reference only
- De-identified by design - you are responsible for ensuring no patient identifiers are entered
- Not monitored - we do not review or de-identify user-entered content
Important: You must ensure all notes are properly de-identified before entry. See our Terms of Use for the complete list of identifiers that must not be included.
2.5 Technical Data (Optional)
With your consent, we may collect crash reports to improve app stability. This data:
- Does not include personal information
- Is used only for debugging and improvement
- Can be disabled in your app settings
2.6 Referral Data
If you participate in our referral program:
- Your referral code
- Who referred you (if applicable)
3. HOW WE USE YOUR DATA
3.1 Service Delivery
- Providing access to courses and educational content
- Enabling Quick Notes functionality
- Managing your subscription and account
3.2 Educational Progress Tracking
- Recording your completed courses and simulations
- Calculating and displaying your performance scores
- Generating progress reports
3.3 Communication
- Transactional emails (receipts, account updates)
- Educational updates and new content notifications
- Service announcements
You can opt-out of non-essential communications at any time.
3.4 Analytics
We use aggregated, anonymized data to:
- Improve our educational content
- Understand how features are used
- Identify and fix technical issues
We do NOT use individual profiling or automated decision-making that produces legal or similarly significant effects on you. See §5.4 for how an AI service evaluates free-text simulation answers to provide educational feedback.
4. LEGAL BASIS FOR PROCESSING
4.1 Canada (PIPEDA)
We process your data in accordance with PIPEDA's 10 Fair Information Principles:
- Accountability - We are responsible for personal information under our control
- Identifying Purposes - We identify purposes before or at the time of collection
- Consent - We obtain meaningful consent for collection, use, and disclosure
- Limiting Collection - We collect only what is necessary
- Limiting Use, Disclosure, and Retention - We use data only for stated purposes
- Accuracy - We keep information accurate and up-to-date
- Safeguards - We protect information with appropriate security measures
- Openness - We make our privacy policies publicly available
- Individual Access - You can access and correct your information
- Challenging Compliance - You can file complaints about our compliance
4.2 Quebec (Loi 25)
For Quebec residents, we provide:
- Explicit consent for data collection
- Right to data portability
- Right to withdraw consent at any time
- French language access to all privacy information
4.3 California (CCPA)
California residents have the right to:
- Know what personal information we collect
- Delete your personal information
- Opt-out of sale of personal information (Note: We do NOT sell your data)
- Non-discrimination for exercising your privacy rights
4.4 HIPAA Status (United States)
Nursio is a professional tool for nursing education and personal clinical reference. We are NOT:
- A healthcare provider
- A health plan
- A healthcare clearinghouse
- A business associate under HIPAA
HIPAA does not apply to our services because we do not collect, store, or process Protected Health Information (PHI) on behalf of covered entities.
Quick Notes and De-Identification
The Quick Notes feature is a personal reference tool for de-identified clinical notes. We do not monitor, review, or de-identify content entered by users.
User Responsibility for De-Identification: You are solely responsible for ensuring that any notes you create are properly de-identified. Per HIPAA Safe Harbor standards, de-identified notes must NOT contain:
- Names or initials
- Geographic data smaller than state
- Dates (except year) related to an individual
- Phone/fax numbers, email addresses
- Social Security numbers
- Medical record numbers, account numbers
- Health plan beneficiary numbers
- Certificate/license numbers
- Vehicle or device identifiers
- Web URLs, IP addresses
- Biometric identifiers, photographs
- Any other unique identifying number or code
Disclaimer: Nursio does not function as a medical record system and does not handle PHI. For official patient documentation, use your healthcare institution's approved systems.
5. DATA SHARING WITH THIRD PARTIES
5.1 Service Providers
We share limited data with the following service providers that help us operate Nursio. Each provider processes data only for the purpose described, under contractual obligations consistent with PIPEDA, Loi 25, and CCPA.
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Authentication, database, file storage | Email, name, user ID, notes, simulation responses, wellness entries | Canada / USA |
| OpenAI | AI-assisted evaluation of free-text simulation answers (see §5.4) | Free-text answer content and rubric prompt only — no identifiers | USA |
| RevenueCat | Subscription entitlement management | User ID, purchase status | USA |
| Apple (App Store) | In-app subscription billing | Purchase history | Global |
| Google (Play Store) | In-app subscription billing | Purchase history | Global |
| Content delivery network | Efficient delivery of educational content | No personal data | Global |
Each provider acts as a data processor under our instructions and is bound by a data-processing agreement that restricts use to the purpose above.
5.2 What We Do NOT Do
- We do NOT sell your personal information
- We do NOT share data for advertising purposes
- We do NOT share data with data brokers
5.3 Legal Requirements
We may disclose information if required by law, such as:
- Court orders or subpoenas
- Government investigations
- Protection of rights and safety
5.4 AI-Assisted Feedback Evaluation
Some clinical simulations ask you to write a free-text answer. When you submit such an answer, Nursio sends the text to OpenAI over an encrypted (TLS) connection, together with the associated rubric, for the sole purpose of generating semantic feedback — for example, whether your answer is correct, partially correct, or incorrect, and a short educational explanation.
Scope and limits:
- The AI service is used only to evaluate your answer against a known rubric. It does NOT generate open-ended content for you, power a chatbot, or produce images or audio.
- The only data transmitted is the free-text answer and the rubric prompt. Your name, email, and account identifier are NOT sent with the request.
- Requests are sent with zero data retention enabled. OpenAI does not store your free-text answer beyond the duration of the API call.
- The resulting feedback is educational and is NOT a clinical recommendation, diagnosis, or assessment of your professional competence.
Your choice:
The first time you submit a free-text answer, Nursio shows you a short notice describing this processing. You can choose to skip free-text questions if you prefer not to use this feature; all other question types (multiple choice, ordering, item selection, monitor interpretation) work without AI evaluation.
6. DATA RETENTION
| Data Type | Retention Period |
|---|---|
| Account data | While your account is active |
| Usage data | 2 years after last activity |
| Quick Notes | Until you delete them |
| Crash reports | 90 days |
6.1 Account Deletion
You can delete your Nursio account at any time through either of the following paths:
- In-app: Settings → Account → Delete account. You will be asked to type "DELETE" to confirm (the confirmation word is localized: "ELIMINAR" in Spanish, "SUPPRIMER" in French).
- Web: Visit https://nursio.io/delete-account and follow the instructions.
When you delete your account, we perform a hard deletion of your user profile, Quick Notes, simulation responses, wellness entries, referral data, and subscription entitlement. Deletion is completed within 30 days, except where retention is required by law (for example, financial records related to purchases, retained for the period required by Canadian tax law).
You may also request deletion by email at contact@nursio.io. We verify your identity before processing the request.
7. YOUR RIGHTS BY JURISDICTION
7.1 Canada (PIPEDA)
You have the right to:
- Access your personal information
- Rectify inaccurate data
- Delete your account and data
- Complain to the Privacy Commissioner of Canada
7.2 Quebec (Loi 25)
In addition to PIPEDA rights:
- Data portability - receive your data in a structured format
- Withdraw consent at any time
- Complain to the Commission d'accès à l'information du Québec
7.3 California (CCPA)
California residents can:
- Know what data we collect and why
- Delete their personal information
- Opt-out of data sale (Note: We don't sell data)
- Non-discrimination for exercising rights
To exercise your rights, contact us at contact@nursio.io.
8. DATA SECURITY
We protect your data with:
- Encryption in transit (TLS/SSL)
- Encryption at rest for stored data
- Access controls limiting who can access data
- Authentication requirements for account access
- Regular security reviews of our systems
8.1 Permissions Declared but Not Used
In keeping with data minimization, Nursio declares the fewest permissions possible. One permission requires explicit disclosure:
- Microphone (iOS only): Nursio declares
NSMicrophoneUsageDescriptionin its iOS bundle because a third-party framework we depend on statically links it. Nursio itself does NOT record, transmit, or store audio. The app never invokes any microphone API, never prompts for microphone permission, and no audio-recording code path exists. On Android, theRECORD_AUDIOpermission is not declared in the manifest at all.
All other permissions (camera, photo library, notifications) are optional and used only for the features described in §3.
9. DATA BREACH NOTIFICATION
In the unlikely event of a data breach that poses a real risk of significant harm:
- Notification to Users: We will notify affected users as soon as feasible
- Notification to Authorities: We will report to the Office of the Privacy Commissioner of Canada as required
- Record Keeping: We maintain records of all breaches as required by PIPEDA
A "real risk of significant harm" includes:
- Identity theft
- Financial loss
- Damage to reputation
- Loss of employment or business opportunities
10. COOKIES AND LOCAL STORAGE
10.1 What We Use
- Essential cookies: Required for the app to function
- Local storage: Storing your preferences and session data
10.2 What We Do NOT Use
- Tracking cookies
- Advertising cookies
- Third-party analytics cookies
11. CHILDREN'S PRIVACY
Our Service is intended for:
- Adults (18 years and older)
- Nursing professionals and students
We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.
For Quebec residents: We do not knowingly collect personal information from children under 14 without parental or guardian consent, as required by Loi 25.
12. FOR QUEBEC RESIDENTS (LOI 25)
If you reside in Quebec, the following additional rights and protections apply under Loi 25 (An Act to modernize legislative provisions as regards the protection of personal information):
12.1 Your Rights
- Access: Request access to your personal information
- Rectification: Request correction of inaccurate data
- Deletion: Request deletion of your personal information ("right to be forgotten")
- De-indexation: Request removal of hyperlinks associated with your name
- Portability: Receive your data in a structured, commonly used format within 30 days
- Withdraw Consent: Withdraw your consent at any time
12.2 Our Obligations
- Privacy by Default: Privacy settings are configured to the highest level by default
- Explicit Consent: We request separate consent for each purpose of data collection
- French Language: This policy is available in French
- Privacy Officer: Contact our Privacy Officer at contact@nursio.io
- Breach Notification: We will notify you and the Commission d'accès à l'information (CAI) of any breach posing a risk of serious harm
12.3 Sensitive Information
Medical and health-related observations in Quick Notes are considered sensitive information under Loi 25. You are responsible for ensuring such notes are properly de-identified.
12.4 Complaints
You may file a complaint with: Commission d'accès à l'information du Québec 525, boul. René-Lévesque Est, bureau 2.36 Québec (Québec) G1R 5S9 Téléphone : 418 528-7741 Site web : www.cai.gouv.qc.ca
13. INTERNATIONAL DATA TRANSFERS
Your data may be processed in countries outside Canada for the purpose of:
- Cloud infrastructure hosting
- Error monitoring and application stability
When data is transferred outside Canada, we ensure that:
- Appropriate contractual safeguards are in place
- The receiving party provides comparable protection
- Transfers comply with PIPEDA requirements for cross-border data flows
14. POLICY UPDATES
We may update this Privacy Policy from time to time. When we make material changes:
- We will notify you via email
- We will provide at least 30 days notice before changes take effect
- The updated policy will be available in the app and on our website
15. CONTACT US
If you have questions about this Privacy Policy or want to exercise your rights:
1001511837 ONTARIO INC. (operating as Nursio) 1025 King Street Est, Unit 107 Cambridge, Ontario, N3H3P5, Canada
Email: contact@nursio.io
For Privacy Complaints in Canada: Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca
For Privacy Complaints in Quebec: Commission d'accès à l'information du Québec 525, boul. René-Lévesque Est, bureau 2.36 Québec (Québec) G1R 5S9 Téléphone : 418 528-7741 Site web : www.cai.gouv.qc.ca