Privacy Policy (Closed Beta)

Last updated: October 06, 2025

This Privacy Policy explains how we (Athena Technology Consulting Ltd) collect, use, share, and protect personal data— including health‑related information—when you use Nomad.Healthcare (the "Service") during our closed Beta.

We are:
Athena Technology Consulting Ltd (company no. 15813005)
2nd Floor, College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE
Contact (privacy & general): hello@nomad.healthcare

We act as the Data Controller for your personal data processed via the Service. We operate under UK data protection law (UK GDPR and the Data Protection Act 2018). This policy applies to users in England & Wales.

Because the Service may process health‑related information (special category data), we ask for your explicit consent. You can withdraw consent at any time (see Section 13).

The Service is in closed Beta. It is provided "as is" and may change quickly, contain defects, or be unavailable at times. Please maintain your own backups of important files.

1. What this policy covers (scope)

This policy covers personal data we process when you:

  • • create an account, sign in, use 2FA;
  • • connect email integrations (e.g., Gmail) and configure queries;
  • • upload, view, search, tag, and organize documents and records;
  • • create and manage secure shares;
  • • contact support;
  • • use the Service via web or mobile browsers.

It also covers data we generate for you, such as:

  • • extracted text from documents (OCR/LLM);
  • • structured "elements" (appointments, lab results, imaging, prescriptions, billing, notes) and provider contacts derived from your content;
  • • search indexes and timelines;
  • • security and access logs (e.g., share access events).

2. The data we collect and generate

We collect and process the following categories of personal data:

A) Account & authentication

  • • Email address, password hash, 2FA/TOTP setup;
  • • Sign‑in/session metadata (times, IP address, user agent) for security and troubleshooting.

B) Usage & technical logs

  • • Basic diagnostic logs (e.g., timestamps, paths/routes, user agent strings, request metadata, anonymised IDs such as record/element/document identifiers), error logs, and performance telemetry;
  • • Event logs around sharing (successful/failed share access).

C) Content you provide

  • • Files you upload (e.g., PDFs, images, DOCX, XLSX, TXT) and any titles/notes/tags you add;
  • • Records and "elements" created from your content (appointments, test results, imaging, prescriptions, diagnoses, observations, billing).

D) Email ingestion (if you enable it)

  • • Messages and attachments matching your queries (e.g., "has:attachment subject:(results OR report)"), including message headers, subject, body text/HTML, and files;
  • • Metadata such as message IDs, timestamps, sender/recipient addresses;
  • • Extracted links from messages; we may fetch page metadata (e.g., title, content type, HTTP status) to assist you in organising sources.

E) Derived/processed data

  • • OCR/LLM outputs: extracted text (e.g., from scanned PDFs/images), structured summaries, and metadata stored with the document or element;
  • • ICS parsing (calendar files): minimal event details (e.g., UID, sequence, organiser, dtstart/dtend) stored as document metadata to help you identify appointments; we do not rely on ICS to set "authoritative" event times unless you direct it;
  • • Provider contacts: canonical provider/organisation names and contact details (emails, phones, websites, addresses, country codes) derived from your content and consolidated as your personal directory;
  • • Search indexes: We build indexes for fast search across record titles/summaries, element summaries, provider/organisation names, tags, and a bounded amount of document text (e.g., up to ~10,000 characters per record for search relevance);
  • • Deduplication fingerprints: file hashes to help avoid duplicate files.

F) Sharing events

Share session token (short‑lived), share label, password hash (bcrypt), share expiry/max‑views counters, access logs with timestamp, IP address, and user agent to help you audit access and to protect recipients and owners.

We do not sell your personal data.

3. Why we process personal data (purposes)

We process personal data to:

  • • Provide the Service: ingestion (email or uploads), OCR/LLM text extraction, structured element generation, record/timeline building, search, provider directory, secure viewing/streaming, and sharing features.
  • • Maintain security and integrity: authentication, access controls, share access verification, incident detection, logging, preventing abuse.
  • • Improve and test features during Beta: usability, performance, reliability. During Beta, features may be added/removed quickly.
  • • Communicate with you: account notices, security advisories, product updates, support.
  • • Comply with legal obligations and enforce our Terms of Use.

4. Legal bases for processing

Depending on context, our legal bases under UK GDPR include:

  • • Performance of a contract (Article 6(1)(b)): to deliver features you request (e.g., upload, view, search, share records).
  • • Legitimate interests (Article 6(1)(f)): service security, fraud prevention, quality and reliability improvements, logs/telemetry (balanced against your rights).
  • • Consent (Article 6(1)(a)) and Explicit Consent (Article 9(2)(a)) for special category data (health‑related information) that you choose to ingest/upload or process via integrations and OCR/LLM. You can withdraw consent at any time (Section 13).
  • • Legal obligations (Article 6(1)(c)): where we must retain or disclose data to comply with law.

5. Special category (health) data

Nomad.Healthcare helps you consolidate and make sense of your health records. When you upload or ingest health‑related content (including messages/attachments from email), we process that data only:

  • • with your explicit consent;
  • • to provide the Service you request (e.g., convert scanned PDFs to text, generate summaries, organise and link related documents, let you search and share with recipients you choose).

If you withdraw consent, some or all Service functionality may no longer be available (e.g., ingest, OCR/LLM processing, search). See Section 13.

6. Detailed processing activities

Below are key processes and how they work:

  • Uploads: You can upload files (PDF, images, DOCX, XLSX, etc.). Files are stored privately. We compute hashes to support deduplication and maintain storage integrity.
  • Email ingestion (optional):
    You can connect Gmail and set precise queries. We only ingest messages and attachments matching your queries. You remain in full control of query scope and can change or remove them at any time.
  • OCR and text extraction (documents/images):
    For image‑only PDFs and photos, we create page images and use reputable OCR/LLM vendors to extract text into clean, searchable form. We store the resulting text with your document. We also store light metadata about the extraction (e.g., pages processed, errors, character count).
  • ICS (calendar) parsing:
    If an attachment is an .ics calendar file, we parse minimal event details (UID, sequence, organiser, start/end) as document metadata for your convenience.
  • Structured data generation:
    We use LLM‑based transformation to propose elements (e.g., appointment/test result/imaging/prescription/diagnosis/billing) and concise summaries to help you search and organise. We also extract provider contacts (name, kind, emails, phones, websites, address, country code) and consolidate them into your personal directory.
  • Provider directory (authoritative contacts):
    Over time, we may consolidate repeated provider names into a single canonical contact in your account, merging additional emails/phones/websites as discovered. We do not operate a public provider database; this is your private directory.
  • Search indexing:
    We create search vectors that include your record titles/summaries, element summaries, tags, provider/organisation names, and a bounded portion of document text to enable fast, relevant results.
  • Secure viewing & streaming:
    Documents are served through a proxy with short‑lived signed links. Inline viewers apply protective headers, watermarks, and download deterrents. This reduces accidental exposure of raw storage URLs.
  • Sharing:
    You can create password‑protected shares with optional expiry and view limits. We issue a short‑lived share session token on successful password entry, and log access events (time, IP, user agent) so you can audit share usage. You can revoke shares at any time.
  • External links:
    If we detect URLs in your messages, we may perform a lightweight fetch to record whether the link is reachable and capture minimal metadata (e.g., HTTP status, content type, title), which helps you audit sources. We do not crawl content for any other purpose.
  • Logs and diagnostics:
    We keep limited operational logs for security and troubleshooting. We do not record document contents in logs.

We do not use your data to train our own general‑purpose models. Where we rely on third‑party AI providers, we contractually aim to restrict use of your content for model training and instruct them to process data solely to provide the requested service to you. See Section 8 (Sub‑processors).

7. Cookies and similar technologies

We use minimal cookies and similar storage strictly necessary to operate the Service:

  • • Session/authentication tokens (including Supabase session), short‑lived share session tokens (HttpOnly where applicable);
  • • Security/session state;
  • • Optional PWA/service worker caches to improve performance.

We do not use third‑party advertising cookies. If we add optional analytics in future, we will update this policy and provide appropriate controls.

8. Service providers and sub‑processors

To provide the Service, we rely on reputable third‑party providers (examples below). Locations and providers may change; we will maintain an up‑to‑date list on request.

  • Authentication & user management: Supabase (UK/EU or other regions depending on configuration) — manages sign‑in, sessions, optional MFA.
  • Infrastructure & storage: Cloud hosting providers and S3‑compatible object storage (e.g., DigitalOcean Spaces).
  • OCR/LLM vendors (for text extraction and structured summaries from your documents):
    - Anthropic (API processing of page images or text passages).
    - Mistral AI (document OCR/LLM).
    We send only what is needed for extraction (typically page images or text snippets, not entire mailboxes).
  • Email ingestion: Gmail API (if you connect), including storage of refreshable credentials to retrieve messages matching your queries.
  • Transactional email/similar inbound adapters (if enabled): Postmark/Mailgun/SES‑style payloads for optional email webhook ingestion.
  • Logging/monitoring & operational tooling: limited metadata (e.g., runtime events, error traces).

International transfers may occur where these providers operate (e.g., EEA/US/UK). Where we transfer data outside the UK, we rely on appropriate safeguards (e.g., adequacy decisions or standard contractual clauses). We require providers to process data under our instructions and to implement reasonable security measures.

9. How we protect your data (security)

We implement technical and organisational measures appropriate to the risks, including:

  • • Access controls; multi‑factor authentication support; least‑privilege principles for our team;
  • • Encryption in transit (TLS) and at rest for storage;
  • • Short‑lived, signed URLs for secure file access via proxy;
  • • Inline viewers with protective headers (e.g., Content Security Policy, X‑Content‑Type‑Options) and watermarks;
  • • Robust deletion flows for records and files, with checks against accidental orphaning/duplicates;
  • • Regular review of sub‑processors and configuration.

No online service can guarantee perfect security—especially during Beta. Please use strong passwords and 2FA, and share only what is necessary with recipients you trust.

10. How long we keep data (retention)

  • Account data: kept while your account is active and for a reasonable period after closure to resolve queries or comply with legal obligations.
  • Content (records/documents/elements): retained until you delete them or delete your account.
  • Share metadata and access logs: retained while shares are active and for a reasonable audit period thereafter.
  • Diagnostics & security logs: retained for a short duration necessary for security, troubleshooting, and service integrity.
  • Backups: we maintain short, rotating backups for resilience. Deleted items typically fall out of backups within a limited window (e.g., ~30–90 days), after which they are irrecoverable.

Exact retention periods may vary based on technical, legal, or operational requirements. During Beta, we may adjust retention for stability and reliability; we will aim to keep periods short and proportionate.

11. Your choices and controls

  • • You control ingestion scope: you decide what to upload and how narrowly to define email queries.
  • • You can delete content at any time: records, documents, elements, providers (where applicable).
  • • You can revoke shares at any time (revocation does not remove copies already obtained by recipients).
  • • You can disconnect integrations and remove credentials.

12. Your rights

Under UK data protection law, you have rights to:

  • • Access your data;
  • • Rectify inaccurate data;
  • • Erase data ("right to be forgotten");
  • • Restrict or object to certain processing;
  • • Data portability (in common, machine‑readable formats);
  • • Withdraw consent at any time for processing that relies on consent (including explicit consent for health data);
  • • Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise rights, contact hello@nomad.healthcare.
ICO: www.ico.org.uk/make-a-complaint/ or +44 303 123 1113.

We will respond within statutory timeframes. During Beta, some self‑service export/delete features may be manual; we will still honour rights requests.

13. Consent and withdrawal

For health‑related processing and email ingestion, we rely on your explicit consent. You can withdraw consent at any time in‑app (e.g., disable integrations, delete content) or by contacting us. Withdrawal does not affect processing that has already occurred and may limit or disable Service functionality.

14. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe a child has used the Service, contact us to request deletion.

15. Changes to this policy

We may update this policy as we improve the Service or our practices evolve. We will post the updated version with a revised "Last updated" date. If changes are material, we'll take reasonable steps to notify you. Your continued use after changes take effect constitutes acceptance.

16. Contact

Athena Technology Consulting Ltd (15813005)
2nd Floor, College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE
Email: hello@nomad.healthcare