Privacy Policy

Last updated: March 20, 2026

NovaQuarx Inc. (“NovaQuarx,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who visit our website (novaquarx.com) and who use our applications, including VitalsBase. This Privacy Policy describes how we collect, use, and protect your information.

1. Information We Collect

Information You Provide

When you use our services, you may provide us with:

  • Account Information: Name, email address, and password when you create an account
  • Patient Profile Information: Patient name, date of birth, biological sex, and known medical conditions
  • Health Data: Blood glucose readings, blood pressure, heart rate, oxygen saturation, body temperature, weight, meal context, timestamps, and free-text notes
  • Imported Health Data: Vitals and readings imported from Apple Health, Google Health Connect, or FHIR-compliant healthcare systems, with your explicit permission
  • Contact Information: Name and email address when you contact us through our website

Information Collected Automatically

When you use our website or applications, we may automatically collect:

  • Device Information: Device type, operating system, browser type, and screen resolution
  • Usage Data: Pages visited, features used, and interaction patterns
  • Log Data: IP address, access times, and referring URLs

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the VitalsBase application and its features, including glucose and vital sign tracking, trend visualization, and AI-generated health insights
  • Generate AI-powered insights by sending anonymized health data to Anthropic’s Claude API for plain-language trend analysis (no personally identifiable information is included in AI requests)
  • Import health data from Apple Health, Google Health Connect, or FHIR-compliant systems when you explicitly authorize access
  • Improve our services by analyzing usage patterns and identifying areas for enhancement
  • Communicate with you about your account, service updates, or in response to your inquiries
  • Ensure security by detecting and preventing unauthorized access or abuse

3. Health Data and AI Processing

VitalsBase processes health data to provide its core functionality. Important details about how health data is handled:

  • AI Insight Generation: When you request an AI-generated insight, your recent health readings (values, timestamps, and meal context) are sent to Anthropic’s Claude API for analysis. Patient names and personally identifiable information are not included in AI requests.
  • Data Storage: All health data is stored in encrypted databases hosted on secure infrastructure. AI-generated insights are cached to reduce redundant processing.
  • No Medical Advice: VitalsBase provides general wellness observations and trend analysis. It does not provide medical diagnoses, treatment recommendations, or clinical advice. Always consult your healthcare provider for clinical decisions.
  • Data Import: When you import data from Apple Health, Google Health Connect, or a FHIR server, we only access the specific health data types you explicitly authorize. Permissions can be revoked at any time through your device settings.
  • Rate Limiting: AI insight generation is limited to one request per patient per hour to manage service quality and prevent abuse.

4. Data Sharing and Disclosure

We do not sell your personal information or health data. We may share information only in the following circumstances:

  • Service Providers: We use third-party services to operate VitalsBase, including cloud hosting (Railway, Vercel), authentication (Firebase), and AI processing (Anthropic). These providers process data on our behalf under contractual obligations to protect your information.
  • Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
  • Safety: We may disclose information when we believe it is necessary to protect the safety, rights, or property of NovaQuarx, our users, or the public.

5. Data Security

We implement industry-standard security measures to protect your information:

  • All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Health data is stored in encrypted databases with access controls
  • Authentication tokens use short expiry periods with secure refresh mechanisms
  • All API inputs are validated server-side to prevent injection attacks
  • We conduct regular security assessments of our infrastructure

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your health data and account information for as long as your account is active. You may:

  • Export your data at any time using the CSV or PDF export features in VitalsBase
  • Delete individual readings through the History screen in the application
  • Request account deletion by contacting us at privacy@novaquarx.com, and we will delete your account and all associated data within 30 days

7. Apple Health and Google Health Connect

When you choose to connect VitalsBase to Apple Health (iOS) or Google Health Connect (Android):

  • We request read-only access to specific health data types (blood glucose, blood pressure, heart rate, oxygen saturation, body temperature, and weight)
  • We only access the data types you explicitly authorize — permissions are granular per data type
  • Imported data is stored in your VitalsBase account and subject to this Privacy Policy
  • We do not write data back to Apple Health or Google Health Connect without your explicit consent
  • You can revoke access at any time through your device’s Health settings (iOS) or Health Connect settings (Android)
  • We do not share data obtained from Apple Health or Google Health Connect with third parties for advertising or data mining purposes

8. FHIR Health Data Import

When you choose to import data from a FHIR-compliant healthcare system:

  • You initiate the connection and explicitly select which patient data to import
  • We access only the observation data types you select (vitals, glucose readings)
  • Imported data is stored in your VitalsBase account and subject to this Privacy Policy
  • We do not maintain persistent connections to FHIR servers — data is imported on demand
  • Connection credentials are not stored beyond the active import session

9. Children’s Privacy

VitalsBase is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at privacy@novaquarx.com and we will promptly delete such information.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Export your data in a portable format (CSV, PDF)
  • Withdraw consent for data processing
  • Lodge a complaint with a data protection authority

To exercise any of these rights, contact us at privacy@novaquarx.com.

11. Canadian Privacy Law (PIPEDA)

NovaQuarx Inc. is headquartered in Ottawa, Ontario, Canada, and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the right to access your personal information, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. For privacy-related inquiries under Canadian law, contact our Privacy Officer at privacy@novaquarx.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

NovaQuarx Inc.
Email: info@novaquarx.com
Website: novaquarx.com/contact