Privacy Policy

We collect information you provide directly when you create an account, subscribe to our services, or contact us. This may include your name, email address, phone number, practice name, billing information, and professional credentials.

When you use our platform, we automatically collect certain technical data including IP addresses, browser type, device identifiers, pages visited, and usage patterns. This helps us improve our services and maintain security.

For healthcare providers using our platform, Protected Health Information (PHI) is processed strictly in accordance with HIPAA regulations and our Business Associate Agreement (BAA).

We use your information to provide, maintain, and improve our healthcare services, including custom software development, our community forum, and related services.

Your data helps us personalize your experience, process transactions, send service-related communications, and provide customer support. We may also use aggregated, de-identified data for analytics and product development.

We will never sell your personal information or PHI to third parties. Any use of PHI is governed by HIPAA requirements and our BAA.

NexelioHealth is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA). We serve as a Business Associate under HIPAA and execute Business Associate Agreements with all covered entity clients.

All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to PHI is strictly controlled through role-based access controls, multi-factor authentication, and comprehensive audit logging.

We maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule, and our workforce receives regular HIPAA compliance training.

We use essential cookies to maintain your session and ensure the platform functions correctly. These are strictly necessary and cannot be disabled while using our services.

We may use analytics cookies (such as Google Analytics) to understand how visitors interact with our marketing website. These do not apply to the authenticated platform where PHI may be present.

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use the NexelioHealth platform.

We work with carefully vetted third-party service providers who assist in delivering our platform, including cloud infrastructure (AWS/GCP), payment processing (Stripe), email delivery, and customer support tools.

All third-party providers with potential access to PHI are required to sign Business Associate Agreements and comply with HIPAA requirements. We regularly audit our vendors for compliance.

We do not share your personal information with third-party advertisers or data brokers.

We implement industry-leading security measures including end-to-end encryption, regular penetration testing, intrusion detection systems, and SOC 2-aligned controls.

Our infrastructure is hosted in HIPAA-eligible data centers with physical security controls, redundancy, and disaster recovery capabilities.

In the event of a data breach involving PHI, we will notify affected parties and the Department of Health and Human Services in accordance with the HIPAA Breach Notification Rule.

You have the right to access, correct, or delete your personal account information at any time through your account settings or by contacting us.

Patients whose PHI is processed through our platform should direct data access requests to their healthcare provider, who is the data controller for their health information.

California residents may have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt-out of certain data sharing. Contact us to exercise these rights.

We retain your account information for as long as your account is active or as needed to provide services. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

PHI retention periods are governed by applicable healthcare regulations and our BAA. Healthcare providers are responsible for determining appropriate retention periods for their patient data.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, for significant changes, by sending an email notification.

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

NexelioHealth LLC Ellicott City, MD, USA Email: service@nexeliohealth.com Phone: +1 (888) 603-1929