Join Waitlist

Data Deletion and Retention Policy

How we handle, retain, and delete your data

1. Purpose

This policy outlines how NurseApp Technologies Inc. ("NurseApp," "we," "our") retains, deletes, and anonymizes data in compliance with the Nova Scotia Personal Health Information Act (PHIA) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Our goals:

  • Minimize data retention to what is strictly necessary
  • Provide patients and providers with clear deletion rights
  • Ensure compliance with legal and regulatory retention obligations

2. Scope

This policy applies to all data collected, stored, or processed by NurseApp, including:

  • Patient/Client Data: Personal info, health info, payment details
  • Provider Data: License, insurance, credentials, payout details
  • Technical Data: IP addresses, logs, device IDs, usage data

3. Retention Periods

👤

Patient Data

  • Health Records: 10 years after last service (PHIA)
  • Account Info: Active + 2 years after closure
  • Payment Records: 7 years (CRA compliance)
👩‍⚕️

Provider Data

  • Credentials & Insurance: Active + 2 years post-termination
  • Payment/Payout Records: 7 years (financial compliance)
💻

Technical/Log Data

  • Audit & Security Logs: 2 years
  • Analytics Data: Anonymized after 18 months

4. Deletion Rights

Users may request deletion of their account and personal data at any time.

Upon verified request:

  • Personal data not subject to regulatory retention is deleted within 30 days
  • Health records will be deleted/anonymized only after legal retention periods expire (10 years in NS)

Deletion requests must be submitted via support@nurseapp.ca or the in-app "Delete My Data" option.

5. Methods of Deletion

  • Secure Erasure: Data is permanently deleted from active databases and backups using industry-standard methods (NIST 800-88)
  • Anonymization: Where full deletion is not legally permitted, data will be de-identified and stripped of identifiers
  • Backup Deletion: Deleted data may remain in encrypted backups for up to 90 days before permanent erasure

6. Exceptions

Data may be retained beyond the above periods if required for:

  • Legal proceedings, investigations, or audits
  • Insurance claims or dispute resolution
  • Fraud detection or security monitoring

7. Compliance & Accountability

  • A Privacy Officer is appointed to oversee all data deletion requests
  • NurseApp maintains an audit log of deletion requests and their resolution
  • Annual Privacy Impact Assessments (PIAs) include review of retention & deletion practices

8. Updates

We may revise this policy to reflect legal or operational changes. Updated versions will be posted on our website and app.

Need to Delete Your Data?

Contact our support team to submit a data deletion request

Contact Support Privacy Policy