Call Us: 902-915-4501 Join Waitlist

Privacy Policy

Effective Date: 2026-01-12 | Last Updated: 2026-01-12 | Jurisdiction: Nova Scotia, Canada

1. Data Controller

NurseApp Technologies Inc., Halifax, Nova Scotia.

Contact: privacy@nurseapp.ca

2. Data We Collect

  • Patients/Clients: Name, contact info, health details relevant to care, service address.
  • Providers: Licensing information, insurance details, professional credentials, certifications.
  • Technical info: Device ID, IP address, usage logs, app version, operating system.
  • Location data: GPS coordinates for service matching and provider tracking (see Section 9).
  • Biometric data: Fingerprint or facial recognition templates for device authentication (see Section 8).
  • Payment information: Payment card details processed securely through Stripe (see Section 7).

3. Why We Collect Data

  • To facilitate booking and payment for healthcare services.
  • To verify provider credentials and licensing status.
  • To match patients with appropriate nearby healthcare providers.
  • To send important notifications about appointments and service updates.
  • To improve app functionality and user experience through analytics.
  • To comply with PHIA (Nova Scotia) and PIPEDA obligations.

4. Data Storage

  • All data stored on Canadian servers (Google Cloud Platform - Montreal region).
  • Encrypted in transit using TLS 1.3 and at rest using AES-256.
  • Access logged and restricted to authorized personnel only.
  • Regular security audits and penetration testing conducted.

5. Sharing

Your data is shared only with:

  • Healthcare providers chosen by clients for service delivery.
  • Payment processors (Stripe) for secure transaction processing.
  • Analytics providers (Firebase/Google) in anonymized or pseudonymized form.
  • Push notification services (Firebase Cloud Messaging) for app notifications.
  • Regulators and law enforcement if legally required.

6. Analytics Data Collection (Firebase Analytics)

We use Firebase Analytics to understand how users interact with our app and improve our services.

Data Collected:

  • App usage events: Screen views, button taps, feature usage patterns.
  • Device information: Device model, operating system version, app version.
  • Pseudonymous identifiers: Firebase installation ID, advertising ID (if permitted).
  • Geographic data: Country and region (not precise location).
  • Session data: Session duration, app opens, crashes and errors.

How It's Used:

  • Analyze app performance and identify issues.
  • Understand user behavior to improve features.
  • Monitor crash reports for stability improvements.
  • Generate aggregate usage statistics.

Your Control:

You can opt out of analytics data collection in the app settings. On iOS, you can also limit ad tracking in device settings. On Android, you can reset your advertising ID or opt out of personalized ads.

7. Payment Processing (Stripe)

We use Stripe as our payment processor to handle all financial transactions securely.

Data Handled by Stripe:

  • Payment card information: Card number, expiration date, CVV (never stored on our servers).
  • Billing address: For payment verification and fraud prevention.
  • Transaction history: Payment amounts, dates, and status.
  • Bank account details: For provider payouts (stored securely by Stripe).

Security Measures:

  • Stripe is PCI DSS Level 1 certified (highest level of security compliance).
  • Card details are tokenized and never touch our servers.
  • All payment data is encrypted using industry-standard protocols.
  • Fraud detection and prevention systems protect against unauthorized transactions.

For more information, see Stripe's Privacy Policy.

8. Biometric Authentication

Our app supports biometric authentication (fingerprint and face recognition) for secure and convenient login.

How Biometrics Work:

  • Local storage only: Biometric data (fingerprint templates, facial recognition data) is stored exclusively on your device's secure enclave/keystore.
  • Never transmitted: Your actual biometric data is never sent to our servers or any third party.
  • Credential storage: We store only an encrypted authentication token on your device, which is unlocked when biometric verification succeeds.

Your Control:

  • Biometric login is optional and can be enabled/disabled in account settings.
  • You can always use email/password login as an alternative.
  • Disabling biometric login removes the stored authentication token from your device.

Security:

We use platform-provided secure storage (iOS Keychain with Secure Enclave, Android Keystore with hardware-backed keys) to protect authentication credentials.

9. Location Data Collection

Location data is essential for matching patients with nearby healthcare providers and tracking service delivery.

For Clients/Patients:

  • Service address: Collected when booking a service to match with nearby providers.
  • Current location: Used to auto-fill service address and show provider proximity.

For Healthcare Providers:

  • When online: Location updated every 30 seconds while marked as available for jobs.
  • During active jobs: Location updated every 15 seconds for client tracking.
  • When offline: No location data is collected.

Location Data Usage:

  • Match providers with nearby service requests based on distance.
  • Enable clients to track provider arrival in real-time.
  • Calculate service areas and travel distances.
  • Verify provider arrival at service locations.

Your Control:

  • Providers can go offline at any time to stop location sharing.
  • Location permissions can be revoked in device settings.
  • Historical location data is retained according to our data retention policy.

10. Push Notifications (Firebase Cloud Messaging)

We use Firebase Cloud Messaging (FCM) to send push notifications about appointments, updates, and important alerts.

Data Collected:

  • FCM Token: A unique device identifier generated by Firebase to deliver notifications.
  • Device platform: iOS or Android for proper notification formatting.
  • Notification preferences: Your selected notification categories.

Types of Notifications:

  • Appointment reminders and updates.
  • Provider arrival and job status updates.
  • Payment confirmations and receipts.
  • Important account and security alerts.
  • New job opportunities (for providers).

Your Control:

  • Notifications can be disabled entirely in device settings.
  • Specific notification categories can be managed in app settings.
  • FCM tokens are deleted when you log out or uninstall the app.

11. Data Retention Periods

We retain your data only as long as necessary for the purposes described in this policy or as required by law.

Data Type Retention Period
Account information Until account deletion + 30 days
Health-related records 7 years (as required by PHIA)
Transaction/payment records 7 years (tax and legal requirements)
Provider credentials/licenses Duration of account + 3 years
Location data (providers) 90 days
Analytics data 14 months (Firebase default)
Audit/security logs 2 years
FCM tokens Until logout or app uninstall

After the retention period, data is securely deleted or anonymized for statistical purposes.

12. Your Rights

Under Canadian privacy law (PIPEDA and PHIA), you have the following rights:

Right to Access:

  • Request a copy of all personal data we hold about you.
  • Receive your data in a commonly used, machine-readable format.
  • Access requests are fulfilled within 30 days.

Right to Correction:

  • Request correction of inaccurate or incomplete personal data.
  • Update your information directly through the app or by contacting us.

Right to Deletion:

  • Request deletion of your personal data (subject to legal retention requirements).
  • Delete your account through app settings or by contacting support.
  • Note: Some data may be retained as required by healthcare regulations.

Right to Data Portability:

  • Receive your data in a structured, commonly used format (JSON or CSV).
  • Request transfer of your data to another service provider where technically feasible.

Right to Withdraw Consent:

  • Withdraw consent for optional data processing at any time.
  • Note: Withdrawing consent may limit access to certain features.

How to Exercise Your Rights:

  • In-app: Account Settings > Privacy > Data Requests
  • Email: privacy@nurseapp.ca
  • Data deletion: See our Data Deletion Policy

We will respond to all requests within 30 days. You may also file a complaint with the Office of the Privacy Commissioner of Canada or the Nova Scotia Privacy Commissioner.

13. Breach Notification

In case of a data breach that poses a real risk of significant harm:

  • Affected users notified within 72 hours of discovery.
  • Office of the Privacy Commissioner notified as required by law.
  • Clear information provided about what data was affected and steps to protect yourself.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered email address.
  • In-app notification when you next open the app.
  • Updating the "Last Updated" date at the top of this policy.

Continued use of the app after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices:

  • Email: privacy@nurseapp.ca
  • Address: NurseApp Technologies Inc., Halifax, Nova Scotia, Canada
  • Support: Contact Support

Have Questions About Your Privacy?

Contact our privacy team for any questions about how we handle your data

Contact Support Data Deletion Policy