Privacy Policy
Last updated: March 28, 2026
1. Introduction
Nuvian Labs LLC ("Nuvian Labs," "we," "us," or "our") operates the Darael platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website at darael.com, mobile applications, and related services.
We are committed to protecting the privacy and security of all personal information and protected health information (PHI) processed through our platform, in compliance with the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws, and applicable regulations.
HIPAA Notice of Privacy Practices
This privacy policy provides a general overview of our data practices. For detailed information about your rights under HIPAA — including how your protected health information may be used and disclosed, your right to access and amend your records, and our breach notification procedures — please read our full HIPAA Notice of Privacy Practices.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, practice name, and billing information when you create an account.
- Practice Data: Patient records, appointment schedules, treatment notes, prescriptions, billing records, and other data you enter into the Service.
- Communications: Messages you send through our platform, including SMS, emails, and voice calls processed by our AI receptionist.
- Support Data: Information you provide when contacting our support team.
2.2 Information Collected Automatically
- Usage Data: Pages viewed, features used, actions taken, timestamps, and session duration.
- Device Information: Browser type, operating system, device type, IP address, and unique device identifiers.
- Cookies and Tracking: We use cookies and similar technologies for authentication, preferences, and analytics.
2.3 Protected Health Information (PHI)
As a medical AI platform, we process PHI on behalf of our customers (healthcare providers). This information is governed by our Business Associate Agreement (BAA) with each customer and handled in strict compliance with HIPAA.
3. How We Use Your Information
- Provide, operate, and maintain the Service
- Process transactions and send billing-related communications
- Send appointment reminders, follow-ups, and practice communications on your behalf
- Power AI features including clinical decision support, scheduling optimization, and voice AI services
- Improve and personalize the Service
- Provide customer support
- Send administrative notifications about the Service
- Comply with legal obligations
4. How We Share Your Information
We do not sell your personal information or PHI. We may share information with:
- Service Providers: Third-party vendors that assist in operating our Service (e.g., Stripe for payments, Twilio for SMS, ElevenLabs for voice AI, Photon Health for e-prescribing). These providers are bound by data protection agreements.
- As Required by Law: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections for your data.
- With Your Consent: When you explicitly authorize us to share information.
5. Data Security
We implement industry-standard security measures including:
- AES-256 encryption at rest and TLS 1.3 encryption in transit
- Role-based access controls and multi-factor authentication
- Regular security audits and penetration testing
- HIPAA-compliant audit logging of all data access
- Automatic data backups with encrypted offsite storage
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Practice data including patient records is retained according to applicable medical record retention laws (typically 7-10 years depending on state). You may request deletion of your account data at any time, subject to legal retention requirements.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal information
- Object to or restrict processing of your data
- Data portability (export your data)
- Withdraw consent for optional data processing
- File a complaint with a supervisory authority
To exercise any of these rights, contact us at privacy@nuvianlabs.com.
8. SMS and Voice Communications
Our Service sends SMS messages and makes voice calls on behalf of healthcare providers for appointment reminders, follow-ups, and practice communications. By providing a phone number to a practice using Darael, patients consent to receiving these communications. Patients may opt out of non-essential messages at any time by replying STOP or contacting the practice directly.
We do not use phone numbers collected through the Service for marketing purposes unrelated to the healthcare provider's practice.
9. Children's Privacy
Our Service is designed for use by healthcare professionals and is not directed to children under 13. We do not knowingly collect personal information from children under 13 outside of the healthcare provider-patient relationship.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Nuvian Labs LLC
Email: privacy@nuvianlabs.com
Website: nuvianlabs.com