1. Information We Collect

Personal Information

• Full name
• Email address
• Phone number
• Professional organization & role
• Account details (if applicable)

Health-Related and Clinical Data

• Clinical, claims, and outcomes data
• Research and population insights
• De-identified or aggregated datasets
• Protected Health Information (PHI) under HIPAA agreements

Technical & Usage Data

• IP address
• Device & browser details
• Session logs, clickstream data
• Cookies and tracking identifiers

2. How We Use Data

We process data to:

• Provide and improve our analytics solutions
• Support identity verification and secure access
• Respond to customer service needs
• Conduct platform performance monitoring
• Meet regulatory, contractual, and auditing requirements
• Deliver communications (service updates, security alerts, research insights)

3. How We Share Data

We do not sell or rent personal data.

• Authorized service providers
• Covered healthcare entities (HIPAA)
• Legal/regulatory authorities
• Corporate acquirers or successors

4. Data Security

Novatross uses strong, enterprise-grade security:

• Data encryption at rest and in transit
• Zero-trust and role-based access control
• Continuous monitoring & intrusion detection
• Annual SOC 2, HIPAA, and security audits

5. Data Retention

Retention periods vary depending on:

• Contractual requirements
• HIPAA obligations
• Regulatory or statutory periods
• Operational necessity

6. Your Rights

Your rights differ depending on your region. Novatross honors applicable rights for GDPR, CCPA/CPRA, and other laws.

7. Cookies & Tracking

We use cookies to support website functionality, analytics, and security. You may disable cookies through browser settings.

8. Children’s Privacy

Novatross does not knowingly collect personal information from children under 13.

9. HIPAA Compliance

When handling PHI, Novatross acts as a Business Associate and complies with HIPAA Privacy, Security, and Breach Notification Rules.

10. Third-Party Links

External websites are governed by their own privacy policies.

11. GDPR Compliance (EU/EEA/UK Residents)

If you reside in the EU, EEA, or UK, you have rights under GDPR:

• Access, correct, or erase your personal data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

International transfers of data are safeguarded using Standard Contractual Clauses or equivalent protections.

Submit GDPR requests: [email protected]

12. CCPA/CPRA Compliance (California Residents)

If you are a California resident, your rights under CCPA/CPRA include:

• Request access to personal information collected
• Request deletion or correction of personal information
• Opt-out of sale or sharing of personal information (Novatross does not sell personal information)
• Non-discrimination for exercising privacy rights

Submit CCPA requests: [email protected] | Phone: (833) 844-6156

13. Policy Updates

We may update this policy periodically. The revised version will include an updated “Last Updated” date.

14. Contact Novatross

For privacy inquiries, GDPR/CCPA requests, or compliance questions:

Novatross Technology
Email: [email protected]
Phone: (833) 844-6156
Address: 11175 Cicero Drive, Alpharetta, Ga 30022