Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

Noria Health, Inc. (“Noria,” “we,” “us”) collects information in two categories: (a) information you provide directly, such as your name, email, and organization when requesting a demo or creating an account; and (b) clinical data accessed through your health system's EHR via SMART on FHIR integration, which is processed solely to deliver the Noria service to authorized users.

We also collect standard usage analytics (page views, feature usage) through PostHog to improve the product. No Protected Health Information (PHI) is included in analytics data.

2. How We Use Your Information

Clinical data is used exclusively to generate patient summaries, handoff documentation, and clinical decision support for the authenticated nurse. We do not use clinical data for training AI models, advertising, or any purpose outside of direct clinical care delivery.

Contact information is used to communicate with you about the service, respond to your inquiries, and send product updates (which you may opt out of at any time).

3. Data Security

All Protected Health Information is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. We maintain HIPAA-compliant infrastructure on AWS with Business Associate Agreements (BAAs) in place with all subprocessors that handle PHI.

Access to PHI is logged in an immutable audit trail recording who accessed what data, when, and from where. We implement role-based access controls, session timeouts, and multi-factor authentication for all system access.

4. Third-Party Services

We use the following third-party services that may process data on our behalf: AWS (infrastructure), Anthropic (AI processing with BAA), Auth0 (authentication), Datadog (monitoring with BAA), and Sentry (error tracking with BAA). All vendors that handle PHI have executed Business Associate Agreements with Noria.

5. Your Rights

You have the right to access, correct, or delete your personal information. For clinical data, please contact your health system's privacy officer, as the health system remains the covered entity under HIPAA. For account data held by Noria, contact us at privacy@noria.health.

California residents have additional rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

6. Contact Us

For questions about this privacy policy or our data practices, contact:

privacy@noria.health