Nexum
Menu
Try It Now Schedule Demo

Privacy Policy

Effective Date: March 1, 2026

Nexum Health ("Nexum," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

We may collect the following types of information:

  • Account Information: Name, email address, organization name, phone number, and job title when you create an account or contact us.
  • Usage Data: Information about how you interact with our platform, including pages visited, features used, and session duration.
  • Protected Health Information (PHI): When processing claims on behalf of our customers, we may access PHI as a Business Associate under HIPAA. This data is governed by our Business Associate Agreement.
  • Technical Data: IP address, browser type, operating system, and device information collected automatically when you access our services.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve our platform and services
  • Process and manage healthcare claims on behalf of our customers
  • Communicate with you about your account, updates, and support requests
  • Analyze usage patterns to improve performance and user experience
  • Comply with legal obligations and enforce our terms of service
  • Detect, prevent, and address technical issues and security threats

3. Data Security

We implement industry-standard security measures to protect your information, including AES-256 encryption at rest, TLS 1.3 encryption in transit, role-based access controls, and regular security assessments. Our infrastructure runs on Google Cloud Platform, which maintains SOC 2 Type II and ISO 27001 certifications. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

4. HIPAA Compliance

Nexum operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enter into Business Associate Agreements (BAAs) with all covered entity customers. We do not use or disclose Protected Health Information except as permitted by our BAAs and applicable law. PHI is never stored in URLs, application logs, or analytics systems.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Account and usage data is retained for the duration of your subscription plus 90 days. PHI is retained in accordance with our Business Associate Agreement and applicable law. Upon termination, we will securely delete or return all PHI within 30 days unless retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Object to or restrict processing of your personal information
  • Request portability of your personal information

To exercise any of these rights, please contact us at hello@nexum.health.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Nexum Health
Email: hello@nexum.health