Privacy Policy

Effective Date: June 2026 | Last Updated: June 2026

1 Who We Are

Noeva Health Inc. ("Noeva Health," "we," "us," or "our") is a corporation incorporated in the Province of Ontario, Canada, based in Ottawa, Ontario. We operate the Noeva Health platform, an AI-powered health navigation tool designed to help individuals understand symptoms related to women's health conditions, including endometriosis, PMOS (Polyendocrine Metabolic Ovarian Syndrome), perimenopause, menopause, PMDD (Premenstrual Dysphoric Disorder), and adenomyosis.

2 What Personal Information We Collect

We collect the following categories of personal information:

• Account Information: Name, email address, password (hashed), date of birth, and account preferences.
• Health Information: Symptoms you report, menstrual cycle data, lifestyle information, medical history, lab results, and any other health-related data you voluntarily provide through the platform for AI symptom analysis.
• Usage Data: Device type, browser, IP address, pages visited, features used, session duration, and interaction patterns with the platform.
• Payment Information: Payment method details are processed by our third-party payment processor and are not stored on our servers.

3 Why We Collect It

We collect and use your personal information for the following purposes:

• AI Symptom Analysis: To power our AI-driven health navigation tool that analyzes your symptoms against published clinical guidelines and generates informational care pathway suggestions.
• Care Pathways: To create structured next-step suggestions, including types of clinical tests to discuss with your doctor, types of specialists to consider, and urgency level indicators. These suggestions are educational and informational — they are not clinical orders, prescriptions, or referrals.
• Platform Improvement: To improve the accuracy, relevance, and usability of our AI models and platform features through aggregated, de-identified usage analytics.
• Communication: To send you account-related notifications, updates about the platform, and (with your consent) educational health content.
• Legal Compliance: To meet our obligations under applicable Canadian privacy legislation.

4 Consent

We rely on your explicit consent to collect, use, and process your personal information, particularly your health information. You provide consent when you:

• Create an account and agree to this Privacy Policy.
• Voluntarily enter health information into the platform.
• Opt in to receive communications from us.

Withdrawing Consent: You may withdraw your consent at any time by contacting us at contact@noevahealth.com or through your account settings. Withdrawal of consent may affect our ability to provide certain services to you. We will explain the implications upon your request.

5 How We Protect Your Information

We implement robust security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using industry-standard encryption protocols.
• Canadian Data Residency: All personal and health data will be stored on Canadian servers to ensure compliance with PIPEDA and Canadian data residency requirements. Our cloud infrastructure provider and specific hosting region will be confirmed prior to public launch. Data will not leave Canadian jurisdiction.
• Access Controls: Strict role-based access controls limit who within our organization can access personal information, on a need-to-know basis.
• Regular Audits: We conduct regular security assessments and vulnerability testing of our infrastructure.
• Secure Development: Our platform is built following industry-standard secure development practices.

6 Who We Share With

We may share your personal information only in the following limited circumstances:

• Clinical Providers (Phase 1b): With your explicit consent, we may share relevant health information with licensed healthcare providers to facilitate clinical consultations or referrals as part of our care pathway recommendations.
• Service Providers: We engage trusted third-party service providers (e.g., cloud hosting, payment processing, analytics) who process data on our behalf under strict Data Processing Agreements (DPAs) that require them to protect your information to the same standard we do.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

Your personal information is NEVER sold, rented, or traded to third parties for marketing or any other commercial purpose.

7 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:

• Active Accounts: Data is retained for the duration of your account's active status.
• Deleted Accounts: Upon account deletion, personal information is permanently deleted within 30 days, except where retention is required by law.
• De-identified Data: Aggregated, de-identified data that cannot be linked back to you may be retained indefinitely for research and platform improvement purposes.

8 Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights:

• Access: You may request access to the personal information we hold about you.
• Correction: You may request that we correct any inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to legal retention requirements.
• Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time.
• File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

To exercise any of these rights, please contact us at contact@noevahealth.com. We will respond to your request within 30 days.

9 Age Restriction

Noeva Health is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email notification. Your continued use of the platform following any changes constitutes your acceptance of the revised policy.

11 Contact Us