Privacy Policy

Who this policy covers

This policy applies to two distinct populations:

• Pharmacy operators — pharmacists, technicians, owners, and administrators who use Nuro to manage their pharmacy operations.
• Pharmacy patients— individuals whose protected health information (“PHI”) is processed by Nuro on behalf of a pharmacy operator. Patients are NOT our direct customers; we process PHI as a HIPAA Business Associate to the pharmacy.

Information we collect

From operators: name, email address, phone number, workspace name, organization affiliation, Cognito authentication identifiers, IP address, browser user-agent, and audit-log records of actions taken in the Service.

From pharmacies as Business Associate (PHI): patient first name + last name, date of birth, mobile phone, email, mailing address, prescriber identifiers (NPI / DEA), prescription details (drug name, strength, quantity, days supply, schedule code), order status, shipping tracking numbers, and patient replies to follow-up messages. We only process PHI that the pharmacy explicitly transmits to us via their PMS integration.

Cookies & local storage: session cookies for authentication (httpOnly, SameSite=Lax), preference cookies for workspace selection + bookmarks (non-httpOnly, client-readable), and analytics cookies only when consented via the Cookie Preferences dialog.

How we use information

• To provide, maintain, and improve the Service.
• To send transactional emails (account invites, password resets, system notifications). We do not send marketing emails to operators without separate consent.
• To send transactional text messages to patients on behalf of pharmacies (prescription follow-ups, order updates) — only when the pharmacy has obtained the patient's consent. See our SMS Consent page for details.
• To detect, prevent, and respond to security incidents, fraud, and abuse.
• To comply with legal obligations (HIPAA, state pharmacy laws, DEA reporting requirements where applicable).

HIPAA & PHI

When Nuro processes PHI on behalf of a pharmacy, the pharmacy is the Covered Entity and Nuro is the Business Associate. A signed Business Associate Agreement (“BAA”) governs our handling of PHI. The pharmacy is responsible for obtaining patient consent for any uses of PHI beyond treatment, payment, and healthcare operations.

Nuro will not use, disclose, or sell PHI for any purpose other than providing the Service to the pharmacy, except as permitted or required by the BAA, HIPAA, or other applicable law.

Subprocessors

We use the following subprocessors to operate the Service. Each is bound by their own BAA where PHI is involved:

• Amazon Web Services — infrastructure hosting, database (RDS Aurora), authentication (Cognito), object storage (S3), queue (SQS), serverless compute (Lambda). BAA on file.
• Resend — transactional email delivery. BAA in progress.
• Twilio — patient SMS delivery for pharmacies using the Patient Orders product. BAA in progress.
• LifeFile— pharmacy management system integration (inbound prescription data flow). BAA covered via the pharmacy's direct relationship with LifeFile.
• EasyPost — outbound shipping carrier tracking. Used for outbound order shipments; no PHI is transmitted to EasyPost beyond shipping address.
• TempStick + Senso Scientific — cleanroom environmental sensor data. No PHI involved.

Data security

Encryption at rest: Aurora PostgreSQL is encrypted via AWS KMS. S3 objects encrypted server-side. Secrets stored in AWS Secrets Manager + Parameter Store with restricted IAM access.

Encryption in transit: TLS 1.2+ for all HTTPS endpoints and database connections.

Access control: per-workspace row-level security on every tenant-scoped database table; per-user permissions enforced via IAM-style policies; append-only audit logs on regulated domains (Document Control, Patient Records, Order Events).

Operator authentication: Amazon Cognito with mandatory password policies, configurable session timeouts (default 15 minutes idle), and forced sign-out on account disable.

Data retention

Operator account data is retained for the duration of the workspace's active subscription plus 7 years (matches pharmacy record-retention requirements). PHI is retained per the pharmacy's data-retention policy specified in the BAA. Audit logs are immutable and retained for the life of the workspace.

Patients may request that a pharmacy delete their PHI from Nuro's systems. Direct deletion requests from patients should be sent to the pharmacy; Nuro will action the pharmacy's written instruction.

Your rights

Operators may access, update, or request deletion of their account data by contacting us at privacy@nurohq.com. Workspace owners can deactivate teammates directly from the Users page.

Patient PHI rights (access, amendment, accounting of disclosures) are honored by the pharmacy as the Covered Entity, with Nuro's cooperation as required by HIPAA.

Children

The Service is not directed to children under 13. Pharmacies may transmit PHI for pediatric patients as part of normal operations; that processing is bound by HIPAA and the pharmacy's consent practices, not by COPPA.

International users

Nuro's infrastructure is hosted in the United States (AWS us-east-1). The Service is offered to US-based pharmacies. We are not currently configured to handle cross-border PHI transfers; non-US use cases require advance written approval.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active workspace owners and posted to this page. Continued use of the Service after the effective date constitutes acceptance.

Contact

Privacy questions or concerns: privacy@nurohq.com.

General inquiries: hello@nurohq.com.