1. Introduction

Nexus Health ("we", "us", or "our") is a precision medicine research laboratory. We are committed to protecting the privacy of individuals who visit our website, apply to our fellowship program, submit enquiries through our contact form, or otherwise interact with our services. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have in relation to it.

2. Who We Are

Nexus Health operates as a health AI research and innovation lab. For the purposes of applicable data protection legislation, Nexus Health is the data controller responsible for your personal data. If you have questions about this policy or our data practices, you may contact us at privacy@nexushealth.ai.

3. Data We Collect

We collect personal data in the following categories:

Identity & Contact Data. When you submit a contact enquiry or apply to our fellowship program, we collect your name, email address, institution or organisation, job title or role, and the content of your message or application. Fellowship applications may additionally include your academic background, experience level, motivation statement, availability, LinkedIn profile, portfolio links, and an uploaded CV.

Technical Data. When you browse our website, we automatically collect your IP address, browser type and version, operating system, time zone, and general geographic location. This data is collected through standard server logs and, where applicable, analytics tools.

Usage Data. We collect information about how you interact with our website, including pages visited, time spent on pages, navigation paths, and referring URLs.

Cookie Data. We use cookies and similar technologies as described in our Cookie Policy below. These may collect device identifiers, session information, and browsing preferences.

4. How We Use Your Data

We process your personal data for the following purposes:

To respond to enquiries. When you submit a message through our contact form, we use your name, email, institution, role, and message content to review and respond to your enquiry.

To process fellowship applications. We use the information provided in your fellowship application to evaluate your candidacy, communicate with you about your application status, and administer the program.

To operate and improve our website. We use technical and usage data to maintain, secure, and improve the performance and functionality of our website.

To comply with legal obligations. We may process your data where necessary to comply with applicable laws, regulations, or legal proceedings.

To communicate with you. Where you have consented or where we have a legitimate interest, we may send you updates about our research, publications, programs, or events. You may opt out of such communications at any time.

5. Legal Basis for Processing

We rely on the following legal bases under applicable data protection law:

Consent. Where you have given clear consent for us to process your personal data for a specific purpose, such as submitting a contact form or application.

Legitimate interests. Where processing is necessary for our legitimate interests (such as improving our services, conducting research, or administering our fellowship program) and those interests are not overridden by your rights.

Contractual necessity. Where processing is necessary to perform a contract with you, such as administering your participation in our fellowship program.

Legal obligation. Where we are required by law to process your data.

6. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

Service providers. We use third-party services to host our website, store data, and provide analytics. These providers process data on our behalf and are contractually obligated to protect your data. Our primary infrastructure providers include Vercel (hosting), Supabase (database and authentication), and Resend (transactional email).

Professional advisors. We may share data with legal, accounting, or other professional advisors where necessary.

Legal requirements. We may disclose your data if required by law, regulation, legal process, or governmental request.

7. International Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities, to protect your data in accordance with applicable data protection law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Contact enquiries are retained for up to 24 months. Fellowship applications are retained for the duration of the program cycle and up to 36 months thereafter for administrative and evaluation purposes. Technical and usage data is retained for up to 12 months. Where we are required by law to retain data for a longer period, we will do so in accordance with that obligation.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), access controls, regular security assessments, and the use of reputable cloud infrastructure providers with established security certifications. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

Access. You may request a copy of the personal data we hold about you.

Rectification. You may request that we correct inaccurate or incomplete data.

Erasure. You may request that we delete your personal data, subject to any legal obligations requiring us to retain it.

Restriction. You may request that we restrict the processing of your data in certain circumstances.

Portability. You may request that we provide your data in a structured, commonly used, machine-readable format.

Objection. You may object to our processing of your personal data where we rely on legitimate interests as the legal basis.

Withdrawal of consent. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at privacy@nexushealth.ai. We will respond to your request within 30 days.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated "last updated" date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at privacy@nexushealth.ai.