Privacy Policy

Nephra operates a cloud-based dialysis management platform used by clinics and healthcare providers. References to "we", "our", or "Nephra" in this policy refer to Nephra and its affiliates.

Account data: name, email address, and role provided during registration.

Clinical data: patient health records, session logs, and treatment parameters entered by authorised clinical staff.

Usage data: IP address, browser type, pages visited, and timestamps — collected via server logs.

We do not sell or share personal data with third parties for advertising purposes.

To provide and improve the Nephra platform.

To authenticate users and enforce role-based access control.

To send transactional emails (password resets, invitations).

To comply with applicable healthcare regulations.

All data is stored in the European Union (Frankfurt region). Data at rest is encrypted with AES-256-GCM. Data in transit is protected with TLS 1.2 or higher.

We retain clinical data for as long as required by applicable healthcare law, and account data for 30 days after account deletion.

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us at [email protected].

EU/EEA residents may lodge a complaint with their local data protection authority.

We may update this policy periodically. When we do, we will update the effective date above and notify users by email for material changes.