Healthcare Data Protection
As a healthcare-focused platform, we understand the critical importance of protecting sensitive health information. We implement strict security measures and comply with healthcare privacy regulations to safeguard your clients' data.
Data We Collect
Practice Information:Your professional details, contact information, and practice settings.
Client Data:Information you enter about your clients including consultation notes, progress data, and treatment plans (stored securely and accessible only to you).
Usage Analytics:How you use our platform to improve our services (anonymized data only).
Google Calendar Integration & Google User Data
When you choose to connect your Google Calendar, HelloNebula accesses limited Google user data solely to provide appointment scheduling. Our use of information received from Google APIs adheres to the Google API Services User Data Policy (developers.google.com/terms/api-services-user-data-policy), including its Limited Use requirements.
Data we access:With your explicit consent we request the Google Calendar events scope (calendar.events), the Google Meet space settings scope (meetings.space.settings), and your Google account email address. We do not access your contacts, files, emails, or any other Google data.
How we use it:We create, update and delete events on your connected calendar for your confirmed appointments (adding the client as a guest), generate and configure a Google Meet link for online appointments, and read existing event times to detect conflicts and prevent double-booking. Google user data is used only to provide these scheduling features and for no other purpose.
Data sharing:We do not sell your Google user data and do not share it with third parties. It is processed only on our own infrastructure (Amazon Web Services, EU region) to operate the calendar feature. We never use Google user data for advertising or to train AI or machine-learning models.
Storage & protection:We store only the minimum required: an OAuth refresh token encrypted at rest with AES-256, your connected Google account email, and the identifiers of the calendar events we create. Short-lived access tokens are never stored. We do not copy or retain the contents of your calendar.
Retention & deletion:The connection is kept until you disconnect it in Profile Settings → Work Schedule, delete your HelloNebula account, or revoke access at myaccount.google.com/permissions. Disconnecting or deleting your account immediately removes the stored refresh token. You can also request deletion at any time by emailing our support team.
Cookies and Tracking
Essential Cookies:Required for platform functionality, login sessions, and security.
Analytics Cookies:Help us understand platform usage to improve features for nutrition professionals (only with your consent).
You can manage cookie preferences through our cookie banner or browser settings.
Data Security & Encryption
All client data is encrypted in transit and at rest using industry-standard AES-256 encryption. Our servers are hosted in secure facilities with multi-factor authentication and regular security audits.
We maintain detailed audit logs of all data access and implement strict access controls to ensure only authorized personnel can access systems.
Data Ownership & Portability
You retain full ownership of all client data entered into our platform. You can export your data at any time in standard formats. Upon account termination, your data will be securely deleted according to your retention preferences.
Third-Party Integrations
We only integrate with trusted, healthcare-compliant services. Any data sharing with third parties requires explicit consent and follows strict privacy protocols.
Your Rights
You have the right to access, update, or delete your account information. You may also request data portability or account termination at any time through your account settings or by contacting our support team.
Contact Our Privacy Team
For privacy-related questions or data protection concerns, contact us at:info@hellonebula.net
We respond to privacy inquiries as quickly as possible.