clindice

Privacy Policy

Last updated: 24 March 2026

Who we are

Clindice is operated by Novansa OÜ, a company registered in Estonia. We are the data controller for personal data collected through Clindice.

Contact: privacy@novansa.com

1. Our approach to privacy

Clindice is used by health professionals, and we understand that discretion matters in a clinical context. We collect only the data we need to operate the service, we do not collect patient data, and we do not sell or share your personal data for advertising or marketing purposes.

2. What Clindice does not collect

To be clear:

  • Clindice does not collect data about your patients
  • Clindice does not integrate with clinical systems or electronic health records
  • Clindice does not collect any patient-identifiable information
  • Clindice is a standalone reference tool; clinical data stays in your practice systems

3. Legal basis for processing (GDPR)

Novansa OÜ is subject to the General Data Protection Regulation (GDPR). We process your personal data on the following legal bases:

| Processing activity | Legal basis | |---|---| | Account creation and access | Performance of contract (Article 6(1)(b)) | | Analytics to improve the app | Legitimate interests (Article 6(1)(f)) | | Service communications | Performance of contract (Article 6(1)(b)) | | Legal compliance | Legal obligation (Article 6(1)(c)) | | Marketing (opted-in) | Consent (Article 6(1)(a)) |

4. What data we collect

Account data Email address, display name, and hashed password. Your display name is required but does not need to be your real name. You may optionally provide a profile picture or avatar (which does not need to be a photograph of you) and your profession or discipline (used to tailor content relevance).

Usage data Records of which content you access, search terms used within the app, feature usage, and session activity. This data is used to improve the relevance and quality of Clindice content and to personalise your experience (e.g. recently viewed topics).

Device and technical data Device type, operating system, app version, and IP address.

Location and locale data Country (inferred or provided by you), time zone, and language or locale preferences. This data is used to deliver a localised experience and is not used to track your precise location.

We do not collect payment card data. Clindice does not currently have paid tiers; if this changes, payments will be processed through Paddle and we will update this policy accordingly.

5. How we use your data

We use your data to:

  • create and manage your account
  • deliver the Clindice reference experience
  • personalise content (e.g. recently viewed, bookmarks)
  • improve the knowledgebase through aggregated usage analytics
  • respond to support requests
  • send service notifications
  • meet legal obligations

We do not use your usage data to train AI models.

6. Third-party services

| Service | Purpose | Data shared | |---|---|---| | Supabase | Database and authentication | Account data, usage data | | OneSignal | Push notifications | Device identifiers, notification preferences | | Analytics provider (e.g. PostHog or Mixpanel) | App usage analytics | Pseudonymised usage data | | AI provider (e.g. Anthropic or OpenAI) | AI-assisted features (where present) | Search queries and limited usage context |

We have Data Processing Agreements with our processors where required by GDPR.

7. Data transfers outside the EEA

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.

8. How long we keep your data

| Data type | Retention period | |---|---| | Account data | Until deletion, plus 30 days | | Usage data | 24 months (aggregated/anonymised thereafter) | | Backup copies | Up to 90 days after primary deletion |

9. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of your data
  • Correction — correct inaccurate data
  • Deletion — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we use your data
  • Objection — object to legitimate-interest processing
  • Withdraw consent — where consent-based processing applies

Contact privacy@novansa.com. We will respond within 30 days.

You may also complain to the Estonian Data Protection Inspectorate (aki.ee) or your local data protection authority.

Australian users may also contact the Office of the Australian Information Commissioner (oaic.gov.au).

10. Data security

We protect your data through:

  • TLS encryption in transit and encryption at rest
  • access controls on personal data
  • secure, hardened server infrastructure
  • regular security reviews

To report a security concern: security@novansa.com

11. Cookies and tracking

Clindice may use cookies or similar technologies for session management and analytics. These can be managed through your device or browser settings.

12. Children's data

Clindice is intended for health professionals and students aged 18 and over. We do not knowingly collect data from minors.

13. Changes to this policy

We will notify you of material changes by email or in-app notification before they take effect.

14. Contact us

Novansa OÜ Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia Email: privacy@novansa.com