Privacy Policy

Last updated: June 3, 2026

1. Data controller

NuvaMed SpA ("NuvaMed"), domiciled in Chile, is the data controller for personal data collected through the NuvaMed platform (nuvamed.cl).

Contact: contacto@nuvamed.cl

2. Legal framework

This policy complies with current Chilean legislation:

3. Data we collect

3.1 Healthcare professional data

3.2 Patient data

3.3 Technical data

4. Purpose of data processing

5. Legal basis

6. Third-party integrations

6.1 Zoom Video Communications

NuvaMed integrates with Zoom for telemedicine sessions. When a professional connects their Zoom account:

For more information, see Zoom's Privacy Policy.

6.2 Google — Sign-In

We offer Google Sign-In. When a user chooses this option, we access only their name, email address, and profile picture from the Google account, for the sole purpose of creating or authenticating their NuvaMed account. We do not access any other Google account data through sign-in.

6.3 Google Calendar and Google Meet (telemedicine)

If a healthcare professional chooses to connect their Google account to generate Google Meet video-call links, NuvaMed requests the https://www.googleapis.com/auth/calendar.events scope of the Google Calendar API. With this permission:

Limited Use: NuvaMed's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, data obtained through Google APIs is used exclusively to provide or improve user-facing features within NuvaMed; it is not transferred to third parties except as necessary to provide those features, for security purposes, to comply with applicable laws, or in connection with a merger or acquisition; and it is not used or sold for advertising purposes.

6.4 Google Gemini (AI)

We use Google Gemini for clinical assistance features (summaries, analysis, pre-session briefings). Data is processed server-side and is not stored on Google systems beyond immediate processing. In accordance with Google Cloud's terms, content sent to Gemini through the API is not used to train Google's models.

7. Security

8. Data retention

9. ARCO rights (Ley 21.719)

Personal data subjects may exercise their rights to:

Requests can be made through the privacy portal within the application or by writing to contacto@nuvamed.cl. We will respond within 10 business days.

10. Breach notification

In the event of a security breach affecting personal data, we will notify affected data subjects and the competent authority within 72 hours of detection, in accordance with Ley 21.719.

11. International transfers

Data is stored on Google Cloud Platform, Santiago (Chile) region. Some AI features use Google APIs that may process data transiently outside of Chile, always under Google Cloud's contractual guarantees and in compliance with Ley 21.719.

12. Modifications

We reserve the right to update this policy. We will notify material changes at least 15 days in advance through the platform.

13. Contact

For privacy and data protection inquiries:

NuvaMed SpA
Email: contacto@nuvamed.cl
Website: nuvamed.cl