Privacy Policy

Your data is yours. We're transparent about how we collect, use, and protect it.

Introduction

At Nevatal, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical practice management software. By using Nevatal, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your personal and medical data in compliance with applicable data protection laws, including GDPR (General Data Protection Regulation) and Colombia's Law 1581 of 2012.

Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our services:

  • Account Information: Name, email address, phone number, clinic name, and professional credentials
  • Patient Data: Medical records, appointment information, prescriptions, lab orders, and other health information you enter into the system
  • Usage Data: Information about how you access and use Nevatal, including IP address, browser type, device information, and usage patterns
  • Payment Information: Billing details processed securely through our payment providers (we do not store full credit card information)
  • Communication Data: Messages, support requests, and other communications you send to us
  • Technical Data: Log files, error reports, and diagnostic information to help us improve our services

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services:

  • To provide and maintain our medical practice management platform
  • To process appointments, medical records, prescriptions, and other clinical workflows
  • To send automated reminders, notifications, and communications via WhatsApp, email, or SMS
  • To generate compliance reports (RIPS, DIAN invoicing) as required by law
  • To provide customer support and respond to your inquiries
  • To detect, prevent, and address technical issues and security threats

Data Protection and Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access control ensures only authorized personnel can access sensitive data
  • Regular Security Audits: We conduct regular security assessments and vulnerability testing
  • Data Isolation: Multi-tenant architecture ensures complete data separation between clinics
  • Backup and Recovery: Regular backups ensure data availability and recovery in case of incidents

Your Rights

You have the following rights regarding your personal data:

  • Access: You can request access to your personal data and receive a copy
  • Correction: You can request correction of inaccurate or incomplete data
  • Deletion: You can request deletion of your data, subject to legal retention requirements
  • Portability: You can request transfer of your data to another service provider
  • Objection: You can object to processing of your data for certain purposes
  • Restriction: You can request restriction of processing in certain circumstances
  • Withdrawal of Consent: You can withdraw consent where processing is based on consent

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. We use cookies for: authentication, session management, analytics, and improving user experience.

Third-Party Services

We may use third-party services to help us operate our platform and administer activities on our behalf, such as: • Cloud hosting providers (AWS, Google Cloud) • Payment processors • WhatsApp Business API (Meta) • Analytics services • Email delivery services These third parties have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure all third-party providers meet our security and privacy standards.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Medical records and clinical data are retained in accordance with legal requirements for healthcare data retention, which may vary by jurisdiction. In Colombia, medical records must be retained for at least 20 years. When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: Email: privacy@nevatal.com Address: [Your Company Address] We will respond to your request within 30 days as required by applicable data protection laws.

Questions about your privacy?

We're here to help. Contact us if you have any questions or concerns about how we handle your data.

Contact UsSee Features
Política de Privacidad - Protección de Datos | Nevatal Colombia