Logo of NURA Medical
Try NurEx app
Menu

NURA Medical Inc. – Privacy Policy

v3.0

Effective Date: July 8, 2026


 

1. Scope of Application

This Privacy Policy describes how NURA Medical Inc. ("NURA", "we", "us", or "our") collects, uses, discloses, and protects personal information.

This Policy applies to:

  • Individuals who access or use our clinical medication management software, NurEx, via our web or mobile applications (collectively, the "Software"), whether through a free demo account or through an institutional deployment;
  • Individuals interacting with NURA via email, contact forms, newsletters, or events, or who provide information to us in connection with our services, communications, or clinical partnerships;
  • Healthcare professionals for whom NURA has a legitimate purpose to collect and process contact information.

Patient data processed by NurEx on behalf of healthcare institutions is governed by the agreement between NURA and the relevant institution. NURA acts as a service provider (agent) in respect of such data; the healthcare institution remains responsible for its own privacy obligations toward patients.

This Policy complies with:

  • Loi modernisant des dispositions législatives en matière de protection des renseignements personnels (Law 25, Quebec)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Other applicable Canadian privacy laws

The French version of this Policy is available at https://nuramedical.com/fr/privacy-policy/. In the event of a conflict between the English and French versions, the French version governs for individuals in Quebec; both versions are otherwise equally authoritative.

 


2. Personal Information We Collect

A. NurEx Users (Healthcare Professionals - Demo and Institutional)

CategoryExamplesMandatory?Retention
Account dataName, email address, unique identifierYesDuration of account
Authentication dataEncrypted credentials, access logsYesDuration of account
Support logsMessages and technical reports submitted via support channelsNo (user-submitted)Up to 12 months

Demo account users are presented with a consent prompt at sign-up and may choose to enable optional usage analytics to help improve the Software. These preferences can be reviewed and updated at any time within the application settings. Optional analytics are never used for marketing or profiling of individual users.

 

B. Patient Data (Processed on Behalf of Institutions)

NurEx may process de-identified patient health and service information entered or generated by licensed healthcare professionals using the Software, including de-identified medication workflow data, clinical context, and dosing parameters. Direct patient identifiers (such as name, health insurance number, or medical record number) must not be entered into NurEx. The healthcare institution is responsible for ensuring this requirement is met and for obtaining all required authorizations from patients.

NURA processes this data solely as a service provider acting on the instructions of the institution and does not use it for any other purpose.

 

C. Website Visitors and Newsletter Subscribers

CategoryExamplesMandatory?Retention
Website analyticsDevice and browser type, referral source, page viewsNo (opt-in)90 days
Contact informationName, email address, organization name, job titleNo (opt-in)While consent is active
Form submissionsContact form messages, event sign-upsNo (opt-in)While consent is active

 

D. Healthcare Professionals (Outreach)

We may collect and process contact information for healthcare professionals who may have an interest in our services, on the basis of our legitimate purpose in informing them about clinically relevant software. You may withdraw your consent or object to this processing at any time by contacting us or using the unsubscribe link in our communications.

CategoryExamplesRetention
Contact informationName, email address, organization name, job titleWhile consent is active or until objection

 


3. Purposes of Collection and Use

We collect personal information only for specific, explicit, and legitimate purposes and do not use it for any purpose incompatible with those for which it was collected.

PurposeApplies ToBasis
Account creation and user authenticationNurEx usersNecessary to provide the Software
Operating and supporting the SoftwareNurEx usersNecessary to provide the Software
Operating the demo serviceDemo usersNecessary to provide the demo
Processing medication workflow data on behalf of institutionsInstitutions and their patientsPerformance of service agreement with institution
Website operation and securityWebsite visitorsNecessary for operation of the Website
Responding to inquiries and support requestsAllNecessary to respond to your request
Sending marketing or newsletter communicationsWebsite visitors, healthcare professionalsConsent
Informing healthcare professionals about NurExHealthcare professionalsLegitimate purpose (outreach), subject to right to object
Optional usage analytics (demo)Demo usersConsent

We do not use patient data for any purpose other than providing the contracted service to the institution.

NurEx does not make automated decisions with legal or significant effects on individuals. All clinical outputs are for informational and decision-support purposes only, subject to review and independent judgment by the qualified healthcare professional.

 


4. Data Storage and Cross-Border Transfers

NurEx application data and health workflow data are hosted on Microsoft Azure in Canada (Quebec) as the primary region. Certain infrastructure components may use Canada (Ontario) where required by service availability constraints.

Where personal information is transferred or accessible outside Quebec, NURA ensures that equivalent privacy protections are in place through written contractual agreements, in accordance with Law 25. Certain infrastructure components, including authentication and access management services, involve processing outside Canada, in the United States. A transfer assessment has been conducted for this arrangement in accordance with Law 25, and equivalent contractual protections are in place. No other personal information is transferred outside Canada except as described above or as disclosed to the relevant institution under its service agreement.

Website analytics data is processed on Microsoft Azure infrastructure. Backup and logging systems operate within Canada.

 


5. Retention and Deletion

Data TypeRetentionDeletion
NurEx user account dataDuration of account or institutional contractDeleted upon termination or on request
Patient workflow data (de-identified)As specified in the institutional agreementPer institutional agreement or on termination
Support logsUp to 12 monthsOn request or automatic deletion
Website analytics90 daysAutomatic deletion
Marketing contactsUntil withdrawal of consent or objectionOn request or unsubscribe

 


6. Security Measures

NURA implements administrative, physical, and technical safeguards proportionate to the sensitivity of the personal information we process, including:

  • Encryption at rest and in transit
  • Role-based access controls
  • Multi-factor authentication
  • Vendor management and sub-processor agreements
  • Audit logs for key actions
  • Regular internal information security reviews

No third party may access personal information unless bound by a contractual agreement imposing privacy and security obligations at least equivalent to those under this Policy.

 


7. Third-Party Service Providers

We use a limited number of contracted service providers to operate the Software and Website. Each service provider is required to process personal information only on NURA's instructions, to implement appropriate security measures, and to comply with applicable privacy law. A list of our current service providers is available upon request by contacting privacy@nuramedical.com.

 


8. Your Rights

Under applicable Quebec and Canadian privacy law, you may have the right to:

  • Access a copy of the personal information we hold about you;
  • Correct personal information that is inaccurate, incomplete, or ambiguous;
  • Request deletion of personal information where retention is no longer necessary for the purposes for which it was collected, subject to legal retention obligations;
  • Withdraw consent at any time for processing based on consent (including marketing communications), without affecting the lawfulness of processing prior to withdrawal;
  • Data portability — request that personal information you have provided to us be communicated to you or to another organization in a structured, commonly used technological format, where technically feasible;
  • De-indexing or restriction of personal information used for automated decision-making that produces legal or significant effects, where applicable;
  • Lodge a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, contact: privacy@nuramedical.com

We will respond within 30 days of receiving a request. Where a request is complex or involves a large volume of information, we may extend this period by an additional 30 days and will notify you accordingly. If you are not satisfied with our response, you may escalate your complaint to the Commission d'accès à l'information (CAI) at cai.gouv.qc.ca or to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

 


9. Breach Notification

In the event of a confidentiality incident (unauthorized access, use, communication, or loss of personal information) that presents a risk of serious injury to any individual, NURA will:

  • Notify the affected institution and, where required, affected individuals, within the timeframes required by Law 25 and PIPEDA;
  • Notify the CAI as required by Law 25;
  • Take prompt measures to mitigate the incident and prevent recurrence.

NURA maintains a register of confidentiality incidents as required by law, a copy of which will be provided to the CAI upon request.

 


10. Cookies and Tracking Technologies (Website Only)

We use minimal first-party cookies for session management and to retain preferences you have selected. We do not use third-party cookies, advertising pixels, or behavioural tracking technologies.

Where cookies are used to collect optional usage data, we will request your consent before doing so.

 


11. Privacy Impact Assessments

NURA conducts a privacy impact assessment before acquiring, developing, or restructuring any information system involving the collection, use, communication, keeping, or destruction of personal information. Such assessments are proportionate to the sensitivity of the information concerned and are conducted in consultation with NURA's Privacy Officer from the outset of each project.

 


12. Changes to This Policy

We may update this Policy to reflect changes in our operations, legal obligations, or regulatory requirements.

Material changes will be communicated to active NurEx users via email or in-app notification prior to taking effect. All users will be asked to review and acknowledge any material update before continuing to use the Software.

The current version of this Policy is always available at https://nuramedical.com/privacy-policy/.

 


13. Contact Us

Privacy Officer, NURA Medical Inc.
Title: Privacy Officer
Email: privacy@nuramedical.com
Address: 505-1548, rue des Bassins, Montréal (Québec) H3C 0L4, Canada

 


By using NurEx or interacting with our Website, you confirm that you have read and understood this Privacy Policy.

crossmenu