Trust & data

Your data stays yours. Always.

Nolvea processes health data — the most sensitive GDPR category. Here's how we operate, in plain language.

GDPR · ANSPDCPData stored in the EUAES-256 in transit & at restISO 27001· in progress · Q3 2026
Principles

Four rules we never change.

  1. 01

    We don't sell your data.

    We don't run profiled targeted advertising. We don't trade data with data brokers. There is no “alternative business model” behind your back.

    GDPR Art. 5 — Purpose limitation

  2. 02

    Reviews are tied to real visits.

    Every review has an appointment booked with us or an uploaded receipt. The moderation team manually checks ambiguous cases. We don't accept anonymous reviews imported from other platforms.

    Internal policy · monthly audit

  3. 03

    You control who sees what.

    See exactly which clinics received information about you, what data they received, and when. Download your full history or delete your account with confirmation within 30 days.

    GDPR Art. 15, 17, 20

  4. 04

    We keep data only as long as needed.

    Receipts uploaded for review authentication are deleted after 90 days. Appointment data is kept for 5 years (legal minimum). Account data, for as long as you stay with us.

    GDPR Art. 5(1)(e), Law 190/2018

How reviews are verified

Two paths. Same badge.

The “Verified Visit” badge shows Nolvea was present in your care journey — either you booked directly with us, or a partner (insurance broker, corporate program, agent) coordinated us with the clinic. The badge doesn't reveal which of the two was your case.

1 · Direct booking

You booked through Nolvea. The badge is applied automatically once the clinic marks the appointment complete.

2 · Mediated by a partner

A broker, company program, or partner platform coordinated us. You upload the receipt, the team verifies within 24 hours, the badge is applied.

Your receipt · stored 90 days

We use the receipt for authentication only. It's auto-deleted after 90 days. We never share it with clinics.

Technical security

How we keep your data secure.

Technical standards aren't for marketing pages. We write them here because auditors, partners, and patients can verify them.

Storage
Frankfurt · DE Dublin · IEEU data centers · AWS · ISO 27001 certified
Encryption
AES-256 at rest TLS 1.3 in transitEnd-to-end on health-data routes
Authentication
Argon2id · 2FA opt-inOTP via SMS or authenticator app
Backup
7 days · cross-regionEncrypted, point-in-time recovery
Staff access
Need-to-know · auditedAll access logged; no shared accounts
Breach notice
< 72h ANSPDCP < 24h patientPer GDPR Art. 33 & 34
Data retention

How long we keep each thing.

Auditable table — category × duration × legal basis × technical method. This is the answer to “how long”, not just “how”.

CategoryDurationLegal basisTechnical method
Receipts for review authentication90 daysArt. 5(1)(e) · minimizationAuto-delete cron
Appointment data (active)5 yearsLaw 95/2006 · medical recordDatabase + anonymization on request
Published reviewsPermanent · anonymized on deletionLegitimate interest · public informationDatabase
Account data (name, email, phone)As long as you're with us · deletion ≤ 30dArt. 6(1)(b) · contractDatabase · soft-delete + purge
Audit logs12 monthsArt. 32 · securityCold storage · WORM
Authentication sessionsUntil logout · max 30 daysArt. 32 · securityJWT expiry + revoke
Patient ↔ clinic messages90 days after appointment closesArt. 9(2)(h) · careEncrypted at rest · Supabase Vault

Incident history

No incidents reported as of launch.

This section will be updated publicly, transparently, if any security incident affecting user data occurs. We notify affected users within 24h and ANSPDCP within 72h, per Art. 33–34.

Your rights

Everything you want to do with your data, you can do yourself.

All of the below is done from your account, without calling anyone. For complex requests, we work it out together within a week.

Download your data

Everything we have about you, in a .zip file — appointments, reviews, messages, consents. Generated in < 60 seconds.

Art. 20 · Portability

Delete your account

Deletion is complete within 30 days. Active appointments remain visible to clinics (legal minimum: 5 years). Your reviews stay — they're yours, not the clinic's.

Art. 17 · Right to be forgotten

Edit your consents

See exactly what you ticked, when, and withdraw any optional consent with one click. Mandatory consents (T&C, health-data processing) — withdrawing means closing the account.

Art. 7 · Conditions for consent

See who received your data

Full list of clinics and partners who received data about you, what data, and when. Plus, where the law permits us to disclose, any data request received from a competent authority. If a request is subject to judicial confidentiality, we'll indicate it without exposing the details.

Art. 15 · Right of access

Lodge a complaint with ANSPDCP

You have the right to lodge a complaint with Romania's data protection supervisory authority if you believe your GDPR rights have been breached. www.dataprotection.ro · 021 252 5599.

Art. 13(2)(d) · 77
DPO contact · Data Protection Officer

Questions about your data? Write to a real person.

The Data Protection Officer (DPO) is the single person who answers GDPR requests. Reply within 30 days, per Art. 12.

DPO email · to be confirmed
[email protected]
Official address · to be confirmed
Nolvea SRL · address pending confirmation
Supervisory authority
ANSPDCP · B-dul G-ral. Gheorghe Magheru 28-30 · 010336 Bucharest · www.dataprotection.ro
Reg. no. · ANSPDCP registry
pending registration