Data Processing & Privacy
Your patient data stays in your country — always
Last updated: April 2026
Our Commitment to Data Sovereignty
At NouxVoice, we believe patient data belongs where patients are. All information generated through our service — including call records, transcripts, and appointment data — is processed and stored exclusively within the country where your practice operates.
No patient data ever crosses international borders. This is a fundamental design principle of our platform, not an afterthought.
Countries We Serve
| Country | Data Residency | Regulatory Framework |
|---|---|---|
| Australia | 100% in-country processing and storage | Privacy Act 1988, Australian Privacy Principles |
| Canada | 100% in-country processing and storage | PIPEDA, provincial health privacy laws |
| India | 100% in-country processing and storage | DPDPA 2023, IT Act 2000 |
How We Protect Your Data
We employ enterprise-grade security measures to protect patient information at every stage:
- Encryption at rest and in transit — All data is protected using industry-leading encryption standards, whether stored or being transmitted.
- Tenant isolation — Each healthcare practice operates in its own logically isolated environment. Your data is completely separated from other practices.
- Strict access controls — Access to patient data follows the principle of least privilege. Only authorised systems and personnel can access information.
- Audit logging — Comprehensive logs are maintained for all system activity, supporting compliance and security monitoring.
- Regular security assessments — Our infrastructure and processes undergo periodic security reviews to maintain the highest standards.
Compliance
NouxVoice is designed to help healthcare practices meet their obligations under local data protection and healthcare privacy laws. Our platform aligns with the requirements of:
- Australia: Privacy Act 1988, Australian Privacy Principles (APPs), My Health Records Act 2012, and guidelines issued by the OAIC.
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial health privacy legislation.
- India: Digital Personal Data Protection Act (DPDPA) 2023, Information Technology Act 2000, and associated rules governing sensitive personal data.
Data Retention
We retain patient data only as long as necessary to provide our service and meet legal requirements:
- Call records and transcripts: Retained for 3 months, then permanently and securely deleted.
- Analytics data: Aggregated and de-identified so it cannot be linked back to any individual. Retained to help improve service quality.
You may request early deletion of your data at any time by contacting us.
Data Processing Agreement
A formal Data Processing Agreement (DPA) is available for practices on our Enterprise plan. The DPA details our data processing obligations, security commitments, breach notification procedures, and compliance assurances.
To request a DPA, contact us at dpa@nouxvoice.com.
Questions?
If you have any questions about how we handle your data, we'd love to hear from you.
NouxAI Pty Ltd
Email: dpa@nouxvoice.com
Website: www.nouxvoice.com