Privacy Policy
Your privacy matters to us. This policy explains what personal data we collect, how we use it, how long we keep it, and your rights under UK GDPR and the Data Protection Act 2018.
1. Who We Are
Lihv Connect is operated by Noda Tech Ltd, registered in England and Wales. We are the data controller for personal data collected through the platform.
Our contact for data protection matters: contact@nodatech.co.uk
2. What Data We Collect
2.1 Account and registration data
- Name, email address, and contact details
- Professional credentials and registration information
- Billing information (processed securely via our payment provider — we do not store card details)
- Clinic or business name and address
2.2 Platform usage data
- Login activity, session timestamps, and feature usage
- Device type, browser, IP address, and operating system
- Pages visited and actions taken within the platform
2.3 Lihv Assist conversation data
- Messages sent to and received from Lihv Assist are logged server-side
- Logs include: your user ID, session ID, timestamp, and message content
- We instruct practitioners not to include patient-identifying information in AI conversations. Where such information is detected, it is flagged and not processed further
- Conversation content is retained for 90 days, after which message content is automatically deleted. Metadata (session ID, timestamp, intent category) is retained indefinitely for platform analytics
2.4 Patient data (EMR)
Where you use Lihv Connect's patient record features, you upload and manage patient data as the data controller. We act as your data processor under a Data Processing Agreement. Please refer to that agreement for details of how patient data is handled.
3. How We Use Your Data
| Purpose | Lawful basis |
|---|---|
| Providing and managing your account | Contract |
| Processing payments | Contract |
| Delivering Lihv Assist and platform features | Contract |
| Logging AI conversations for safety, quality, and abuse monitoring | Legitimate interests |
| Improving the platform and AI system prompt | Legitimate interests |
| Sending service updates, security notices, and legal notifications | Contract / Legal obligation |
| Sending marketing communications (with your consent) | Consent |
| Complying with legal obligations | Legal obligation |
4. Who We Share Data With
We do not sell your personal data. We may share it with:
- Anthropic: Messages sent to Lihv Assist are processed via the Anthropic Claude API. Anthropic acts as a sub-processor. Messages are not used by Anthropic to train their models under the API terms.
- Payment processors: For secure billing. They act under their own privacy policies.
- Hosting and infrastructure providers: Our platform is hosted on secure cloud infrastructure within the UK/EEA.
- Legal and regulatory authorities: Where required by law.
5. Data Retention
| Data type | Retention period |
|---|---|
| Account and registration data | Duration of account plus 7 years after closure |
| Billing records | 7 years (legal requirement) |
| AI conversation content | 90 days, then automatically deleted |
| AI conversation metadata | Indefinitely (anonymised analytics) |
| Platform usage logs | 12 months |
| Patient EMR data | As set out in your Data Processing Agreement |
6. Your Rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure of your data in certain circumstances
- Restriction of processing in certain circumstances
- Portability of data you have provided to us
- Object to processing based on legitimate interests
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at contact@nodatech.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.
7. Security
We use appropriate technical and organisational measures to protect your data, including encrypted data transmission, access controls, and regular security reviews. AI conversation data is stored server-side only and the Anthropic API key is never exposed to the client browser.
8. Changes to This Policy
We may update this policy from time to time. We will notify you by email of any material changes before they take effect. The current version is always available at this page.
9. Contact
For any privacy-related queries: contact@nodatech.co.uk
Noda Tech Ltd. Registered in England and Wales. This Privacy Policy was last updated in April 2026 and complies with UK GDPR and the Data Protection Act 2018.