nSight SurgicalBook a demo

Legal

Privacy Policy

Last reviewed: April 30, 2026 (draft — pending legal review)

Who we are

nSight Surgical Inc. (“nSight,” “we,” “us”) provides decision-support and quality- improvement software for surgical teams. This policy describes how we handle information collected through nsightsurgical.ai and the related investor portal.

Information our customers handle through the platform itself — including any protected health information (PHI) — is governed by the customer’s Business Associate Agreement (BAA) with nSight, not by this policy.

What we collect on this site

  • Information you submit. Demo requests (name, work email, organization, role, message), investor access requests (email, firm, title, relationship), and contact-form submissions.
  • Authentication data. If you have an investor portal account, we store your email address and a salted Argon2id hash of your password. We do not store plaintext passwords.
  • Usage data. Standard server logs (IP address, user agent, timestamps) and audit events for authenticated portal actions (logins, page views, document views, downloads).
  • Cookies. A session cookie issued by NextAuth for authenticated users. No third-party advertising or tracking cookies.

How we use it

  • To respond to demo and investor-access requests.
  • To authenticate and authorize portal users.
  • To maintain an audit trail of access to investor and diligence-tier content.
  • To investigate security incidents.
  • To send transactional email (approval notifications, password resets) — never marketing email.

Who we share it with

  • Cloud infrastructure providers. Amazon Web Services hosts the application and database. We enter Business Associate Agreements with all infrastructure providers that may incidentally access information.
  • Email delivery. Amazon SES (via SMTP) delivers transactional email.
  • Legal disclosures. We may disclose information when required by law or to protect rights, safety, or property.

We do not sell personal information.

Retention

Demo requests and contact-form submissions are retained for up to 24 months. Investor portal account data is retained for the life of the account plus a 90-day grace period. Audit-event logs are retained indefinitely as part of the portal’s integrity record.

Your rights

You can request access to, correction of, or deletion of personal information we hold about you. Email security@nsightsurgical.ai.

Updates to this policy

We’ll post material changes here with an updated “Last reviewed” date. Significant changes affecting investor portal users will also be notified by email.

Contact

Questions about this policy: security@nsightsurgical.ai.