Data Handling Policy
Nodes Bio, Inc. β Last updated: March 20, 2026
π PII-free core pipeline β Neither Jarvis nor MedMap require or collect personal information as part of their core functionality. No patient data, personal details, or identity information flows through the core AI processing pipeline. If you choose to upload documents or images, their content is processed as described in βUploaded Documents & Imagesβ below. Do not upload PHI or regulated clinical data β the Service is not HIPAA compliant.
Platform-Wide Principles
- No user identity is sent to third-party AI providers β only prompt text
- No prompt content appears in server logs β only request IDs
- Authentication tokens stored client-side only (localStorage), never in Jarvis or MedMap data tables
- All API communication encrypted via TLS (HTTPS)
- Infrastructure hosted on AWS (us-east-2) with IAM least-privilege access
β‘ Jarvis β AI Synthesis
What Jarvis Collects
What Jarvis Does NOT Collect
- No names, emails, or account details in Jarvis data tables
- No IP addresses for authenticated users
- No cookies or tracking beyond authentication
Jarvis Data Retention
Uploaded Documents & Images (Jarvis)
Jarvis Data Flow
- You submit a prompt β screened by content moderation before processing.
- Prompt sent to selected AI models (OpenAI, Anthropic, Google, etc.) β no user identity attached.
- Responses streamed back β held in server memory, saved to database.
- Synthesis generated β a meta-model compares all responses, produces unified insight.
- In-memory data purged β streaming buffers cleared 5 minutes after completion.
𧬠MedMap β Network Visualization
What MedMap Collects
What MedMap Does NOT Collect
- No anonymous access β authentication required
- No IP addresses stored
- No generated graph data stored server-side β graphs render client-side in your browser
- No exported images or files stored β exports are generated locally
MedMap Data Flow
- You describe a biological pathway β prompt sent to AI model (Anthropic Claude).
- Structured graph data returned β nodes, edges, and relationships.
- Graph rendered in your browser β using Cytoscape.js, entirely client-side.
- Exports generated locally β PNG/SVG created in your browser, never uploaded.
Third-Party AI Providers
Both Jarvis and MedMap send prompt text to AI providers (OpenAI, Anthropic, Google). We use API access (not consumer products), which means prompts are typically not used for model training. We never send your name, email, IP address, or any identifying information β only the prompt text itself.
Your Rights
- Request deletion of all your data at any time β email privacy@nodes.bio
- Anonymous Jarvis data is automatically purged after 30 days
- Export your data by contacting us
- MedMap graphs exist only in your browser β close the tab and they're gone (unless you exported)