Skip to main content
Home/Privacy Policy

Privacy Policy

Last updated: 22 June 2026

This policy explains how NOVERI collects, uses, and protects personal data. NOVERI is a supervision and practice-hours record-keeping platform for trainee psychologists, counsellors, and allied mental health professionals, and the supervisors and institutions who work with them.

1. Who we are

The data controller for NOVERI is Niraivo Health Ltd, a company registered in the United Kingdom, registered with the Information Commissioner's Office under reference ZC178791. In this policy “we”, “us”, and “our” mean Niraivo Health Ltd.

We use a development partner, BBT, as a data processor. BBT operates the platform's technical infrastructure on our instructions and has no independent right to use your data.

A separate entity may also be incorporated to serve African operations, and this policy will be updated to identify the relevant controller for users in those territories.

2. Scope

This policy applies to the NOVERI web application at noveri.app and to all personal data we process through it. It does not apply to the websites or services of your training institution, your supervisor, or any third party, even where those are linked from NOVERI.

3. The data we collect

Account data

Your name, email address, account role (trainee, supervisor, or institutional administrator), and authentication credentials.

Practice and supervision records

The hours you log, the activities and placements you record, the cases you open (see section 4), pre-supervision worksheets, post-session supervision records, reflective journal entries, messages exchanged with a linked supervisor or trainee, and any documents you upload.

Institutional data

Where you access NOVERI through a training institution, your association with that institution's programmes and cohorts, and records of supervisor countersignatures and sign-offs.

Payment data

Where you hold a paid subscription, billing is handled by Stripe. We do not store your full card details. We hold the limited records Stripe returns to us, such as subscription status and the last four digits of a card.

Usage and technical data

Standard server and application logs, including IP address, device and browser information, and records of actions taken in the application, which we use for security, troubleshooting, and audit integrity.

4. Client and third-party information — important

NOVERI is not a clinical record system and must not be used to store information that identifies your clients or patients.

When you record cases, worksheets, supervision records, or journal entries, you must use anonymised case references only. Do not enter names, dates of birth, addresses, or any other detail that could identify a client, either alone or in combination.

You are responsible for ensuring that information you enter does not identify a third party. Entering identifiable client information would mean processing special-category health data about people who have not consented to that processing, which is your responsibility as the person entering it, and is a misuse of the platform.

5. How we use your data and our legal bases

We process your data to:

  • provide the platform and your account, and to deliver the features of your tier (performance of our contract with you);
  • take payment and manage subscriptions (performance of our contract);
  • keep the platform secure, prevent fraud and abuse, and maintain the integrity of audit records (our legitimate interests in operating a secure and trustworthy service);
  • communicate with you about your account, including service and security notices (performance of our contract and legitimate interests);
  • comply with our legal obligations (legal obligation).

Where we ever rely on consent — for example for any optional analytics or communications that are not essential to the service — you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

6. Reflective journal confidentiality

Reflective journal entries are private to the trainee who wrote them. They are not visible to supervisors, institutional administrators, or any other user, and are never included in any export bundle or shared record. Sensitive fields, including journal entries, are encrypted at the field level.

7. Where your data is stored and who processes it

Your data is hosted within the European Union and processed by a small number of sub-processors acting on our instructions:

Sub-processorPurposeLocation
NeonPrimary databaseFrankfurt, EU
VercelApplication hosting and deliveryGlobal edge network
StripePayment processingGlobal
ResendTransactional emailGlobal

Some of these providers may process limited data outside the United Kingdom and European Economic Area. Where they do, the transfer is protected by appropriate safeguards, such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision.

If we incorporate a separate African entity and introduce regional hosting (for example AWS Cape Town), this section will be updated to reflect data residency for users in those territories.

8. How long we keep your data

We keep your account and practice records for as long as your account is active. Because your supervised-practice record may have lasting professional value to you, we do not delete it automatically while your account remains open.

If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain certain records to meet a legal obligation, resolve disputes, or maintain the integrity of audit records that others rely on. You can request export of your data before closing your account (see section 9).

9. Your rights

Under UK data protection law you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability — you can export your data in a structured, machine-readable format, and an annual portability export is available within the application;
  • withdraw consent where we rely on it.

To exercise any of these rights, contact us using the details in section 13. We will respond within the time limits set by law.

10. Security

We protect your data with measures including encryption in transit, field-level encryption of sensitive data, access controls, and audit logging. No system is perfectly secure, but we take the security of clinical-training records seriously and design the platform accordingly. The platform meets WCAG AA accessibility standards.

11. Cookies

NOVERI uses only the cookies necessary to keep you signed in and to operate the service securely. We do not use advertising or third-party tracking cookies.

12. Children

NOVERI is intended for adult trainees, supervisors, and administrators. It is not directed at children and we do not knowingly collect data from anyone under 18.

13. Contact and complaints

For any privacy question or to exercise your rights, contact us at hello@noveri.app.

If you are not satisfied with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk.

14. Changes to this policy

We may update this policy from time to time. When we make a material change we will update the date at the top and, where appropriate, notify you through the application.