Skip to main content

For large employers and health plans

Data architecture for employers and plan administrators

What we collect, what we share, and what we never share — in plain language.

What members control

The member owns their data.

Members create their own accounts independently. Employer seat activation is done by the employee — employers never know who activated.

All clinical data (symptoms, mood, journal, GP letters, community activity, AI conversations) belongs to the member.

Members can export all their data at any time.

Members can delete their account and all associated data at any time.

What employers receive

Aggregate only. Never individual.

Employers and plan administrators receive a quarterly anonymized usage summary: aggregate redemption rate, active use percentage, and feature engagement at cohort level.

No names. No symptoms. No clinical information. No individual-level data of any kind.

Company tier

30-minute review call to walk through the summary.

Enterprise tier

Formal reporting cadence and a named account contact.

What we never do

Hard limits.

We never sell or share member data with third parties.

We never provide individual-level data to employers or plan administrators.

We never use member data to train external AI models.

We never allow advertisers to target members based on their health data.

Compliance and legal

Where your data lives — and how it's protected.

Nila is operated by Ask Nila Solutions Limited, incorporated and operated in BC, Canada, and governed by Canadian law. Member data is held on our infrastructure provider's servers (Supabase, Inc., currently US region) under our control — see the member-facing Privacy Policy for the full subprocessor list.

Enterprise tier includes Data Processing Agreement (DPA) and Master Services Agreement (MSA) available on request.

PIPEDA and Canadian provincial privacy laws (FOIPPA, FOIP, FIPPA) compliant. GDPR-ready for UK and EU partners.

US employers: we do not collect PHI as defined under HIPAA — Nila is not a covered entity. Members use Nila on their own terms outside clinical care settings.

SSO integration available for Enterprise tier.

For research partners

Ethics-first collaboration.

No member data is shared without explicit individual opt-in.

Ethics-approved studies only.

Aggregate platform context available for study design purposes — never individual records.

Co-authorship framework available on request.

Learn more about research partnerships

Questions about our data architecture, DPA, or compliance requirements? Contact us directly.

erin@hellonila.com