Data Handling Policy

Nodes Bio, Inc. — Last updated: March 20, 2026

🔒 PII-free by design — Neither Jarvis nor MedMap require or collect personal information as part of their core functionality. No patient data, personal details, or identity information flows through the AI processing pipeline.

Platform-Wide Principles

  • No user identity is sent to third-party AI providers — only prompt text
  • No prompt content appears in server logs — only request IDs
  • Authentication tokens stored client-side only (localStorage), never in Jarvis or MedMap data tables
  • All API communication encrypted via TLS (HTTPS)
  • Infrastructure hosted on AWS (us-east-2) with IAM least-privilege access

⚡ Jarvis — AI Synthesis

What Jarvis Collects

Your prompt textStored to process your request and enable follow-up questions. Not used for training.
AI model responsesStored to display results, generate synthesis, and enable comparisons.
Synthesis outputGenerated from model responses, cached for performance.
Usage countTracked per user or IP for free-tier rate limiting (10/week).
IP address (anonymous only)Used solely for rate limiting. Not stored for logged-in users.

What Jarvis Does NOT Collect

  • No names, emails, or account details in Jarvis data tables
  • No IP addresses for authenticated users
  • No cookies or tracking beyond authentication

Jarvis Data Retention

Anonymous usersPrompts, responses, and synthesis auto-deleted after 30 days.
Authenticated usersData retained while your account is active. Request deletion anytime.
In-memory streaming dataPurged automatically 5 minutes after model completion.

Jarvis Data Flow

  1. You submit a prompt — screened by content moderation before processing.
  2. Prompt sent to selected AI models (OpenAI, Anthropic, Google, etc.) — no user identity attached.
  3. Responses streamed back — held in server memory, saved to database.
  4. Synthesis generated — a meta-model compares all responses, produces unified insight.
  5. In-memory data purged — streaming buffers cleared 5 minutes after completion.

🧬 MedMap — Network Visualization

What MedMap Collects

Your prompt textStored in usage events for analytics and to improve the service.
Processing metadataGeneration time, model used, graph complexity metrics.
User IDUUID linked to your account — used for usage tracking.

What MedMap Does NOT Collect

  • No anonymous access — authentication required
  • No IP addresses stored
  • No generated graph data stored server-side — graphs render client-side in your browser
  • No exported images or files stored — exports are generated locally

MedMap Data Flow

  1. You describe a biological pathway — prompt sent to AI model (Anthropic Claude).
  2. Structured graph data returned — nodes, edges, and relationships.
  3. Graph rendered in your browser — using Cytoscape.js, entirely client-side.
  4. Exports generated locally — PNG/SVG created in your browser, never uploaded.

Third-Party AI Providers

Both Jarvis and MedMap send prompt text to AI providers (OpenAI, Anthropic, Google). We use API access (not consumer products), which means prompts are typically not used for model training. We never send your name, email, IP address, or any identifying information — only the prompt text itself.

Your Rights

  • Request deletion of all your data at any time — email privacy@nodes.bio
  • Anonymous Jarvis data is automatically purged after 30 days
  • Export your data by contacting us
  • MedMap graphs exist only in your browser — close the tab and they're gone (unless you exported)