Last updated: April 21, 2026 · Pilot release
Summary. Face video never leaves the patient's device. Only numeric session metrics are uploaded. Patients are identified by an enrollment code the clinician assigns — no name, no email, no date of birth. Data is hosted in Ireland (EU) under GDPR. Patient accounts and sessions can be deleted by the clinician at any time.
All face tracking happens in the patient's browser using on-device machine learning (MediaPipe Face Landmarker). The camera stream is processed locally and never uploaded to any server. No video, image, or audio is recorded, transmitted, or stored by Nasal.
After each session, the patient's device uploads a summary:
| Field | Example | Purpose |
|---|---|---|
| Enrollment code | NSL-X4K2-B7PQ | Links session to the clinician's patient |
| Duration & events | 20 min, 12 events | Core clinical metrics |
| Per-block metrics | open %, event count | Within-session intervention analysis |
| jawOpen timeline | 1 sample/second | Signal-level review in dashboard |
| App version, phase | 0.9.1, baseline | Protocol and bug tracking |
No video, image, audio, IP address, device fingerprint, cookie, or advertising identifier is collected.
When enrolling a patient, the clinician may optionally enter:
The clinician is responsible for maintaining the mapping from enrollment code to real patient identity in their own clinical records. Nasal stores no name, address, phone, email, photo, or full date of birth for patients.
To sign into the dashboard, clinicians provide an email address and a password. Passwords are hashed via Supabase Auth (bcrypt). The email is used solely for sign-in and account recovery; no marketing emails are sent.
Backend data is stored in a Supabase-managed PostgreSQL database in Dublin, Ireland (AWS eu-west-1), within the European Economic Area. This hosting location applies to all clinicians and patients during the pilot, regardless of their country of residence.
Sessions are retained indefinitely during active clinical use. Clinicians may deactivate a patient at any time (their enrollment code stops working immediately) or request full deletion of a patient's sessions via support. Clinicians may close their own account and delete all associated patient records at any time.
Processing is carried out on the basis of the clinician's legitimate interest in treating their patient, with the patient (or patient's guardian) having given explicit consent to the clinician as part of their treatment intake. The clinician is the data controller; Nasal is the data processor.
Nasal does not sell, rent, or share patient data with any third party. Data is visible only to the clinician who enrolled the patient. No advertising, analytics, or behavioral tracking services are integrated.
All traffic uses TLS (HTTPS). Database access is enforced by row-level security: a clinician can only read or modify data belonging to patients they enrolled. Patient-app requests use a public anonymous key that can only invoke specific stored procedures (enrollment-code verification, session upload); it has no direct read or write access to any table.
Nasal is a wellness prototype, not a medical device. It is intended as a supervised biofeedback and training aid used under the direction of a qualified clinician (orthodontist, myofunctional therapist, speech-language pathologist, or equivalent). It does not diagnose, treat, cure, or prevent any disease. No regulatory approval (CE-MDR, FDA, UKCA) has been sought or granted at this time.
Nasal is frequently used by children under 18 under the supervision of a parent and a clinician. No direct-to-child marketing occurs. Consent for a minor's data processing is the responsibility of the parent or guardian, collected by the clinician as part of the treatment agreement. If a child's account is identified without proper guardian consent, it will be deleted on notice.
Patients (or their guardians) have the right, via their clinician, to:
For privacy questions, data subject requests, or regulatory inquiries: contact the clinician who enrolled you, who will route the request. Nasal, as the data processor, will cooperate fully with data controllers (clinicians) on any valid request.