Privacy Policy

Last Updated: October 25, 2025

NursePlatform ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare staffing platform.

1. Information We Collect

1.1 Information You Provide to Us

For All Users:

• Account Information: Name, email address, password, phone number
• Profile Information: Profile photo, professional summary, preferences
• Communication Data: Messages, support inquiries, feedback

For Nurses:

• Professional Information: Nursing licenses, certifications, specializations
• Educational Background: Nursing degrees, institutions attended, graduation dates
• Work Experience: Employment history, positions held, responsibilities
• Skills and Qualifications: Clinical skills, procedural competencies, specialties
• Documents: License copies, certificates, transcripts, immunization records
• Sensitive Data (Encrypted): Government ID numbers (NHS, SSN, NI number), date of birth, bank details (for shift marketplace)
• Availability: Shift preferences, location preferences, start date

For Hospitals:

• Facility Information: Hospital name, location, size, departments
• Representative Information: Name, title, contact details of authorized users
• Job Postings: Position details, requirements, compensation
• Billing Information: Payment details for subscriptions

1.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Location Data: General location based on IP address (not precise GPS)
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

1.3 Information from Third Parties

• License Verification: Confirmation from licensing authorities (NMC, state boards, etc.)
• Background Checks: Results from authorized screening providers (with your consent)
• References: Information provided by professional references (with your consent)
• Payment Processors: Transaction confirmations from Stripe or other payment providers

2. How We Use Your Information

2.1 Primary Purposes

• Provide Services: Facilitate job matching, application processing, and communications
• Account Management: Create and maintain your account, process registrations
• Facilitate Hiring: Enable hospitals to review applications and nurses to apply for positions
• Verify Credentials: Confirm professional licenses and qualifications
• Process Payments: Handle subscription fees and shift marketplace transactions
• Customer Support: Respond to inquiries, resolve issues, provide assistance

2.2 Communications

• Transactional Emails: Application status updates, job matches, interview invitations
• Service Updates: Changes to Terms, Privacy Policy, platform features
• Marketing Communications: Job alerts, platform updates, tips (with consent, opt-out available)
• Administrative Messages: Account security, payment confirmations, compliance notifications

2.3 Platform Improvement

• Analytics: Understand usage patterns, improve features, optimize user experience
• Product Development: Develop new features based on user needs
• Quality Assurance: Monitor platform performance, identify and fix bugs
• Security: Detect fraud, prevent abuse, enforce Terms of Service

2.4 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Respond to legal requests, court orders, or government inquiries
• Protect our rights, property, and safety, and those of our users
• Enforce our Terms of Service

3. How We Share Your Information

3.1 With Other Users

• Nurse to Hospital: When you apply for a position, hospitals can view your profile, work history, and application materials
• Hospital to Nurse: Nurses can view hospital profiles and job postings
• Limited Information: Only information relevant to the employment relationship is shared

3.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

• Cloud Hosting: AWS, Hetzner (server infrastructure)
• Email Services: SendGrid, AWS SES (transactional emails)
• Payment Processing: Stripe (subscriptions and payments)
• Background Checks: Authorized screening providers (with your explicit consent)
• Analytics: Usage analytics and monitoring tools
• Customer Support: Support ticket and communication tools

All service providers are contractually obligated to maintain data confidentiality and security.

3.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes (subpoenas, court orders)
• Respond to lawful requests from public authorities
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Report to licensing authorities (in cases of credential fraud)

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of such changes.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over HTTPS/TLS, sensitive data encrypted at rest
• Access Controls: Role-based access, authentication requirements, audit logs
• Secure Infrastructure: Firewall protection, regular security patches, monitoring
• Employee Training: Staff trained on data protection and confidentiality
• Incident Response: Procedures for detecting and responding to security breaches

4.2 Encrypted Data

The following sensitive data is encrypted using Rails Active Record Encryption:

• Government identification numbers (NHS, SSN, NI number)
• Date of birth
• Bank account details
• Salary information

4.3 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Enabling two-factor authentication (when available)
• Reporting suspicious activity immediately

5. Data Retention

5.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide services.

5.2 Account Deletion

When you delete your account, we will:

• Delete or anonymize your personal information within 30 days
• Retain certain information as required by law or for legitimate business purposes
• Maintain audit logs and transaction records for compliance

5.3 Legal Requirements

We may retain information longer when required by law, to resolve disputes, enforce agreements, or for legitimate business purposes (e.g., financial records, employment verification).

6. Your Rights and Choices

6.1 Access and Portability

• Access: Request a copy of your personal information
• Data Export: Download your data in a portable format
• Transparency: Understand how your data is used

6.2 Correction and Updates

• Profile Editing: Update your profile information at any time
• Accuracy: Correct inaccurate or incomplete data
• Self-Service: Most updates can be made directly in your account settings

6.3 Deletion and Restriction

• Account Deletion: Delete your account and associated data
• Data Deletion: Request deletion of specific information
• Processing Restriction: Request we limit how we use your data

6.4 Communication Preferences

• Marketing Opt-Out: Unsubscribe from marketing emails
• Notification Settings: Control which notifications you receive
• Email Frequency: Adjust email communication frequency

6.5 Objection and Complaint

• Object to Processing: Object to certain uses of your data
• Withdraw Consent: Withdraw previously given consent
• File Complaint: Lodge a complaint with a data protection authority

7. Cookies and Tracking Technologies

7.1 Types of Cookies

• Essential Cookies: Required for platform operation (authentication, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand usage patterns (can be disabled)
• Marketing Cookies: Track your activity for advertising purposes (opt-in required)

7.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent tool. Note that disabling certain cookies may limit platform functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers
• Compliance with GDPR and applicable data protection laws

9. Children's Privacy

NursePlatform is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it immediately.

10. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notification to registered users
• Requiring acknowledgment for significant changes

12. GDPR Compliance

If you are a resident of the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR):

• Lawful Basis: We process your data based on consent, contractual necessity, legal obligations, or legitimate interests
• Data Protection Officer: Contact our DPO at dpo@nurseplatform.com for GDPR inquiries
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
• Data Transfers: We use appropriate safeguards for international data transfers

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: