Privacy Policy

1. Who We Are

ClinicShifts LLC ("ClinicShifts," "we," "our," or "us") provides staff‑scheduling and credential‑management software for medical practices. We are headquartered in Washington, USA.

Contact: contact@clinicshifts.com

2. Scope

This Privacy Policy explains how we collect, use, share, and protect personal information when you visit clinicshifts.com (the "Site") or use our web application (collectively, the "Service"). It does not cover protected health information (PHI) and our Service is not intended to store or process PHI. Our Service is not directed to children under 18.

3. Information We Collect

We do not knowingly collect information from anyone under 18.

4. How We Collect Information

• Information you provide directly when you: create an account, request a demo, complete web forms, or interact with support.
• Information collected automatically via cookies, server logs, and Google Analytics.
• Information imported when you connect a third‑party calendar.

5. How We Use Information

• Provide, operate, and support the Service (scheduling, credential tracking, notifications, billing).
• Send transactional e‑mails (shift alerts, credential reminders, invoices).
• Improve and troubleshoot the Service through aggregated analytics.
• Send newsletters or marketing communications only if you have opted‑in (you may unsubscribe at any time).
• Detect, prevent, and respond to security incidents or legal requests.

6. Legal Basis (U.S.)

We process personal information as necessary to perform our contract with you, pursue our legitimate interests (e.g., product improvement, marketing), and comply with applicable laws. Where required, we obtain your consent.

7. How We Share Information

We do not sell personal information. We will disclose information only if required by law or you give explicit consent.

8. Cookies & Tracking Technologies

We use first‑party cookies/session storage for authentication and Google Analytics cookies for anonymous site metrics. You may disable cookies in your browser; however, the Service may not function properly.

9. Data Retention

• Active accounts: retained for the duration of the subscription.
• Closed accounts: deleted within 30 days following a verifiable deletion request.
• Log files & backups: purged on a rolling 90‑day cycle.

10. Your Choices & Rights

• Access / Correction: Request a copy of, or correction to, your personal information.
• Deletion: E‑mail contact@clinicshifts.com to delete your account; we will respond within 30 days.
• Opt‑Out of Marketing: Follow the unsubscribe link in any marketing e‑mail.

California Privacy Notice (CCPA/CPRA)

While ClinicShifts currently falls below the statutory thresholds for mandatory CCPA compliance, we voluntarily honor the core rights of California residents: access, deletion, and opt‑out of "sale" or "sharing" of personal data. We do not sell personal data as defined by the CCPA.

11. Security

We employ industry‑standard safeguards: TLS encryption in transit, AES‑256 at rest, least‑privilege access controls, logging & monitoring, and annual penetration testing. No method of transmission or storage is 100% secure; therefore, we cannot guarantee absolute security.

12. International Transfer

We operate solely in the United States. If you access the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S.

13. Changes to This Policy

We may update this Policy periodically. Material changes will be posted on the Site and, where appropriate, notified via e‑mail. The "Effective date" at the top will show the latest revision.

14. Contact

For questions or requests regarding this Policy, contact us at: contact@clinicshifts.com