Privacy Policy

Smart Scheduler ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare staffing management platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

1. Information We Collect

1.1 Personal Information

We collect information that identifies, relates to, describes, or could reasonably be linked with you ("Personal Information"), including:

• Account Information: Name, email address, phone number, password (encrypted), tenant/organization affiliation
• Profile Information: Role (admin, staff, client), avatar, notification preferences, metadata
• Employment Information: For staff members - certifications, availability, hourly rates
• Client Information: For clients - service locations, contact details, service requirements

1.2 Location Information

We collect precise geolocation data when staff members clock in and out of shifts:

• GPS Coordinates: Latitude and longitude for geofence validation
• Location Accuracy: Accuracy radius of GPS reading
• Timestamp: Date and time of location capture
• Device Information: IP address, user agent, device identifiers

Note: Location data is collected only when staff actively clock in or out of shifts. We do not track continuous location or collect location data at any other time.

1.3 Usage Information

We automatically collect certain information about your device and how you interact with our platform:

• Browser type and version
• Operating system
• IP address
• Log data (pages visited, features used, timestamps)
• Cookies and similar tracking technologies

1.4 Communication Data

We collect information related to communications through our platform:

• Notification preferences (email, SMS, push)
• FCM (Firebase Cloud Messaging) tokens for push notifications
• Communication history and delivery status

1.5 Digital Signatures

We collect and store digital signatures captured during shift acceptance, clock-in, clock-out, and timesheet verification. Signatures include metadata such as timestamp, IP address, and geolocation.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Core Platform Services

• Create and manage user accounts
• Facilitate shift scheduling, assignment, and management
• Verify staff attendance through GPS geofencing
• Process clock-in/clock-out events
• Generate timesheets and billing reports
• Manage digital signatures for compliance

2.2 Communications

• Send shift notifications and reminders (email, SMS, push)
• Provide customer support and respond to inquiries
• Send administrative updates and important notices
• Deliver requested reports and documents

2.3 Platform Improvement

• Analyze usage patterns to improve features and user experience
• Monitor platform performance and security
• Develop new features and services
• Conduct research and analytics

2.4 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Maintain audit trails for compliance purposes
• Verify GPS location data for attendance validation
• Enforce our Terms of Service and policies

3. Disclosure of Your Information

We may share your information in the following circumstances:

3.1 Within Your Organization

Information is shared within your tenant/organization according to role-based access controls. Admins can view staff and client information relevant to shift management.

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Railway: Cloud infrastructure and database hosting
• Vercel: Frontend application hosting
• SendGrid: Email delivery
• Twilio: SMS notifications
• Firebase (Google): Push notifications
• Google Maps/Places API: Address autocomplete and geocoding
• Sentry: Error tracking and monitoring

These service providers are contractually obligated to use your information only to provide services to us and in a manner consistent with this Privacy Policy.

3.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Smart Scheduler, our users, or others.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our platform of any change in ownership.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
• Encryption at Rest: All data stored in our databases is encrypted at rest
• Multi-Tenant Isolation: Row-Level Security (RLS) ensures complete data isolation between tenants
• Password Protection: Passwords are hashed using bcrypt with 12 rounds
• Access Controls: Role-based access controls limit data access to authorized users
• Audit Trails: All sensitive actions are logged with timestamp, user ID, and IP address
• Regular Security Audits: We conduct regular security assessments and penetration testing

Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 7 years after account closure for compliance purposes
• Timesheet and Billing Records: Retained for 7 years to comply with legal and tax requirements
• GPS Location Data: Retained for 3 years for audit and compliance purposes
• Digital Signatures: Retained for 7 years for legal and compliance purposes
• Communication Records: Retained for 1 year unless required for compliance
• Log Data: Retained for 90 days for security and performance monitoring

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 Right to Access

You have the right to request a copy of the personal information we hold about you.

6.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information.

6.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., tax records, legal compliance).

6.4 Right to Data Portability

You have the right to request that we transfer your data to another service provider in a machine-readable format.

6.5 Right to Opt-Out

You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or updating your notification preferences in your account settings.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@smartscheduler.com. We will respond to your request within 30 days.

7. Children's Privacy

Our platform is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8. International Data Transfers

Your information may be transferred to, and maintained on, servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using Smart Scheduler, you consent to the transfer of your information to the United States and other jurisdictions.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: