Privacy Policy

Effective: March 18, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, and professional details such as nursing specialties and experience.

Credential Documents

Nurses upload professional credential documents including licenses, certifications, immunization records, and other compliance-related files. These documents may contain sensitive personal and health-related information.

Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, browser type, and IP address.

2. How We Use Your Information

  • Provide, maintain, and improve the Platform
  • Facilitate credential verification and nurse-agency matching
  • Process payments and manage subscriptions
  • Send service-related notifications and expiration alerts
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

3. HIPAA Considerations

While CredPass is not a covered entity under HIPAA, we recognize that credential documents may include health-related information such as immunization records, drug screening results, and physical examination reports. We apply HIPAA-grade protections to all credential documents stored on the Platform, including:

  • Encryption at rest and in transit (AES-256 and TLS 1.2+)
  • Time-limited, presigned URLs for document access
  • Role-based access controls (RBAC)
  • Audit logging of all document access

4. Data Sharing and Agency Access

Your credential data is shared only as follows:

  • Nurse visibility settings — Nurses control who can view their credentials through visibility settings (restricted, limited, or open). Agencies can only access nurse profiles and credentials in accordance with these settings.
  • Service providers — We use trusted third-party services for hosting, payment processing (Stripe), and email delivery. These providers are contractually bound to protect your data.
  • Legal requirements — We may disclose information when required by law, regulation, or legal process.

We do not sell your personal information to third parties.

5. Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for credential documents
  • Multi-factor authentication (MFA) support
  • Role-based access control (RBAC)
  • Regular security audits and monitoring
  • Secure, presigned URLs for all document downloads

6. Data Retention

We retain your account data and credential documents for as long as your account is active. If you delete your account, we will remove your personal data and credential documents within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

7. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data and account
  • Portability — Request your data in a portable, machine-readable format

To exercise these rights, contact us at support@credpass.pro.

8. Cookies

We use cookies and similar technologies to operate the Platform. For details, see our Cookie Policy.

9. Children's Privacy

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the effective date at the top of this page.

11. Contact

If you have questions about this Privacy Policy, contact us at support@credpass.pro.