Enterprise Privacy Policy

1. Exhaustive Information Collection

We collect information from you directly, automatically, and from third parties to provide and optimize the Service:

A. Information You Provide Directly

• Account Credentials: Full name, professional email, phone number, and hashed passwords.
• Corporate Information: Facility names, corporate addresses, NPI numbers, billing contacts, and organizational hierarchies.
• Uploaded Content: Invoices, time logs, and associated metadata uploaded to the Service.

B. Information Collected Automatically

• Telemetry & Usage Data: Clicks, scrolling behavior, feature utilization rates, API endpoints accessed, latency, and error rates.
• Device & Network Data: IP addresses, MAC addresses, browser fingerprints, operating system details, and ISP information. We reserve the right to deploy tracking pixels and session recording tools to monitor platform performance.

C. Third-Party Data

• Data from our payment processor (Stripe), identity verification services, or external CMS databases (e.g., QCOR) used to augment facility profiles.

2. Extremely Broad Data Usage Rights

By using SNFGuard, you grant us broad and irrevocable rights to utilize the data collected (excluding PHI) for the following purposes:

• Service Delivery: To operate, maintain, and secure the Platform.
• Algorithmic Training: To train, validate, and improve our proprietary machine learning algorithms, OCR engines, and data extraction pipelines. Prior to such usage, you explicitly grant us the perpetual right to de-identify PHI. We shall use commercially reasonable efforts to de-identify data in accordance with the principles of the HIPAA Privacy Rule Safe Harbor method (45 CFR § 164.514(b)(2)) or formal Expert Determination.
• Data Monetization & Benchmarking: To create, publish, and potentially commercialize entirely anonymized and aggregated industry reports (e.g., "Average RN Agency Rates in Texas"). We guarantee that no specific facility or agency will be identifiable in these products.
• Marketing & Profiling: To send you B2B marketing communications, personalized offers, and service updates.

4. Unrestricted Sharing with Affiliates and Acquirers

We may share your information (including Account and Usage Data) under the following circumstances:

• Service Providers: With hosting providers, analytics tools, customer support software, and payment gateways.
• Corporate Transactions: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your data will be transferred as a business asset without requiring further consent.
• Legal Obligations: We will comply fully with subpoenas, court orders, legal processes, and law enforcement requests without necessarily providing you prior notice.

5. Security Posture and User Assumption of Risk

We employ enterprise-grade security measures including TLS 1.2+ encryption in transit, AES encryption at rest, and strict RBAC. However, no system is impenetrable.

By using the Service, you acknowledge that internet transmissions are never completely private or secure. You assume all risks associated with transmitting data to our servers. SNFGuard disclaims all liability for unauthorized access, hacking, data loss, or other breaches beyond our commercially reasonable control.

6. Data Retention Policy

We retain Account Data for as long as your account is active and up to seven (7) years thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements. Uploaded documents (PDFs/CSVs) are processed in-memory and typically deleted after data extraction, but the extracted mathematical data and audit logs are retained indefinitely. De-identified analytical data is retained perpetually.

7. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, you consent to the transfer, storage, and processing of your data in the United States, which may have less stringent data protection laws than your home jurisdiction.

8. Privacy Rights and B2B Exemption

SNFGuard is strictly a B2B service. Therefore, certain consumer privacy rights (such as broad provisions under the CCPA or similar state laws) may not fully apply to your data, as you are interacting with us in a commercial capacity.

Do Not Track (DNT) Signals: We do not currently respond to browser "Do Not Track" signals or other mechanisms that might enable consumers to opt out of tracking across websites.

Nonetheless, you may request to access, correct, or delete your personal account information by contacting us. We reserve the right to reject requests that are unreasonable, require disproportionate technical effort, or conflict with our legal retention obligations.

9. Governing Law & Entity Limitations

This Privacy Policy and any disputes related thereto shall be governed by and construed in accordance with the laws of the State of Georgia and applicable federal law, without regard to its conflict of law provisions. You acknowledge that SNFGuard is operated by a sole proprietor based in Georgia, and you waive any right to bring claims under consumer privacy statutes intended for non-commercial entities.

TIME LIMITATION ON CLAIMS: Any cause of action or claim you may have arising out of or relating to this Privacy Policy, our data practices, or a data breach must be commenced within one (1) year after the cause of action accrues, otherwise, such cause of action or claim is permanently barred.

10. Changes to this Policy

We reserve the right to update this Privacy Policy at any time. We will provide at least thirty (30) days' written notice (via email or platform notification) before any material changes to this Policy take effect. Your continued use of the Service after such notice period constitutes your binding acceptance of the revised Privacy Policy. If you do not agree to the new terms, you must stop using the Service and cancel your account prior to the effective date.