TRACKFAZE PRIVACY POLICY

1. Information We Collect

We collect information you provide directly, including:

Account Information:

• Name and email address
• Password (securely hashed)
• Role and permissions

Employee and Staff Records:

• Full name, email address, phone number
• Date of birth and home address
• Job title, department, and supervisor
• Hire date and employment type (W2/1099)
• Employee identification number
• Salary or pay rate (if entered)

Professional Credentials:

• License and certification names
• License/certificate numbers
• Issuing authority and state/jurisdiction
• Issue and expiration dates
• Uploaded credential documents (images, PDFs)

Candidate/Applicant Information:

• Contact information
• Resume and application materials
• References (name, phone, email, relationship)
• NPI number and license information

Documents and Files:

• Uploaded documents (HR records, policies, credentials)
• File metadata (name, size, upload date)

Training and Policy Records:

• Training completion timestamps
• Quiz scores
• Electronic signatures for policy acknowledgments

Automatically Collected Information:

• IP address
• Browser and device information
• Activity logs and session data
• Usage analytics

2. How We Use Your Information

We use collected information to:

• Provide and maintain the Trackfaze platform
• Send credential expiration reminders and notifications
• Track employee onboarding and training compliance
• Generate compliance reports and audit trails
• Process payments and manage subscriptions
• Provide customer support
• Monitor and improve platform performance
• Detect and prevent fraud or security issues

3. Third-Party Service Providers

We use the following service providers to operate Trackfaze:

Infrastructure and Hosting:

• Vercel (application hosting, serverless functions, file storage, scheduled tasks)
• Supabase (PostgreSQL database, user authentication, real-time features)

Communications:

• Resend (transactional emails including reminders, notifications, and invitations)

Payments:

• Stripe (payment processing and subscription management)

AI Services:

• OpenAI via Vercel AI Gateway (AI assistant features)

Monitoring and Analytics:

• Vercel Analytics (usage metrics and web performance)
• Sentry (error tracking and performance monitoring)
• PostHog (product analytics and session replay)

Caching and Performance:

• Upstash (Redis caching and rate limiting)

These providers access data only as necessary to perform their services and are contractually obligated to protect your information. For more details, please refer to each provider's privacy policy:

• Vercel: vercel.com/legal/privacy-policy
• Supabase: supabase.com/privacy
• Resend: resend.com/legal/privacy-policy
• Stripe: stripe.com/privacy
• OpenAI: openai.com/privacy
• Sentry: sentry.io/privacy
• PostHog: posthog.com/privacy
• Upstash: upstash.com/trust/privacy.html

4. Data Sharing

We do NOT sell your personal information to third parties.

We share data only in the following circumstances:

• With service providers necessary to operate the platform (listed above)
• When required by law, legal process, or government request
• To protect the rights, property, and safety of Trackfaze and our users
• In connection with a merger, acquisition, or sale of assets (with notice to users)
• With your explicit consent

5. Data Retention

We retain data according to the following schedule:

Retention periods are designed to comply with healthcare industry regulations and applicable state and federal laws.

6. Data Security

We implement industry-standard security measures to protect your information:

• All data encrypted in transit using TLS 1.3
• Database encrypted at rest using AES-256 encryption
• Passwords hashed using Bcrypt with secure salting
• Row Level Security (RLS) ensures multi-tenant data isolation
• Secure session management with HTTP-only cookies
• Regular security monitoring and vulnerability assessments
• Access controls and role-based permissions

7. Data Location

All data is stored and processed within the United States:

• Primary database hosted on Supabase (AWS us-east-1)
• File storage on Supabase Storage (AWS infrastructure)
• Application servers on Vercel (US regions)

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a portable, machine-readable format.
• Opt-Out: Opt out of non-essential communications at any time.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us using the information below.

9. Cookies and Tracking

We use essential cookies for:

• User authentication and session management
• Security and fraud prevention
• Remembering user preferences

We use analytics cookies (with your consent where required) for:

• Understanding how users interact with our platform
• Improving platform performance and features

You can manage cookie preferences through your browser settings.

10. Children's Privacy

Trackfaze is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the “Last Updated” date at the top of this policy
• Sending an email notification for significant changes

Your continued use of Trackfaze after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related inquiries, data requests, or concerns:

Email: privacy@trackfaze.com