Privacy Policy

When you create an account with Safe Staff, we collect the following personal information: • Full name • Email address • Workplace hospital and unit • Profile image (optional) • Identity verification document (for verification purposes only) When you log an incident, we collect: • Incident category and timestamp • Notes you optionally provide about the event • Your hospital facility ID

We use the information we collect to: • Enable you to create and manage your account • Allow you to log and review your own incident history • Verify your identity as a healthcare professional • Generate aggregate, anonymized safety statistics for hospitals • Improve the features and performance of the application • Communicate important service-related notifications

We do not sell personal information, patient information, or identifiable user data. We may share data only in the following limited circumstances: • With service providers (e.g., Firebase/Google Cloud) who assist in operating the platform, under strict confidentiality agreements • If required by law, court order, or governmental authority • To protect the rights, property, or safety of Safe Staff, our users, or the public Safe Staff may utilize aggregated, de-identified workplace trend data to support healthcare research, workforce safety initiatives, public health analysis, and quality improvement efforts. Any data shared externally is stripped of identifying details and is only provided to vetted organizations whose mission aligns with improving healthcare systems, worker safety, education, or research.

Your personal account data is retained for as long as your account remains active. Incident logs are retained indefinitely to support long-term safety tracking and trend analysis. You may request deletion of your personal account data by contacting us. Identity verification documents are stored securely and used solely for the verification process. Approved documents may be deleted upon request after verification is complete.

We take the security of your personal information seriously. We implement industry-standard safeguards including: • Encrypted data transmission (HTTPS/TLS) • Firebase Authentication for secure account access • Firestore Security Rules to restrict data access to authorized users only • Secure cloud storage for verification documents While we strive to protect your data, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password.

Depending on your state of residence, you may have the following rights: • Right to Know: Request information about the personal data we have collected about you • Right to Delete: Request that we delete your personal information • Right to Opt-Out: We do not sell personal data, so no opt-out is required • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights To exercise these rights, contact us using the details in Section 10.

Safe Staff is designed as a staff-facing safety reporting tool and is not intended to store, transmit, or process Protected Health Information (PHI) as defined by HIPAA. Users are instructed not to include patient-identifiable information in incident notes. If you believe PHI has been inadvertently submitted, please contact us immediately so we can take corrective action.

Safe Staff is intended for use by adult healthcare professionals only. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided personal information, we will take steps to delete it promptly.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: Safe Staff Support Email: admin@safestaffapp.com United States