Privacy Policy

Azuri Connect LLC ("AzuriConnect," "we," "us," or "our") operates azuriconnect.com, our mobile applications for iOS and Android, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

We may change this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

2.1 Information You Provide Directly

Account Registration Information:

• Name, email address, phone number
• Password (encrypted, hashed with bcrypt)
• Organization name, facility name, facility address, mailing address, billing address, and service area
• Role (AFH owner, administrator, caregiver, etc.)
• Professional credentials (CNA license, HCA certification, NAR, etc.)
• Background check information
• Profile photo (optional)
• Government-issued ID (for verification)

Shift and Scheduling Information:

• Shift details (date, time, location, role, pay rate)
• Check-in and check-out times and GPS coordinates
• Shift acceptance and completion status
• Geo-fencing data (location verification for shifts)

Payment Information:

• Credit card information (processed securely via Stripe; we do not store full card numbers)
• Billing address
• Payment history
• Platform credit balance

Photo and Verification Data:

• Photos uploaded for identity verification (profile photo, government-issued ID)
• ID document photos used to confirm identity during onboarding

Biometric Data (explicit consent required):

When biometric identity verification is available on the platform, we may use facial recognition technology (AWS Rekognition) to process photos for identity verification purposes. We will not collect or process biometric data without obtaining your explicit prior written consent. You will be presented with a separate, clear consent screen before any biometric data is collected. You may decline without losing access to non-biometric features of the platform.

Washington State residents should be aware that biometric identifiers are subject to additional protections under Washington law. We comply with applicable biometric privacy requirements, including maintaining a publicly available retention and destruction schedule for biometric data.

Communications:

• Messages sent through our platform
• Support tickets and correspondence
• Feedback and survey responses

2.2 Information We Collect Automatically

Usage Data:

• Pages visited, time spent on pages
• Search queries
• Device information (browser type, operating system, device model, device ID)
• IP address and approximate geographic location
• Referral source
• Website and product analytics events, such as page views, button clicks, form starts, form submissions, and feature interactions

Mobile App Data:

• App version and device model
• Push notification tokens
• Camera permission status
• Location permission status

Location Data:

• GPS coordinates when checking in/out of shifts (with your permission)
• Geo-fence trigger locations
• Approximate location based on IP address
• Facility addresses, caregiver service areas, and shift locations used to show relevant shifts and verify attendance

2.3 Information from Third Parties

• Credential Verification Services: Washington State licensing databases (DSHS) to verify active credential status
• Payment Processors: Stripe transaction confirmations
• Map Services: Mapbox (location verification for shift check-in)
• Analytics Providers: Google Analytics and PostHog usage data, subject to cookie consent where required

3.1 Provide and Improve the Service

• Create and manage your account
• Facilitate shift posting, claiming, and assignment
• Process payments via Stripe
• Send transactional notifications (shift reminders, application updates)
• Send marketing communications (with opt-out)
• Provide customer support
• Monitor and improve platform performance
• Develop new features
• AI-powered shift matching and recommendations

3.2 Verification and Safety

• Verify caregiver credentials and qualifications against Washington State licensing records
• Geo-fencing verification for shift check-in/check-out
• Create compliance audit trails for staffing decisions
• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and Acceptable Use Policy
• Biometric identity verification (facial recognition via AWS Rekognition) — only where you have provided explicit prior written consent, as described in Section 2.1

3.3 Marketing and Communications

• Send promotional emails about new features (via Resend, you can opt out)
• Notify you about platform updates
• Push notifications about shifts and messages (with your permission)
• Conduct surveys and request feedback
• Measure website and product usage through Google Analytics and PostHog, subject to cookie consent where required

3.4 Legal and Regulatory Compliance

• Respond to legal requests (subpoenas, court orders)
• Protect our rights and property
• Investigate violations of our Terms
• Comply with HIPAA, GDPR, CCPA, and other regulations

We do not sell your personal information.

4.1 Within the Platform

For Organizations (AFH Providers):

• Caregiver profiles (name, credentials, reliability score, reviews, photo) visible to organizations when caregivers apply for shifts
• Shift assignment details visible to assigned caregivers
• Verified ID photos visible to organizations

For Caregivers:

• Organization and facility information visible when browsing open shifts
• Your profile (name, credentials, bio, photo) visible to organizations you've worked with

4.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Stripe - Payment processing
• Resend - Email delivery (transactional and marketing)
• AWS - Hosting, storage, and cloud infrastructure
• Mapbox - Location services and geo-fencing for shift verification
• Google Analytics - Website analytics and traffic measurement
• PostHog - Product analytics, event measurement, and usage insights

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 For Legal Reasons

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or other legal processes
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety
• Investigation of fraud, security breaches, or violations of our Terms

4.4 Business Transfers

If AzuriConnect is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Service before your information is transferred.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5.1 What is PHI?

Protected Health Information (PHI) includes any individually identifiable health information, such as:

• Medical credentials and certifications
• Health-related background checks
• Shift assignments at healthcare facilities

5.2 Business Associate Agreement (BAA)

For organizations using AzuriConnect to manage healthcare workers, we may act as a Business Associate under HIPAA. We comply with HIPAA Security and Privacy Rules.

Our HIPAA Safeguards:

• Encryption: All PHI encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access; staff only access PHI when necessary
• Audit Logs: All access to PHI is logged and monitored
• Training: Staff undergo annual HIPAA training
• Breach Notification: We will notify affected parties within 60 days of discovery

5.3 Your HIPAA Rights

If you are covered by HIPAA, you have the right to:

• Access: Request a copy of your PHI
• Amendment: Request corrections to inaccurate PHI
• Accounting: Receive a list of PHI disclosures
• Restriction: Request limits on use/disclosure

To exercise these rights, email legal@azuriconnect.com.

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Secure password hashing (bcrypt)
• Multi-factor authentication (MFA) available
• AWS hosted infrastructure

Organizational Safeguards:

• Limited employee access (principle of least privilege)
• Background checks for employees with data access
• Confidentiality agreements
• Annual security training
• Incident response plan

Physical Safeguards:

• Data hosted in AWS data centers
• Physical access controls at data centers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Retained while your account is active
• Shift History: 7 years (HIPAA compliance)
• Compliance Records: 7 years
• Payment Records: 7 years (IRS requirement)
• Marketing Data: Retained until you opt out or request deletion
• Analytics Data: Retained according to our configured Google Analytics and PostHog retention settings
• Location Data: Retained for 2 years for compliance purposes
• Verification Photos: Retained until account deletion

After account deletion:

• We anonymize or delete personal information within 90 days
• We retain compliance records (de-identified) for legal requirements
• Backups are purged within 30 days

8.1 All Users

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update inaccurate information in your account settings
• Deletion: Request deletion of your account and data
• Data Portability: Receive your data in a machine-readable format (JSON)
• Opt-Out: Unsubscribe from marketing emails
• Withdraw Consent: Withdraw consent for biometric processing at any time by contacting legal@azuriconnect.com — withdrawal does not affect prior lawful processing

8.2 California Residents (CCPA/CPRA)

California residents have additional rights:

• Know: What personal information we collect, use, share
• Delete: Request deletion (with exceptions for legal obligations)
• Opt-Out of Sale: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

8.3 European Union Residents (GDPR)

EU residents have additional rights:

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Limit how we use your data
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

8.4 Washington State Residents (My Health My Data Act)

WA residents have rights regarding health data:

• Consent: We obtain affirmative consent before collecting health data
• Access and Deletion: Request access to and deletion of health data
• Notice: Receive clear notice about health data collection

8.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: legal@azuriconnect.com
• Mail: Azuri Connect LLC, Attn: Privacy Officer, Olympia, WA 98516

We will respond within 30 days (GDPR) or 45 days (CCPA).

9.1 Camera Permission

We request camera permission to:

• Capture photos for identity verification
• Scan government-issued IDs
• Take profile photos

Camera access is used for identity document capture and profile photos. You can deny camera permission, but you may not be able to complete identity verification.

Biometric processing: If and when biometric facial recognition is enabled in your version of the app, you will be presented with a separate explicit consent screen before any biometric data is processed. Facial recognition is performed via AWS Rekognition only with your prior written consent. Washington State residents may withdraw this consent at any time by contacting legal@azuriconnect.com.

9.2 Location Permission

We request location permission to:

• Verify caregiver check-in/check-out via geo-fencing
• Display nearby shifts
• Calculate travel time to facilities

Location data is used for shift verification, compliance records, nearby shift discovery, facility matching, and operational safety. We do not use precise GPS location data for advertising.

Our Service integrates with third-party services. Your use of these services is subject to their terms and privacy policies:

• Stripe: Payment processing (stripe.com/privacy)
• Resend: Email delivery (resend.com/privacy)
• AWS: Hosting and storage (aws.amazon.com/privacy)
• Mapbox: Location services (mapbox.com/legal/privacy)
• Google Analytics: Website analytics (policies.google.com/privacy)
• PostHog: Product analytics (posthog.com/privacy)

Our Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at legal@azuriconnect.com.

Our servers are located in the United States (AWS). If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S.

For EU Users: We comply with GDPR and use Standard Contractual Clauses for data transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: legal@azuriconnect.com
• Mail: Azuri Connect LLC, Attn: Privacy Officer, Olympia, WA 98516

For HIPAA-related inquiries: legal@azuriconnect.com

For GDPR Data Protection Officer: legal@azuriconnect.com