Privacy Policy
Your privacy is important to us. This Privacy Policy explains how Agency Manager ("we," "our," or "us") collects, uses, protects, and discloses information when you use our mobile application and care coordination website.
1. Information We Collect
To provide you with secure access and care management features, we collect the following categories of information:
- Account Credentials: Name, email address, custom claim tokens, and secure-hashed passwords created when signing up.
- Operational Care Records: Rosters, schedules, client developmental goals, shift logs, incident reports, and staff training statuses entered by care coordinators or front-line employees.
- Technical Logs: IP address, device operating system version, browser type, and interaction timestamps (strictly for logging and auditing security attempts).
2. How We Use Your Information
We use the collected information for operations and security coordination purposes, specifically to:
- Enable user authentication and role-based feature permissions.
- Track and organize shifts, schedules, and client-employee assignments.
- Generate clinical shift metrics, incident report drafts, and developmental goals summaries.
- Diagnose server configuration issues and prevent malicious authentication requests.
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information or client care records to third parties. Data is only shared in the following limited scenarios:
- With Your Care Agency: All operational care records are strictly isolated and owned by the specific care agency under which your account is managed.
- Service Providers: We may share technical parameters with trusted hosting, email delivery (SMTP), and infrastructure providers solely to maintain system up-time and email verification alerts under strict data processor restrictions.
- Legal Compliance: We may disclose information if required by law, court order, or governmental audit.
4. Data Security
We deploy robust security safeguards to isolate and protect sensitive records:
- Transit Encryption: All data transmitted between user devices and the servers is encrypted using standard HTTPS/TLS protocols.
- Out-of-Web-Root Storage: Database credentials (.env configurations) and database files reside outside the server's public document root.
- Access Control: Dynamic database checks gate role and sub-role permissions to strictly enforce who can view or modify specific client profiles and incident logs.
5. Your Rights and Choices
You can access, correct, update, or request the deletion of your account parameters by contacting your care agency's system administrator or emailing our support team directly.
6. Contact Us
If you have any questions or inquiries regarding this Privacy Policy or your data protection rights, please contact us at:
Support Email: dtsburner@icloud.com