Privacy Policy

Workforce Registry, LLC is committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use our workforce credentialing and registry services (the “Services”), including our website and related applications.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us, including but not limited to:

• Account Information: Name, username, email address, password, and contact details
• Employment Information: Job title, role, organization affiliation, employment dates, and work history
• Professional Credentials: Certifications, licenses, training records, educational background, and qualification documents
• Identification Information: Government-issued identification numbers when required for credential verification
• Contact Information: Phone numbers, mailing addresses, and emergency contact details

1.2 Documents and Files

When you upload documents to verify credentials, we collect and store these files securely. This may include certificates, transcripts, licenses, training completion records, and other supporting documentation.

1.3 Automatically Collected Information

We automatically collect certain information when you access our Services:

• Usage Data: Pages viewed, features accessed, time spent on pages, and interaction patterns
• Device Information: IP address, browser type and version, operating system, device identifiers
• Log Data: Access times, error logs, and system activity records
• Cookies and Tracking Technologies: Session cookies, authentication tokens, and analytics data

1.4 Information from Third Parties

We may receive information from organization administrators who invite you to join their organization, including your name, email address, and assigned role. We may also receive verification information from credential-issuing bodies when validating your qualifications.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your account, process credential verification requests, and provide access to our platform features
• Credential Management: To track, verify, and maintain records of professional credentials and qualifications
• Communication: To send you service notifications, credential expiration alerts, verification status updates, and administrative messages
• Organization Management: To facilitate relationships between users and organizations, manage role assignments, and enable administrative functions
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraudulent activities, and policy violations
• Compliance: To comply with legal obligations, industry regulations, and professional standards
• Service Improvement: To analyze usage patterns, improve functionality, and develop new features
• Support: To respond to your inquiries, troubleshoot issues, and provide customer assistance

3. Information Sharing and Disclosure

3.1 With Your Consent

We will share your information when you explicitly consent to such sharing, including when you authorize your organization administrators to access your credential information.

3.2 Within Organizations

Your profile information, credentials, and employment details are shared with administrators of organizations to which you belong. Organization administrators can view and manage credential requirements, review submitted documents, and track compliance status for their members.

3.3 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including cloud hosting (Supabase), data storage, analytics, and customer support. These providers have access to personal information only as necessary to perform their functions and are obligated to maintain confidentiality.

3.4 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal processes such as court orders, subpoenas, or government requests
• Regulatory or licensing body inquiries related to credential verification
• Investigations of potential violations of our Terms of Service
• Protection of our rights, property, safety, or the rights of our users or the public

3.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

3.6 Aggregate Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or industry reporting purposes.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement robust technical, administrative, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms
• Access Controls: Strict role-based access controls limit data access to authorized personnel only
• Authentication: Multi-factor authentication and secure password requirements protect account access
• Infrastructure Security: Our Services operate in a professionally managed, secure cloud environment with regular security assessments
• Monitoring: Continuous monitoring for security threats, anomalous activity, and potential breaches
• Regular Audits: Periodic security audits and vulnerability assessments
• Incident Response: Established procedures for detecting, responding to, and notifying users of security incidents

While we employ industry-standard security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our security practices and protect your information.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Active Accounts: Information is retained while your account is active and you are using our Services
• Credential Records: Professional credentials and verification records may be retained for extended periods to maintain historical employment and qualification records
• Legal Compliance: Information may be retained as required by applicable laws, regulations, or professional standards
• Deleted Accounts: After account deletion, personal information is removed or anonymized within 90 days, except where retention is legally required

When information is no longer needed, we securely delete or anonymize it using industry-standard data destruction methods.

6. Your Rights and Choices

You have certain rights regarding your personal information:

6.1 Access and Portability

You may access, review, and download your personal information through your account settings. You can request a copy of your data in a structured, commonly used format.

6.2 Correction and Update

You can update your account information, profile details, and contact information at any time through your account dashboard.

6.3 Deletion

You may request deletion of your account and associated personal information. Please note that some information may be retained as required by law or for legitimate business purposes, such as maintaining records of credential verification.

6.4 Opt-Out of Communications

You can opt out of promotional communications by following the unsubscribe instructions in those messages. Note that you cannot opt out of certain service-related communications necessary for account administration and security.

6.5 Cookie Preferences

You can control cookie settings through your browser preferences. Note that disabling certain cookies may limit functionality of our Services.

To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below.

7. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your use of our Services. These technologies help us:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Understand how you interact with our Services
• Improve performance and user experience
• Detect and prevent security threats

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, some features of our Services may not function properly if cookies are disabled.

8. Third-Party Services

Our Services are built on Supabase, a third-party cloud database and authentication platform. Supabase provides secure infrastructure, data storage, and authentication services. Your data is stored in Supabase's secure cloud environment and is subject to their security practices and certifications.

We carefully select service providers that demonstrate strong privacy and security practices. However, we are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

9. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child under 18, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer information internationally, we implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable laws.

By using our Services, you consent to the transfer of your information to countries outside of your country of residence, including the United States.

11. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You can opt out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights

To exercise these rights, please contact us using the information in the “Contact Us” section. We will verify your identity before processing your request.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website with a new “Last Updated” date
• Sending an email notification to the address associated with your account
• Displaying a prominent notice on our Services

Your continued use of our Services after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us.

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.