CredGuardBack to Home

Privacy Policy

Last updated: February 12, 2026

Information We Collect

We collect information you provide when creating an account, managing your agency, or adding nurse profiles. This includes:

  • Account information: name, email address, phone number, and agency details
  • Nurse credential data: license numbers, license types, expiration dates, and verification status
  • Uploaded documents: credential documents, certifications, and supporting files
  • Usage data: log data, device information, and how you interact with the platform

Google User Data

CredGuard offers the option to sign in using your Google account via OAuth 2.0. This section describes how we handle data received from Google APIs in compliance with the Google API Services User Data Policy.

Data Accessed from Google

When you sign in with Google, we request access to the following information from your Google account:

  • Email address — used to create and identify your CredGuard account
  • Name (first and last) — used to pre-fill your profile during account setup
  • Profile picture URL — may be displayed in the application interface

These correspond to the standard Google OAuth scopes: openid, email, and profile. We do not request access to any other Google services such as Google Drive, Google Calendar, Gmail, or Google Contacts.

How We Use Google User Data

Google user data is used exclusively for the following purposes:

  • Authentication — to verify your identity and sign you in to CredGuard
  • Account creation — to populate your name and email when you first sign up
  • Account identification — to associate your CredGuard account with your Google identity for future sign-ins

We do not use Google user data for advertising, marketing to third parties, or training artificial intelligence or machine learning models.

How We Store Google User Data

Your Google email address and name are stored in our database (hosted on Supabase) as part of your user account record. This data is protected by TLS encryption in transit, row-level security policies, and role-based access controls. We retain this data for the lifetime of your account. When you delete your account, your Google user data is removed within 30 days.

Sharing of Google User Data

We do not sell, rent, or share your Google user data with third parties except as required to operate the platform (e.g., stored in our database provider Supabase) or as required by law. Google user data is never shared with data brokers or advertising networks.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the CredGuard credential management platform
  • Verify nurse licenses through authorized services such as Nursys
  • Send compliance notifications and credential expiration reminders
  • Generate compliance dashboards and reports for your agency
  • Respond to support requests and communicate with you
  • Improve our platform, detect issues, and prevent fraud

Data Security

We take the security of your data seriously, especially given the sensitive nature of healthcare credential information. Our security measures include:

  • AES-256-GCM encryption for sensitive credentials and API keys at rest
  • TLS encryption for all data in transit
  • Row-level security (RLS) policies ensuring strict agency data isolation
  • Role-based access control (owner, admin, viewer)
  • Audit logging of all significant platform actions
  • Automatic redaction of protected health information (PHI) in logs

While we implement industry-standard security practices and are mindful of HIPAA requirements, no method of electronic storage or transmission is 100% secure. We continually review and update our security practices.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Credential data and audit logs may be retained for the period required by applicable healthcare regulations. When you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

Third-Party Services

We use trusted third-party services to operate the platform. These include:

  • Google — OAuth 2.0 authentication (sign in with Google)
  • Supabase — database hosting and authentication
  • AWS S3 — secure document storage
  • Stripe — payment processing (we do not store your payment card details)
  • Resend — transactional and notification emails
  • Twilio — SMS notifications
  • Nursys — nurse license verification

Each third-party provider has their own privacy policy governing their handling of data. We only share the minimum data necessary for each service to function.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, please contact us using the information below.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us at:

support@credguardapp.com

You can also reach us through our contact page.