Privacy Policy

Effective Date: March 21, 2026 | Version 1.0

Plett Scheduler ("we," "our," or "the Platform") is a workforce scheduling platform designed for healthcare organizations, with a focus on anesthesiology departments. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform.

1. Information We Collect

1.1 Account Information

When your organization provisions your account, we collect:

• Name, email address, and employee identifier

• Professional role and credentials (e.g., physician, CRNA, resident)

• Department, specialty, and organizational affiliation

• Authentication credentials (passwords are stored as salted hashes; we never store plaintext passwords)

1.2 Scheduling and Operational Data

• Shift assignments, availability blocks, and time-off requests

• Scheduling preferences, skill certifications, and training records

• Points balances, shift swap history, and marketplace activity

• Procedure assignments, supervision records, and compliance data

1.3 Phone Number and SMS Data

If you opt in to SMS notifications:

• Your phone number (stored in E.164 format)

• SMS consent status, consent timestamp, and consent version

• SMS message content (inbound and outbound) for audit purposes

• SMS session data, including conversation context and authentication state

• Opt-out (STOP) and opt-in (START) status and timestamps

1.4 Usage Data

• Login timestamps, IP addresses, and device/browser information

• Feature usage patterns and navigation data

• Audit logs of administrative actions

2. How We Use Your Information

• Scheduling: To generate, optimize, and distribute work schedules using algorithmic solvers

• Notifications: To send shift assignments, schedule changes, swap confirmations, and operational alerts via email and SMS

• Compliance: To enforce supervision ratios, work-hour limits (including ACGME requirements for residents), and certification tracking

• Authentication: To verify your identity and authorize access to appropriate features

• Optimization: To improve scheduling fairness, balance workloads, and honor stated preferences

• Audit: To maintain records required by healthcare regulations and organizational policies

3. SMS Communications

We send SMS messages only to users who have explicitly consented during phone number verification. SMS messages may include:

• Schedule notifications and shift assignment updates

• Shift swap and availability confirmations

• Operational alerts from your department

• Responses to SMS commands you initiate (e.g., schedule queries)

Message frequency varies based on your schedule and department activity. Message and data rates may apply. You can opt out at any time by replying STOP to any message, or by disabling SMS in your account settings. Reply START to re-subscribe.

4. Data Sharing and Disclosure

We do not sell your personal information. We share data only in these circumstances:

• Your Organization: Your employer/organization has access to scheduling data, compliance records, and operational information as your data controller

• Service Providers: We use third-party services to operate the platform:

  • Twilio (SMS delivery)

  • Cloud infrastructure providers (hosting and storage)

  • AI providers (schedule optimization assistance)

• Legal Requirements: When required by law, subpoena, or to protect safety

5. Data Security

• All data is encrypted in transit (TLS 1.2+)

• Passwords are hashed using bcrypt with per-user salts

• Multi-tenant architecture with schema-level data isolation between organizations

• Role-based access controls limit data visibility within your organization

• Session tokens expire after 24 hours of inactivity

• PIN-protected SMS sessions with automatic lockout after failed attempts

6. Data Retention

• Active account data is retained for the duration of your employment with your organization

• Scheduling history is retained per your organization's retention policy

• SMS messages are retained for audit purposes per regulatory requirements

• Expired SMS sessions are automatically purged

• When your organization offboards you, your personal data is anonymized or deleted per their data retention policy

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you

• Request correction of inaccurate data

• Request deletion of your data (subject to regulatory retention requirements)

• Opt out of SMS communications at any time

• Export your scheduling data in a portable format

To exercise these rights, contact your organization's administrator or reach out to us using the contact information below.

8. Multi-Tenant Architecture

Each organization's data is isolated in a separate database schema. Data from one organization is never accessible to another organization. System administrators may access cross-tenant metadata solely for platform operations and support.

9. Children's Privacy

The Platform is designed for use by healthcare professionals and is not directed at individuals under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data:

Plett Scheduler
Email: privacy-at-plett.io
Your organization's administrator can also assist with data-related requests.