CCPA Privacy Policy

California Privacy Rights and Disclosure Framework

Effective Date: April 19, 2026

This California-specific notice explains how NursingReachhandles personal information of California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). It describes collection categories, disclosure practices, retention principles, and rights available to eligible consumers.

This policy supplements our general Privacy Policy and applies only to California residents acting in a personal, household, or other legally covered capacity. Where this notice conflicts with a general policy statement, this notice governs for California data rights matters.

1. Categories of Data We Gather

We collect categories of personal information reasonably necessary to operate, secure, and improve our services. The table below summarizes major categories as defined by CCPA:

Category of Personal Information	Examples	Collected?
Identifiers	Name, email address, IP address, account identifiers	✅ Yes
Commercial Information	Transaction history, order records, and billing metadata	✅ Yes
Internet or Network Activity	Browsing behavior, session events, referral channels	✅ Yes
Geolocation Data	Approximate location inferred from network data	✅ Yes
Professional or Employment Information	Business role, organization affiliation, professional contact details	✅ Yes
Sensitive Personal Information	Government identifiers, full financial account credentials, patient medical records	❌ No

We do not intentionally collect sensitive personal information categories except where strictly required for lawful processing and subject to additional controls.

2. Origins of Personal Information

Personal information may be obtained from the following sources:

Direct Consumer Submissions - Information provided through forms, account setup, purchases, or support interactions.
Automated Collection - Data generated by cookies, logs, analytics tools, and device-network interactions.
Third-Party Sources - Payment facilitators, fraud and security providers, analytics partners, and public professional references.

3. How We Utilize Your Information

We use personal information for business and commercial purposes permitted by law, including:

Service Provision and Administration - Processing orders, delivering services, and managing customer accounts.
Communications and Outreach - Sending service notices and lawful marketing communications.
Analytics and Improvement - Evaluating platform usage to improve reliability, relevance, and performance.
Security and Fraud Prevention - Detecting abuse, unauthorized activity, and security threats.
Legal and Compliance Operations - Fulfilling statutory obligations, recordkeeping duties, and dispute response needs.

We do not intentionally conduct automated profiling that produces legal or comparably significant effects on consumers in ordinary service use.

4. Sharing and Disclosure of Personal Information

We may disclose personal information to the following recipient categories as required for operations or legal compliance:

Category of Third Party	Purpose
Service Providers	Payment processing, communications tooling, cloud hosting, security and support operations
Advertising & Analytics Partners	Measurement, attribution, and campaign optimization services
Legal Authorities	Disclosures required by subpoena, court order, statute, or lawful investigative process

A. Sale of Personal Information

NursingReach does not sell personal information for monetary consideration in the ordinary course of business. Certain advertising-related disclosures may constitute "sharing" under CCPA definitions, depending on regulator interpretation and technical implementation.

B. Data Retention

Retention duration is determined by operational necessity, legal obligations, dispute risk, and compliance requirements. Data is deleted, de-identified, or securely archived once retention criteria are no longer satisfied.

5. Your CCPA Rights & How to Exercise Them

Eligible California residents may exercise the following rights, subject to statutory exceptions and verification requirements:

A. Right to Know (Access Your Data)

You may request disclosure regarding:

Categories of personal information collected about you.
Categories of sources from which information was obtained.
Business or commercial purposes for collection and disclosure.
Categories of third parties receiving disclosures.

How to Submit a Request:

Submit a request through our Contact Us page and specify that it is a "CCPA Access Request."

B. Right to Request Deletion

You may request deletion of personal information we have collected from you, subject to legally recognized exceptions.

How to Request Deletion:

Submit your request through our Contact Us page and specify "CCPA Deletion Request."

We may deny deletion where retention is necessary to complete transactions, detect security incidents, comply with law, or exercise and defend legal claims.

C. Right to Opt-Out of Data Sharing

You may opt out of certain disclosures that may be treated as "sale" or "sharing" under California law.

Use our Do Not Sell or Share My Personal Information page.
Adjust browser-level and site-level cookie preference controls.

D. Right to Non-Discrimination

We will not unlawfully discriminate against you for exercising CCPA rights. Specifically:

No denial of goods or services solely due to rights exercise
No prohibited discriminatory pricing or penalty structures
No intentional quality degradation as retaliation

Lawful incentive programs, if offered, will be disclosed with material terms and statutory value explanations where required.

6. Authorized Agents

You may appoint an authorized agent to submit rights requests on your behalf. To verify authority and prevent misuse, we may:

Require signed written authorization or equivalent legal evidence.
Request direct identity confirmation from the consumer.
Deny or pause processing where authorization is deficient or unverifiable.

7. How We Safeguard Your Personal Information

We maintain a security-control program that includes:

Encryption Controls - Protected transmission channels and safeguarded storage architecture.
Access Governance - Role-based restrictions and least-privilege authorization standards.
Monitoring and Review - Ongoing assessments, patching, and incident-response readiness.

Although no security environment can provide absolute risk elimination, we apply commercially reasonable safeguards to reduce unauthorized access and improper disclosure risk.

8. Updates to This CCPA Privacy Policy

We may revise this California notice to reflect legal updates, operational changes, or policy enhancements. Material revisions may be published through website notice or direct communication where appropriate.

Questions About This CCPA Policy?

For questions regarding this California notice or to exercise your privacy rights, contact our team through the channel below.

Get in Touch

Last Updated: April 19, 2026