Privacy Policy

SANNEXUS, LLC("SANNEXUS," "we," "us," or "our") operates the SANNEXUS platform — including SANNEXUS Connect (physician placement marketplace) and SANNEXUS Central (physician credentialing engine) — accessible at sannexus.com and related subdomains (the "Platform").

This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Platform. By accessing or using the Platform, you agree to the practices described in this Policy.

If you are a covered entity or business associate under HIPAA, please also review our Security & HIPAA page.

Account Information: Name, email address, password (hashed), phone number, and role (physician, hospital administrator, or SANNEXUS administrator) when you register.

Physician Professional Information: NPI number, DEA number, medical specialties, state licenses, board certifications, malpractice insurance details, work history, and other credential data you voluntarily provide for your 27-point Credential Passport.

Credential Documents: Uploaded copies of licenses, certifications, identification, and other credentialing documents you submit through the Platform.

Hospital & Facility Information: Facility name, NPI, address, bed count, bylaw documents, and contact information provided by hospital administrators.

Transaction Data: Shift postings, applications, acceptances, contract records, and payment transaction records processed through Stripe.

Usage Data: Log data, IP addresses, browser type, pages visited, and feature usage (not sold or shared for advertising).

Communications: Messages, support requests, and feedback you send us.

We use the information we collect to:

• Provide, operate, and improve the Platform
• Match physicians to shift opportunities based on credentials and availability
• Verify physician credentials against hospital bylaw requirements
• Process payments and track retainer obligations via Stripe
• Send transactional notifications (shift alerts, credential expirations, payment receipts)
• Maintain audit logs for credentialing access (HIPAA compliance)
• Respond to support inquiries
• Detect and prevent fraud and abuse
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for behavioral advertising.

With Hospitals: When you express interest in a shift or a hospital requests your profile, we share your professional information (specialty, license status, credential verification status) with that hospital. We share only what is necessary for the placement or credentialing decision.

With Service Providers: We use Supabase (database and authentication), Stripe (payment processing), and Vercel (hosting). Each provider is bound by data processing agreements and processes data only as directed by us.

For Legal Compliance: We may disclose information if required by law, court order, or to protect the rights, property, or safety of SANNEXUS, our users, or the public.

Business Transfers: If SANNEXUS is acquired or merges, user data may be transferred as part of that transaction. We will notify users via email or Platform notice.

SANNEXUS processes physician credential and professional information. This data is professional information, not patient health information (PHI) as defined by HIPAA. SANNEXUS does not transmit, process, or store patient records.

If a covered entity engages SANNEXUS in a capacity that involves PHI (e.g., certain credentialing workflows), we will execute a Business Associate Agreement (BAA) as required. Contact privacy@sannexus.com to request a BAA.

See our Security & HIPAA page for full details on our technical safeguards.

We retain your account information for as long as your account is active or as needed to provide services. If you close your account, we retain credential and transaction records for 7 years to satisfy healthcare credentialing standards and legal requirements.

Audit logs are retained for 6 years per HIPAA record retention guidance.

We implement industry-standard technical and organizational measures to protect your data:

• Encryption at rest (AES-256) and in transit (TLS 1.2+)
• Role-based access controls (physician, hospital_admin, sannexus_admin)
• Row-level security on all database tables
• Audit logging for all credential access events
• No PHI in application logs

No system is perfectly secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information (via your profile settings)
• Deletion: Request deletion of your account and personal data (subject to legal retention obligations)
• Portability: Request your credential passport data in a machine-readable format
• Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@sannexus.com. We will respond within 30 days.

We use session cookies for authentication only. We do not use third-party tracking cookies or analytics SDKs that share data with advertising networks. Usage analytics are processed server-side using aggregated, non-identifiable data.

The Platform is intended for licensed healthcare professionals and is not directed at individuals under 18. We do not knowingly collect data from minors.

We may update this Policy from time to time. We will notify registered users of material changes by email at least 30 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance.

SANNEXUS, LLC
Florida, United States
Email: privacy@sannexus.com