Data Protection & Privacy Summary

APRNJobs.org is a healthcare recruitment and job board platform designed to connect APRNs, NPs, CRNAs, and advanced practice clinicians with employers and staffing partners. We recognize that healthcare organizations operate under heightened privacy, security, and regulatory expectations. This summary outlines how APRNJobs.org protects personal data, supports compliance obligations, and minimizes risk for our partners.

Regulatory Alignment & Compliance Posture

APRNJobs.org designs its privacy and data protection program to align with major U.S. state privacy laws and international privacy frameworks where applicable, including:

  1. California Consumer Privacy Act (CCPA), as amended by CPRA
  2. Texas Data Privacy and Security Act (TDPSA)
  3. Colorado Privacy Act (CPA)
  4. Virginia Consumer Data Protection Act (VCDPA)
  5. Connecticut Data Privacy Act (CTDPA)
  6. Utah Consumer Privacy Act (UCPA)
  7. GDPR and UK GDPR (where applicable)

We apply consistent privacy, security, and data minimization practices across all users, including employers, recruiters, and job seekers.

Important note for healthcare partners:
APRNJobs.org does not function as a HIPAA Covered Entity or Business Associate and is not intended for the collection or processing of Protected Health Information (PHI). The platform is designed for recruitment and employment purposes only.

Data Collected & Purpose Limitation

We collect only the data necessary to operate a recruitment platform, including:

  1. Contact information and account details
  2. Professional credentials and licensure (e.g., APRN, NP, CRNA)
  3. Employment history, resumes, and application materials
  4. Platform usage and engagement data
  5. Billing metadata for paid services (no full payment card storage)

We do not request or require clinical, patient, diagnostic, or treatment data. Users are instructed not to submit sensitive or health-related personal data unless specifically required for lawful recruitment screening purposes.

Data Roles & Partner Responsibilities

  1. APRNJobs.org acts as an independent data controller for data processed on its platform.
  2. Employers and staffing partners act as independent data controllers for applicant data they receive through the platform.

Once applicant data is transmitted to a partner organization, that organization’s privacy policy, retention practices, and security controls apply. APRNJobs.org does not control downstream partner processing.

Security Safeguards

APRNJobs.org implements administrative, technical, and physical safeguards designed to protect personal data, including:

  1. Encrypted data transmission
  2. Role-based access controls
  3. Secure hosting infrastructure
  4. Monitoring for unauthorized access and abuse
  5. Metadata stripping from uploaded documents where technically feasible

While no system can guarantee absolute security, APRNJobs.org follows industry-aligned security practices appropriate for a recruitment and hiring platform.

Vendor & Subprocessor Management

We engage vetted service providers for:

  1. Cloud hosting and infrastructure
  2. Payment processing
  3. Analytics and performance monitoring
  4. Email delivery and customer support tooling

All service providers are contractually bound to process data only on our instructions and to maintain appropriate security and confidentiality controls.

Data Minimization, Retention & Deletion

  1. Data is collected only as necessary for platform functionality.
  2. User accounts and applicant data are retained only as long as needed for recruitment, operational, and legal purposes.
  3. Users may request access, correction, or deletion of personal data in accordance with applicable law.
  4. Certain data may be retained longer where required to meet legal, audit, or dispute-resolution obligations.

Privacy Rights & User Controls

APRNJobs.org supports privacy rights under applicable laws, including:

  1. Right to access personal data
  2. Right to correction
  3. Right to deletion (subject to legal exceptions)
  4. Right to data portability
  5. Right to opt out of targeted advertising where applicable

We honor Global Privacy Control (GPC) browser signals where legally required.

Data Sharing & Advertising Controls

Applicant data is shared with employers only when a job seeker actively applies or opts to share their profile.
Limited online identifiers may be shared with analytics and advertising partners with consent where required.
APRNJobs.org does not knowingly sell sensitive personal data.

Incident Response & Legal Cooperation

APRNJobs.org maintains procedures for identifying, responding to, and mitigating security incidents. Where legally required, affected parties and regulators are notified in accordance with applicable breach notification laws.

We cooperate with lawful requests from regulators and authorities while maintaining appropriate safeguards for user privacy.

Contractual Readiness

For enterprise partners and hospital systems, APRNJobs.org can provide:

  1. Data Processing Addendum (DPA)
  2. Privacy Policy and Cookie Policy
  3. Vendor security posture documentation (as available)

Contact for Compliance & Vendor Review

Privacy & Compliance: aprnjobs@gmail.com
General Inquiries: aprnjobs@gmail.com