Privacy Policy

1.1 User Account Information

When you register for a RecruiterX account, we collect:

• Full name and professional title
• Email address
• Company or organization name
• Password (stored in hashed form)
• Microsoft account data (if using OAuth sign-in)
• Profile photo (stored as base64 data in our database)

1.2 Healthcare Provider Data (NPPES)

Our platform maintains a database of 6.9 million+ healthcare provider records sourced from the National Plan and Provider Enumeration System (NPPES), a publicly available federal database. This data includes:

• NPI (National Provider Identifier) -- a unique, publicly assigned identification number
• Provider name, credentials, and taxonomy/specialty codes
• Practice address (city, state, ZIP code)
• Organization name (if applicable)
• Phone and fax numbers listed in the NPI Registry

1.3 Enrichment Data

When users initiate enrichment of provider records, we may obtain additional contact information from licensed third-party data providers, including:

• Verified email addresses and cell phone numbers
• Current employer and professional affiliation data
• LinkedIn profile URLs and professional networking information
• Phone line type classification (cell, landline, VoIP) and confidence scores

1.4 Usage and Interaction Data

• Search queries and filter selections
• Campaign creation and messaging history
• AI conversation logs (Solomon AI interactions)
• Feature usage patterns and session information
• Browser type, IP address, and device information

1.5 Payment Data

Payment processing is handled by a PCI-compliant third-party payment processor. We do not store full credit card numbers on our servers. We may retain:

• Payment processor customer ID and subscription information
• Billing name and address
• Last four digits of payment card (for display purposes)
• Transaction history and invoice records

1.6 Communication Data

When candidates respond to outreach campaigns, we collect:

• SMS message content (sent and received)
• Email correspondence
• Opt-in and opt-out records
• Response timestamps and delivery status

We use the information we collect for the following purposes:

2.1 Recruitment Operations

• Identifying and matching healthcare providers to open positions
• Conducting SMS and email outreach campaigns on behalf of recruiters
• Facilitating AI-powered recruiting conversations through our Solomon AI system
• Scheduling interviews and managing candidate pipelines

2.2 Data Enrichment

• Verifying and updating provider contact information
• Validating phone numbers and classifying line types
• Obtaining professional profile data (LinkedIn, employer details)
• Reconciling data from multiple sources to maintain accuracy

2.3 Platform Improvement and Analytics

• Analyzing search patterns to improve provider matching algorithms
• Monitoring campaign performance and delivery rates
• Improving AI conversation quality and response handling
• Generating aggregated, de-identified analytics and reports

2.4 Account Management

• Processing payments and managing subscriptions
• Providing customer support
• Sending account-related notifications and updates
• Enforcing our Terms of Service

RecruiterX obtains provider data from the following sources:

3.1 NPPES (National Plan and Provider Enumeration System)

The primary source for our provider database. NPPES is a publicly available registry maintained by the Centers for Medicare & Medicaid Services (CMS). All NPI data is public information published by the federal government and freely accessible at npiregistry.cms.hhs.gov.

3.2 Third-Party Enrichment Services

We utilize licensed third-party data enrichment services to obtain verified business email addresses, phone numbers, current employer information, and LinkedIn profile URLs. Data is obtained through licensed API access in compliance with each provider's terms of service.

3.3 User-Provided Data

Information that users directly provide when creating accounts, uploading job descriptions, configuring campaigns, or interacting with our platform features.

3.4 Candidate-Provided Data

Information that healthcare providers voluntarily share when responding to outreach campaigns, including updated contact information, availability, and professional preferences.

We do not sell personal information. We share data only in the following circumstances:

4.1 Service Providers

• Payment processing: We use a PCI-compliant third-party payment processor for subscription management and billing. Their privacy policy governs their handling of payment data.
• Communications infrastructure: We use third-party services for SMS and email delivery in outreach campaigns. Message content and recipient contact information are transmitted for delivery purposes.
• AI model providers: We use third-party AI model providers to power our Solomon AI conversation system. Conversation context may be transmitted to generate responses. No persistent storage of conversations occurs on their systems beyond standard API processing.
• Data enrichment: Provider identifiers (NPI, name, location) are transmitted to licensed third-party services for contact data enrichment lookups.
• Cloud infrastructure: Our application and database are hosted on a secure cloud infrastructure platform with encrypted connections.

4.2 Business Purposes

• With recruiting clients, to the extent necessary to facilitate the placement process for candidates who have expressed interest
• With healthcare organizations that have engaged our recruiting services

4.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of personal information.

We implement appropriate technical and organizational measures to protect information, including:

5.1 Technical Safeguards

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
• Database security: Provider and user data is stored in cloud-hosted PostgreSQL databases with encrypted connections
• Authentication: User sessions are managed using JWT (JSON Web Tokens) with secure token handling
• Password security: User passwords are cryptographically hashed and never stored in plain text
• API key management: Third-party API keys are stored as environment variables and never exposed in client-side code

5.2 Organizational Safeguards

• Access to production systems and databases is restricted to authorized personnel
• Regular review of access controls and security configurations
• Monitoring of system access and API usage for anomalous activity

Depending on your jurisdiction, you may have the following rights regarding your personal information:

6.1 Access and Portability

You may request a copy of the personal information we hold about you. For registered users, much of this information is accessible through your account settings.

6.2 Correction

You may request that we correct any inaccurate personal information. Healthcare providers who believe their contact information in our database is incorrect may contact us for correction.

6.3 Deletion

You may request deletion of your personal information, subject to certain exceptions (such as legal retention requirements). For registered users, we will delete your account and associated data upon verified request. For healthcare providers in our database, please see Section 6.5 below.

6.4 Opt-Out of Campaigns

Healthcare providers who receive SMS or email outreach may opt out at any time:

• SMS: Reply STOP to any message to immediately cease all SMS communications
• Email: Click the unsubscribe link in any email, or reply with "unsubscribe"

All opt-out requests are processed immediately and the opt-out status is permanently recorded in our database to prevent future contact.

6.5 Provider Data Requests

Healthcare providers whose information appears in our database (sourced from the public NPPES registry) may:

• Request to view what information we hold about them
• Request correction of inaccurate enrichment data
• Request suppression from outreach campaigns (opt-out)
• Request deletion of enrichment data (note: base NPPES data is public record)

6.6 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@recruiterx.ai.

RecruiterX is committed to compliance with the Telephone Consumer Protection Act (TCPA) and all applicable telecommunications regulations.

7.1 Prior Express Consent

Our platform is designed to support our users' compliance with TCPA requirements:

• Users of RecruiterX are responsible for obtaining appropriate consent before initiating SMS outreach campaigns
• Our system provides tools for recording and managing consent records
• Recruiters using our platform acknowledge their obligation to comply with TCPA when conducting outreach

7.2 Opt-Out Mechanisms

• Every SMS message sent through our platform includes clear opt-out instructions
• Recipients may reply STOP at any time to cease receiving messages
• Opt-out requests are processed immediately and automatically
• Once a provider opts out, their NPI is permanently flagged in our database to prevent future contact through any campaign

7.3 Quiet Hours

RecruiterX enforces quiet hours restrictions on outbound messaging:

• No automated SMS or calls are sent before 8:00 AM or after 9:00 PM in the recipient's local time zone
• These restrictions are enforced at the platform level and cannot be overridden by individual users

7.4 Wrong Number Handling

When a phone number is identified as a wrong number (i.e., no longer belonging to the intended provider), it is permanently logged against that NPI in our database to prevent future contact attempts to that number.

7.5 Do Not Call Registry

Our platform provides mechanisms to check and honor the National Do Not Call Registry. Users are responsible for ensuring their outreach activities comply with all applicable Do Not Call requirements.

8.1 What We Do Store

Our database contains only the following categories of healthcare-related data:

• Publicly available NPI Registry data: Provider names, credentials, taxonomy codes, and practice addresses from NPPES -- a federal public database
• Professionally sourced contact data: Business email addresses, professional phone numbers, and LinkedIn profiles obtained through licensed data providers
• Recruiting-related information: Candidate availability, salary expectations, and professional preferences voluntarily shared by providers during recruitment conversations

8.2 What We Do NOT Store

• Patient health records or medical histories
• Insurance or billing information for patients
• Clinical notes, diagnoses, or treatment plans
• Any data that would constitute PHI under HIPAA

8.3 NPI Data Is Public Information

The National Provider Identifier (NPI) and associated data in the NPPES registry are designated as public information by the Centers for Medicare & Medicaid Services (CMS) and are freely available for download at download.cms.gov/nppes. Our use of this data is consistent with its public availability and intended purpose.

9.1 Cookies We Use

• Essential cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled without losing access to the platform.
• Preference cookies: Store your settings such as theme preference, default search parameters, and UI configuration.
• Analytics cookies: Help us understand how users interact with our platform so we can improve the experience. These collect aggregated, anonymized usage data.

9.2 Local Storage

We use browser local storage to cache certain data for performance optimization, including:

• Authentication tokens (JWT)
• Search result caching for faster page loads
• User interface preferences

9.3 Third-Party Tracking

We do not use third-party advertising trackers. We may use privacy-respecting analytics tools to understand platform usage patterns. We do not participate in cross-site tracking or advertising networks.

10.1 User Account Data

Account data is retained for as long as your account remains active. Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10.2 Provider Database Records

NPPES-sourced provider records are maintained indefinitely as they are sourced from a continuously updated public registry. Enrichment data (contact information obtained from licensed third-party data providers) is retained to prevent redundant paid lookups and is refreshed periodically to ensure accuracy.

10.3 Campaign and Communication Data

SMS and email campaign records, including message content and delivery status, are retained for a minimum of 5 years to support compliance with TCPA and other telecommunications regulations, and to maintain opt-out records.

10.4 AI Conversation Logs

Conversations conducted through our Solomon AI system are retained for quality assurance, training, and compliance purposes. Conversation data may be anonymized after 12 months.

10.5 Payment Records

Transaction records and billing history are retained for a minimum of 7 years in accordance with applicable tax and accounting regulations.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify registered users via email if the changes materially affect how we handle personal data
• Post a prominent notice on our platform for at least 30 days following the change

Your continued use of RecruiterX after changes become effective constitutes your acceptance of the revised policy. We encourage you to review this page periodically for the latest information on our privacy practices.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: