Critical LLC ("Critical", "we", "us", or "our") operates the website onecritical.com and provides a physician locum tenens staffing platform. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

We collect information you provide directly to us when you create an account, submit a contact form, apply to a position, or communicate with us, including:

• Contact information: name, email address, mobile phone number, and mailing address.
• Hospital and facility information: organization name, address, NPI, and your role at the facility.
• Professional information: resume or CV, work history, education, specialty, and references.
• Credentialing data: state medical licenses, NPI number, DEA registration, board certifications, work authorization, and related documentation.
• Authentication data: hashed passwords, one-time passcodes, and session tokens used to secure your account.
• Usage data: log data, device identifiers, IP address, and interactions with the site, collected automatically.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account and authenticate your identity (including sending one-time passcodes by SMS or email);
• Match physicians with locum tenens assignments and facilitate placements with verified facilities;
• Verify professional credentials and comply with legal, regulatory, and facility onboarding requirements;
• Respond to your inquiries and provide customer support;
• Send transactional communications about your account, applications, and placements;
• Improve, secure, and operate the platform.

3. SMS Messaging Program

When you provide your mobile phone number and check the SMS consent box on our application, login, or signup forms, you expressly consent to receive recurring account-related SMS messages from Critical LLC, including one-time verification codes, application status updates, and service notifications you have requested.

• Message frequency: varies based on account activity — typically 1–2 messages per login attempt, plus occasional status updates.
• Cost: message and data rates may apply. Critical does not charge for these messages, but your mobile carrier may.
• Opt-out: reply STOP to any message to unsubscribe. You will receive a confirmation and will no longer receive SMS messages.
• Help: reply HELP to any message, or email contact@onecritical.com.
• No third-party sharing: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service or message delivery providers (e.g., Twilio), is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
• Carriers: supported carriers include AT&T, Verizon, T-Mobile, U.S. Cellular, and other major US carriers. Carriers are not liable for delayed or undelivered messages.
• Full SMS terms: see our SMS Terms for the complete program description.

4. How We Share Information

We do not sell your personal information. We share information only in these limited circumstances:

• With facilities: when you apply to or are matched with a locum tenens assignment, we share relevant portions of your professional profile with the hiring facility.
• With service providers under contract: we use vetted vendors to operate the platform, including Supabase (database and authentication), Resend (transactional email), Twilio (SMS delivery), Amazon Web Services (hosting and AI inference via Bedrock), and Google (Gemini AI for document parsing). These providers process data on our behalf under data protection agreements.
• For legal reasons: to comply with law, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Critical, our users, or others.
• With your consent: for any purpose disclosed to you at the time we collect the information.

5. Protected Health Information (PHI)

Critical is designed to handle credentialing data responsibly and is building toward HIPAA Business Associate readiness. We limit access to sensitive credentialing data to authorized personnel and service providers under Business Associate Agreements (BAAs) where applicable. Credentialing documents are retained only as long as needed to support placements and comply with legal requirements.

6. Data Storage and Security

Your data is stored on infrastructure operated by Amazon Web Services and Supabase, with encryption in transit (TLS) and at rest. We employ access controls including row-level security, role-based permissions, and audit logging. While no system is perfectly secure, we work continuously to protect your information against unauthorized access.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account and associated data at any time by contacting us.

8. Your Rights and Choices

• Access and correction: you can review and update your account information from your profile page, or request a copy by contacting us.
• Deletion: you may request deletion of your personal data by emailing contact@onecritical.com.
• SMS opt-out: reply STOP to any SMS message, or contact us.
• Email preferences: you can unsubscribe from non-essential emails at any time using the link in each message.

9. Children's Privacy

Critical is a professional staffing platform and is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site. Your continued use of Critical after such changes constitutes your acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to request deletion of your data, contact:

Critical LLC
Las Vegas, Nevada
contact@onecritical.com