StayMap™

Staff Feedback

StayMap™Sign in

Privacy Policy

Last updated: March 2025

1. Information We Collect

We collect two categories of information:

Account Information

Name, email address, and role for authenticated users (nurse managers, consultants, administrators). This is required to provide access to the platform.

Anonymous Staff Feedback

Text responses submitted through the public feedback link. No name, employee ID, or other identifying information is collected or associated with feedback entries. We collect the submission timestamp and IP address solely for rate limiting and abuse prevention; IP addresses are not stored permanently.

2. How We Use Your Information

  • To authenticate and authorize access to the platform
  • To classify feedback using AI and generate retention analytics
  • To enable action planning and cycle management features
  • To send administrative notifications (account setup, system alerts)
  • To monitor platform performance and prevent abuse
  • To improve the accuracy of the AI classification system

3. AI Processing

Anonymous staff feedback is sent to Anthropic's Claude API for classification against the 21 retention concepts in the Cone Health Conceptual Framework. Feedback text is transmitted to Anthropic's servers for processing. Anthropic's data handling is governed by their Privacy Policy. We do not send any personally identifiable information to Anthropic.

4. Data Storage and Security

All data is stored in a PostgreSQL database hosted by Supabase in the United States. We implement the following security measures:

  • HTTPS enforced on all connections (HSTS enabled)
  • Authentication managed by Supabase Auth with email/password and magic links
  • Organization-level data isolation — users can only access their organization's data
  • Rate limiting on public-facing endpoints to prevent abuse
  • Security headers (CSP, X-Frame-Options, Referrer-Policy)
  • Error monitoring via Sentry (no PII in error reports)

5. Data Sharing

We do not sell your data. We share data only with:

  • Supabase — database and authentication infrastructure
  • Anthropic — AI classification of anonymous feedback text
  • Vercel — hosting platform and anonymous usage analytics
  • Sentry — error monitoring (no PII)

We may disclose information if required by law or to protect the rights and safety of users and the platform.

6. Data Retention

Account data is retained for the duration of your organization's subscription plus 30 days following termination. Anonymous feedback data and cycle history may be retained for up to 3 years to support longitudinal retention analysis. You may request deletion of your organization's data at any time through your account administrator.

7. Your Rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing
  • Data portability (export your organization's data)

To exercise these rights, contact your organization's StayMap™ administrator or reach out to us directly.

8. Cookies

We use session cookies required for authentication (managed by Supabase Auth). No third-party advertising cookies are used. Vercel Analytics uses anonymized, privacy-friendly analytics that do not require cookies or consent banners under most privacy regulations.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify administrators of material changes. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy questions or to exercise your rights, contact your organization's StayMap™ administrator or reach out through the platform's support channel.