PRIVACY POLICY

Last Updated: [EFFECTIVE DATE — fill in at publish]

1. Our Privacy Commitment

This Privacy Policy describes how and why LeoMed ("we," "us," or "our") may access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you visit our website at https://leomed.ai (the "Site") or engage with us in other related ways.

Reading this Privacy Policy will help you understand your privacy choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions, please contact us at compliance@leomed.ai.

2. Verification-Based Eligibility & Exclusions

National Provider Identifier (NPI) Verification. Access to physician-specific features of the Services is conditioned upon successful verification of clinical identity using a National Provider Identifier (NPI) number. Falsified professional credentials will result in immediate account deletion and may result in legal action.

United States Focus. The Services are hosted within the United States and directed to U.S.-based healthcare professionals. If you access the Site from outside the U.S. you do so at your own risk and consent to your data being processed in the U.S.

No Minors. LeoMed is exclusively a professional recruitment platform. Persons under the age of 18 are not permitted to view, access, register for, or use the Site under any circumstances.

3. What Information Do We Collect & How?

3.1 Personal Information You Disclose to Us

We collect personal information that you voluntarily provide to us when you register for the Services, submit salary data, upload a resume or employment contract, search for professional clinical opportunities, or interact with us directly. This includes:

  • Contact & Registry Information: Full name, phone numbers, email addresses, mailing addresses, and National Provider Identifier (NPI) numbers.
  • Employment & Credentials: Job titles, clinical qualifications, professional licensing records, work history, and compensation expectations.
  • User-Uploaded Documents: Curriculum vitae (uploaded for employer applications and profile enrichment).
  • Salary Submissions: Voluntary compensation records submitted for aggregate benchmarking (see §7).
  • Communications & Interactions: Support tickets, feedback surveys, and direct inquiries.

3.2 Sensitive Personal Information

We only collect sensitive personal information (such as professional or national identifiers) as needed for the operational purposes described in §4, or strictly with your consent.

  • We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
  • Your account password, username, and authentication details are strictly confidential and protected by administrative, physical, and technical safeguards.

3.3 Automated Information Collection

To maintain site security, prevent credential fraud, and manage internal technical analytics, our servers automatically collect standard operational logs. This automated baseline information typically does not reveal your specific identity but includes:

  • Log and Usage Data: IP addresses (stored as SHA-256 hashes for privacy), browser settings, device configurations, referring URLs, timestamp metrics, pages/files viewed, searches executed, and system event/error logs.
  • No Session Replay. We do not use session-replay software, keystroke recorders, or user-mouse-movement tracking technologies to capture your active interactions.

4. How Do We Process Your Information?

We process your personal information for the following purposes:

  • Account Creation & NPI Verification. Validating your clinical identity against the public NPPES registry maintained by the Centers for Medicare & Medicaid Services; enabling secure login and account management.
  • Service Delivery. Facilitating job discovery, saved-job workflows, alerts, and applications; responding to your inquiries and troubleshooting technical issues.
  • AI-Powered Features (LEO). Sending prompts and voluntarily-shared compensation details to our AI sub-processor (Anthropic PBC) for salary prediction, benchmarking, negotiation coaching, and chat. See §7.
  • Payments & Billing. Processing Premium subscription payments and employer-post payments through Stripe. We do not store credit-card data on our systems.
  • Employer-Post Fulfillment. Publishing paid employer job listings after payment confirmation and displaying them to candidates.
  • Salary Benchmarking. Aggregating anonymized salary submissions into cohort statistics (specialty × state × job type × academic vs. private) that inform LEO's salary intelligence.
  • User-Requested Communications. Sending daily or weekly job alerts, saved-job digests, and application-status updates to users who have opted into those features.
  • Platform Security. Protecting the Services against credential stuffing, malicious activity, automated bots, and illicit registration attempts (using IP hashes and rate-limit signals).
  • Internal Development. Undertaking internal research for technological development, analytics, and platform optimization. This is not considered a "sale" of your personal data.

5. When and With Whom Do We Share Your Personal Information?

We do not sell your personal information, and we have not sold or shared any personal information with third parties for a commercial or marketing purpose in the preceding twelve (12) months.

5.1 Named Sub-Processors

To operate the Services we share limited data with the following sub-processors, each of whom is contractually bound to protect your data:

VendorData sharedPurposeLocation
Vercel Inc.Server logs, IP hashes, deployed application code, cached responsesHosting, edge functions, request routingUnited States
Supabase Inc.Account data, profile fields, uploaded documents, salary submissions, session tokensPostgres database, authentication, and file storageAWS us-west-2 (Oregon, USA)
Stripe, Inc.Name, email, billing address, subscription and payment metadataPayment processing and Customer Portal for subscription managementUnited States
Anthropic PBCPrompts and content sent through LEO features (salary details and negotiation scenarios you provide in chat and forms)AI inference for LEO's salary predictor, benchmark, negotiation coach, and chatUnited States
Our configured email providerRecipient email address, message subject and bodyDelivery of transactional and user-requested emailsUnited States (confirm at publish time)

We may update this list from time to time. Material changes will be noted in this Privacy Policy with an updated "Last Updated" date.

5.2 CCPA-Framework Category Disclosure

For clarity to California residents, the categories of personal information (as defined by the California Consumer Privacy Act) that we process and share with sub-processors are:

  • Category A (Identifiers) — Name, email, phone, NPI. Shared with Supabase and Stripe.
  • Category B (California Customer Records) — Name + employment information you provide during registration. Shared with Supabase.
  • Category F (Internet & Network Activity) — Hashed IP, user-agent string, referrer URLs, timestamps. Shared with Vercel and Supabase.
  • Category G (Geolocation Data) — Imprecise (city-level, derived from IP address). Shared with Vercel.
  • Category I (Professional/Employment Info) — Specialty, subspecialty, organization, years of experience, uploaded work history. Shared with Supabase and, when using LEO, Anthropic.
  • Category K (Inferences) — LEO-generated salary predictions, contract-risk ratings, and job matches. Retained internally; not shared with sub-processors beyond those used to generate the inference.

We do not collect Category C (Protected Demographics such as age / gender / race / religion), Category H (Sensory Data), or Category J (Education Info) unless you voluntarily submit that information in a CV or profile field.

5.3 Employer Recipients

When you use the "Apply" button on a job listing, we redirect you to the employer's own application page. We do not transmit your profile data directly to employers; the employer only receives what you submit through their own application form. If you use our (currently disabled) in-platform application feature, we will share your uploaded materials only with the specific employer to whom you have chosen to apply.

6. Do We Use Cookies, Pixels, and Other Tracking Technologies?

Strictly-necessary cookies and session storage only. We use cookies and equivalent local storage exclusively for the following strictly-necessary purposes:

  • Authentication — session tokens issued by Supabase Auth to keep you signed in
  • Preferences — remembering your last-used filters, saved-job UI state, and your acknowledgment of AI-tool disclaimers (e.g., the LEO contract-analyzer disclaimer)

No cross-site tracking. We do not embed cookies, web beacons, tracking pixels, or third-party marketing tags for the purpose of tracking your behavior across other websites.

No social widgets. We do not embed social-media "Like" or "Share" buttons, redirect click-trackers, or similar third-party widgets that would transmit your identity or activity to social networks.

No sale of tracking identifiers. We do not sell, license, or commercially exploit any tracking identifiers or user profiles to third-party advertising networks, data brokers, or marketing platforms.

7. How Do We Process Your Data Using AI?

Our platform includes AI-powered features (collectively, "LEO") including a salary predictor, salary benchmark, negotiation coach, and chat. These features route prompts and content you provide (which may include voluntarily-shared compensation details, career-scenario descriptions, and other information you type into LEO forms and chat) through Anthropic PBC's commercial inference API.

Data protections.

  • Anthropic's commercial API does not, as of this Privacy Policy's effective date, use inputs sent through the API to train foundation models by default.
  • We do not authorize any third-party AI vendor to train models on your personal data.
  • Salary submissions are aggregated into anonymized cohort statistics and used to power LEO's benchmark output. The individual submission survives account deletion in anonymized form; the link to your identity is severed.

Human-in-the-loop requirement. All AI-generated matching, suggestions, salary estimates, and negotiation guidance are provided for informational convenience only. You retain sole and absolute human responsibility for verifying the accuracy, clinical validity, truthfulness, and legal appropriateness of any AI output before making compensation decisions or taking any other professional career step.

AI opt-out. If you prefer not to have your salary submissions or chat prompts processed by AI, do not use the LEO features. Public job-board browsing and standard account features do not require AI processing.

8. Data Retention Schedule By Category

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, except as required by federal or state law for tax, accounting, financial, or legal-compliance recordkeeping (typically 7 years for payment / tax records).

CategoryDescriptionRetention
A – IdentifiersName, NPI, email, phoneUp to 12 months after account termination; then deleted or permanently anonymized
B – Customer recordsEmployment history you disclosed at signupUp to 12 months after termination; then deleted or aggregated
F – Internet & Network Activity LogsHashed IPs, request logsUp to 12 months after account termination
G – Geolocation (imprecise)City-level location derived from IPUp to 12 months after account termination
I – Professional & Employment CredentialsSpecialty, subspecialty, org, years expUp to 12 months after termination; then deleted or aggregated
K – InferencesLEO-generated benchmarks, predictions, matchesUp to 12 months after account termination
L – Sensitive Personal InfoNPI (an identifier that may qualify under some interpretations)Up to 12 months after termination
Uploaded CVs (Document.CV)Resumes and credentialing documentsDeleted on request, or on account termination + 90 days; you may delete individual documents at any time from your library
Salary SubmissionsVoluntary compensation recordsRetained indefinitely in anonymized form for aggregate benchmarking. The userId link is removed upon account termination so the individual submission cannot be re-linked to you.
Payment RecordsStripe transaction receipts, subscription historyRetained 7 years or as required by tax / financial regulations
Legal HoldAny information subject to a subpoena, litigation hold, or regulatory investigationRetained until the legal hold is lifted

9. How Do We Keep Your Information Safe?

We implement industry-standard physical, administrative, and technical security measures designed to protect the integrity and confidentiality of your verified healthcare profile and credentials:

  • Encryption in transit. All connections to the Site and API use TLS 1.2 or higher.
  • Encryption at rest. Database contents and uploaded documents in Supabase Storage are encrypted at rest under AWS-managed keys.
  • Password hashing. User passwords are hashed via bcrypt through Supabase Auth and are never stored in plaintext or transmitted after the initial hash exchange.
  • Signed URLs for documents. Uploaded documents (contracts, CVs) are served through time-limited signed URLs; direct object access is not possible without authentication.
  • IP hashing. Where we log source IP addresses (for rate-limiting and fraud prevention), we store SHA-256 hashes rather than raw addresses.
  • Access controls. Row-level and role-scoped controls limit which data any individual system component can read.

However, no digital storage system or transmission can be guaranteed 100% secure. While we take reasonable measures to protect your personal information, transmission of your personal data to and from our platform is at your own risk.

10. Data Breach & Leak Notification

In the event of a confirmed malicious breach or unauthorized data leak compromising your credentials or registration profile, we will notify affected users without unreasonable delay and, in any event, within the timeframes required by applicable federal and state breach-notification laws (typically 30–60 days depending on jurisdiction). The notification will describe the extent of the compromised data and the remediation steps taken.

11. What Are Your Privacy Rights & Choices?

11.1 Access, Correction, Portability, and Deletion

You may:

  • Access. Request a copy of the personal information we hold about you.
  • Correct. Request that we correct inaccurate personal information.
  • Portability. Request an export of your data in a machine-readable format.
  • Delete. Request that we delete your account and associated personal information, subject to the retention exceptions in §8 (payment records, legal holds).
  • Modify. Update your profile, uploaded documents, saved jobs, and preferences at any time from your account settings.
  • Opt out of AI processing. Decline to use LEO features. Public job-board browsing does not require AI processing.

11.2 How to Exercise These Rights

Log into your Profile Settings to make changes directly, or contact us at compliance@leomed.ai. We will respond to verified requests within forty-five (45) days.

11.3 Request Verification

To protect our verified healthcare-professional database, any privacy request will be verified. We will use personal information you provide in your request solely to confirm your identity. If we cannot verify your identity from existing records, we may request additional verification for security and fraud-prevention purposes.

11.4 Non-Discrimination

We will not discriminate against you (deny service, charge different prices, or provide a different level or quality of service) because you exercised any of your privacy rights.

11.5 Transactional and User-Requested Communications

We send:

  • Transactional emails — account verification, password reset, payment receipts, security notices.
  • User-requested content — job alerts, saved-job digests, and application-status updates that you specifically opted into.
  • Legally-required notices — breach notifications, ToS changes, price-change notices.

We do not send unsolicited marketing, promotional, or third-party advertising emails. You may opt out of user-requested content (job alerts, digests) at any time from your Preferences page or by using the unsubscribe link at the bottom of any such email. Transactional and legally-required notices cannot be opted out of while your account is active.

12. How Can You Contact Us About This Notice?

If you have questions, comments, concerns, or wish to exercise any of the rights described in §11:

LeoMed Email: compliance@leomed.ai

For general product-support questions unrelated to privacy, please see our Contact page.