Skip to main content
Legal

Privacy Policy

Last updated: April 7, 2026

1. Who We Are

CredsTrack is a product of Giftop FZ LLC, a company registered in the United Arab Emirates.

Address: FDCW1794, Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, UAE

Contact: hello@credstrack.com

2. What We Do

CredsTrack is a cloud-based platform that helps healthcare staffing agencies monitor nurse credentials in real time, and provides nurses with a portable digital credential wallet. We verify licenses through the Nursys e-Notify system operated by the National Council of State Boards of Nursing (NCSBN).

3. Information We Collect

For Agency Users:

  • Account information: name, email, password, organization name
  • Nurse roster data: names, license numbers, states, contact information
  • Credential documents uploaded to the platform
  • Billing information (processed by Stripe, not stored on our servers)

For Nurse Users:

  • Account information: name, email, phone number, state
  • Professional information: license type, license number, NPI, specialty
  • Credential documents you upload
  • Availability and assignment preferences

4. How We Use Your Information

  • Verify and monitor nurse credentials through Nursys
  • Send expiration alerts and compliance notifications
  • Generate compliance reports for agencies
  • Provide the Credential Passport and wallet card features
  • Process payments and manage subscriptions
  • Improve our services and user experience

5. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

  • With agencies you authorize: Nurses control which agencies can view their credentials through granular consent settings
  • Nursys / NCSBN: License information is verified through the official Nursys API
  • Payment processor: Stripe processes billing data under their own privacy policy
  • Email provider: Mailjet delivers transactional emails
  • Legal requirements: When required by law, subpoena, or government request

6. HIPAA Compliance

CredsTrack is designed with HIPAA compliance in mind. We implement:

  • AES-256 encryption for sensitive data at rest
  • TLS 1.3 encryption for data in transit
  • Row-level security (RLS) ensuring data isolation between organizations
  • Audit logging of all data access and modifications
  • 30-minute session timeouts for protected areas
  • Role-based access control within organizations

Agencies handling Protected Health Information (PHI) should execute a Business Associate Agreement (BAA) with us. Contact hello@credstrack.com to request a BAA.

7. Data Retention

  • Active account data is retained for the duration of your subscription
  • After account cancellation, data is retained for 90 days then permanently deleted
  • Audit logs are retained for 7 years for compliance purposes
  • You may request immediate deletion at any time (see Section 9)

8. Data Security

  • AES-256 encryption (pgcrypto + application-level GCM)
  • Strict Content Security Policy headers
  • HSTS with 63-day max-age
  • Regular security audits
  • SOC 2 Type II readiness

9. Your Rights

You have the right to:

  • Access your personal data at any time through your account
  • Correct inaccurate information in your profile
  • Delete your account and all associated data (GDPR Article 17)
  • Export your data in a portable format
  • Withdraw consent for data sharing with specific agencies

To exercise any of these rights, contact us at hello@credstrack.com.

10. Cookies

We use essential cookies for session management and authentication. We do not use third-party tracking cookies or advertising cookies.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email. Continued use of the service after changes constitutes acceptance.

12. Contact Us

Giftop FZ LLC (operating as CredsTrack)
FDCW1794, Compass Building, Al Shohada Road
AL Hamra Industrial Zone-FZ, Ras Al Khaimah, UAE
Email: hello@credstrack.com