Privacy Policy

Effective Date: May 22, 2026
Version: 2026-05-22
Last Updated: May 22, 2026

This Privacy Policy describes how Oroville Hospital Internal Medicine Residency Program ("we," "us," "the Program") collects, uses, and discloses personal information when you use MatchFlow. It supplements (and where conflicts arise, defers to) Oroville Hospital's HIPAA Notice of Privacy Practices.

1. Scope

This Policy applies to information collected through MatchFlow ("the Platform"), available at https://ohgme.netlify.app. It does not cover practices of third-party services we integrate with, which have their own privacy policies.

2. Information We Collect

2.1 Information you provide directly

Category	Examples	Source
Identifiers	Name, email, phone number, photo	You during onboarding
Professional info	Medical school, PGY year, training history, board scores	You / Program records
Operational data	Duty hours, procedure logs, evaluation responses, schedule preferences	You during use
Communications	Messages, notification text, evaluation comments	You during use
Applicant data	Application info, interview ratings, rank order (recruitment context)	You / Program leadership

2.2 Information collected automatically

Authentication tokens (Supabase session cookies)
IP address and rough geolocation at login (for security audit logs)
Browser and device info (user agent, screen size for UI adaptation)
Activity logs (which features you used, when — for audit and ACGME compliance)

2.3 Sensitive Personal Information (CPRA category)

We do not knowingly collect sensitive personal information beyond what is operationally necessary. We do not collect or process Social Security Numbers, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, biometric identifiers, sexual orientation, or genetic information through MatchFlow.

3. How We Use Your Information

Operating the Platform (authentication, displaying your schedule, routing notifications)
Internal Program operations (rotation assignments, duty hour compliance monitoring, evaluation administration)
ACGME accreditation reporting (aggregated and individual data as required)
Communication with you (operational alerts, system notifications, push notifications if you consent)
Audit and compliance (HIPAA breach detection, access logs, fraud prevention)
Improving the Platform (analyzing usage patterns to fix bugs and add features)

We do not sell or share your personal information for cross-context behavioral advertising. We do not authorize any third party to do so on our behalf.

4. How We Disclose Your Information

We may disclose your information to:

Service providers who help us operate the Platform (Supabase, Netlify, push notification services from Google/Apple/Mozilla) under contractual data protection agreements
Oroville Hospital as part of normal program operations and accreditation
Accreditation bodies (ACGME, ABIM, etc.) as required for program reporting and resident certification
Future employers, credentialing committees, and state medical boards when you request training verification
Law enforcement or government agencies when legally required (court order, subpoena, regulatory inquiry)

5. HIPAA and Protected Health Information

MatchFlow is operational software, not a clinical electronic health record. We instruct users not to enter Protected Health Information (PHI) into free-text fields. Where PHI is incidentally present, it is protected under HIPAA and the Oroville Hospital HIPAA Notice of Privacy Practices, which takes precedence over this Policy for PHI-related matters.

MatchFlow's third-party vendors operate under Business Associate Agreements (BAAs) where they may process PHI.

6. Data Retention

Data Category	Retention Period
Resident training records (duty hours, evaluations, procedure logs, scholarly activity)	Indefinitely, per ACGME and state credentialing requirements
Applicant data (non-matched)	3 years after recruitment season closes, then deleted
Applicant data (matched residents)	Folded into resident training records — indefinite
Authentication logs / IP logs	90 days, then aggregated
Audit logs (administrative actions)	7 years, per HIPAA
Messages and clinical notifications	5 years from creation
Push notification subscriptions	Until the device is unsubscribed or the user separates from the Program

7. Security

We implement reasonable security measures to protect your information, including:

TLS encryption for all data in transit
Encryption at rest for the Supabase database
Row-Level Security (RLS) policies restricting data access by role
Multi-factor authentication where supported
Regular access audits and least-privilege access for administrators
Annual review of vendor security posture

No security measure is perfect. In the event of a data breach, we will notify affected individuals as required by California law (within 30 days for breaches affecting California residents) and HIPAA (within 60 days for PHI breaches).

8. Your Rights Under California Law (CCPA / CPRA)

If you are a California resident, you have the following rights regarding your personal information:

Right to Know — Request details about the categories of personal information we have collected, the sources, purposes, and third parties with whom we have shared it
Right to Access — Request a copy of the specific personal information we hold about you
Right to Delete — Request deletion of your personal information, subject to retention requirements (ACGME records and HIPAA-required audit logs cannot be deleted)
Right to Correct — Request correction of inaccurate personal information
Right to Opt Out of Sale or Sharing — We do not sell or share your information; this right is honored by default
Right to Limit Use of Sensitive Personal Information — Where applicable
Right to Non-Discrimination — We will not retaliate against you for exercising any of these rights
Right to Designate an Authorized Agent — You may authorize another person to submit privacy requests on your behalf

To exercise any of these rights, contact the Program Coordinator at residency@orovillehospital.com. We will verify your identity before processing the request and respond within 45 days (with one possible 45-day extension if needed).

"Do Not Sell or Share My Personal Information"

We do not sell or share your personal information for cross-context behavioral advertising. No action is needed on your part.

9. Rights Under Other State Laws

Residents of Virginia, Colorado, Connecticut, Texas, and other states with consumer privacy laws have similar rights to those listed above. Contact us using the methods in Section 8 to exercise these rights.

10. Notifications

Phone notifications (Web Push)

If you opt in to phone notifications, your browser generates a unique encrypted subscription endpoint that we store in our database. We use this endpoint to send encrypted alert payloads to your device through Google (Android, Chrome), Apple (iOS Safari), or Mozilla (Firefox) push services, which forward the encrypted payload to your device. The notification content is encrypted end-to-end such that the push service intermediaries cannot read it.

Push notifications will not contain Protected Health Information (PHI). You may revoke this consent at any time in Settings, in your browser's site permissions, or by uninstalling MatchFlow from your home screen.

11. Cookies and Tracking

MatchFlow uses only essential cookies necessary for authentication and session management. We do not use third-party analytics, advertising, or tracking cookies. We do not respond to Do Not Track signals because we don't engage in tracking that would be subject to them.

12. Children's Privacy

MatchFlow is not intended for use by individuals under 18 years of age. Residents and applicants are by definition adults. We do not knowingly collect information from children.

13. International Users

MatchFlow is operated from the United States. Information is stored and processed in the U.S. If you access the Platform from outside the U.S., your information will be transferred to the U.S. where data protection laws may differ from those of your jurisdiction.

14. Third-Party Service Providers

Provider	Purpose	Privacy Policy
Supabase	Database, auth, edge functions	supabase.com/privacy
Google FCM (push, Android/Chrome)	Encrypted push notification routing	policies.google.com/privacy
Apple Push Service (push, iOS/Safari)	Encrypted push notification routing	apple.com/legal/privacy
Mozilla Push (push, Firefox)	Encrypted push notification routing	mozilla.org/privacy
Netlify	Web hosting	netlify.com/privacy

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through:

Notification within the Platform
Email to your registered email address
Required re-acknowledgment during your next login (for material changes)

The "Last Updated" date at the top of this Policy reflects the most recent revision.

16. Contact

For questions about this Privacy Policy or to exercise your rights:

Oroville Hospital Internal Medicine Residency Program
2767 Olive Highway
Oroville, CA 95966
Email: residency@orovillehospital.com
For HIPAA-specific concerns: Oroville Hospital Privacy Officer