Privacy Notice for
Nursegrid & Nursegrid Learn
Last updated July 25, 2023
If you have questions about our privacy practices or would like to make a complaint, please contact us at firstname.lastname@example.org or toll free at 1-866-635-8151.
Our Privacy Promise
We value you and your privacy and we want you to understand how we treat and protect your information. Here is a summary of our promise to you, as detailed in this Privacy Notice:
- Individual users may use Nursegrid for free at a limited service level and have the option to purchase course subscriptions or individual courses through Nursegrid Learn. If you access Nursegrid through your nursing employer, you may have access to a paid premium SaaS service level as subscribed to by your employer.
- Your Shift Reflections in Nursegrid are 100% private. Any reporting we do on trends in Shift Reflection is done in aggregate and your user info remains 100% anonymous.
- Any Personal Information (defined below) that is necessary to use the Services’ core features will be securely stored by us and only accessible to you, your employer, and any colleagues with whom you choose to share it.
- Private messages to other users are only viewable by the message recipient.
- Use of certain features on the Services may be visible to, copied, or stored by other users. You decide whether and how to use those features.
- You can always control your data, either directly through your account, through your nursing employer, or by contacting us for help.
- We do not sell your Personal Information or share it with others for cross-contextual behavioral advertising.
- We will always notify you if this promise changes in any way.
We encourage you to read this Privacy Notice to understand in detail how we collect and use your information.
By using or accessing our Services in any manner, you consent to the privacy practices described in this Privacy Notice. If you do not agree with this Privacy Notice, do not use the Services. This Privacy Notice DOES NOT apply to information collected while using a website or platform owned or operated by a third party, or other services offered by HealthStream.
When we say, “Personal Information,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household. Personal Information falls within these categories:
- Identifiers (e.g., name, address, telephone number, email address, username);
- Employment-related information (e.g., current or past employment);
- Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies); and
- Internet or other similar activity (e.g., browsing history, content interactions);
- Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
- Biometric information (e.g., voice, image, keystrokes, biological characteristics);
- Sensitive Personal Information (e.g., state identification number, financial information, health information, precise geolocation);
- Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Not everything about you is your Personal Information. Certain information is exempt from privacy law protections. For example, publicly available information, aggregated information (meaning data summaries or reports with Personal Information removed), and anonymized information that cannot be linked back to an individual are types of information that may not be legally protected as Personal Information.
Personal Information Collection and Use
Like most applications, Nursegrid uses Personal Information to give you a great experience. We only collect your Personal Information for Nursegrid with your consent, as instructed by a nursing employer subscribed to Nursegrid, or as authorized or required by law. The Personal Information we collect will depend on how you use Nursegrid, whether as an individual user or through your nursing employer.
In any case, we only collect and use Personal Information as adequate and relevant to the specific, express purposes described in this Privacy Notice, as reasonable, necessary, and proportionate to provide you with our Services, or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Information.
During the last 12 months, we have collected Personal Information like identifiers, employment information, biometric information, commercial history, and internet activity. We have collected this information from a variety of sources including:
- Creating your Nursegrid profile, with your consent. Each Nursegrid user will be asked to register and create a Nursegrid profile including identifiers like name, address, email, and telephone number, plus employment information like professional credentials, worksite, and department. Users can upload a photo of themselves. Nursegrid may also request permission from your device to access your calendar, camera, microphone, or other device applications. You will be given the choice to opt-in or opt-out of receiving push notifications on your device.
- Nursegrid Shift Reflections and other features, with your consent. Nursegrid may prompt you to provide additional Personal Information for certain features to function.
- Shift Reflections is designed to guide you in recording introspections about your shift, such as rating your experience on a multipoint scale, answering multiple choice questions, and entering a free text journal entry guided by writing prompts or questions. These features are entirely optional, and any Personal Information you submit under Shift Reflections or similar features is provided by you voluntarily and with your consent. Shift Reflection is optional, and the information you input is 100% private. You provide your Shift Reflection information with your consent, and we will never share it with other users or any third parties without your consent to do so.
- For the credentials tracking feature to work, you will need to input your professional credentials and other employment information. The shift comparison or shift swap features require you to enter your shift schedule (either manually, automated from your nursing employer, or synced from another app on your device). Your colleagues who use Nursegrid will be able to see your shift schedule.
- Any Personal Information you include in a private message will be visible to the message recipient, and possibly to others if the recipient shares or copies the message. If you post content to public areas of Nursegrid, those posts may be visible to, copied, or stored by other Nursegrid users. Your use of Nursegrid features is entirely optional, and any Personal Information you submit is provided by you voluntarily and with your consent.
- Using Nursegrid Learn, with your consent. On Nursegrid Learn, you can purchase individual nursing continuing education courses or subscribe to unlimited courses on an annual basis. Once you purchase a single course or subscription, you will be prompted to connect or create your hStreamID to use on Nursegrid Learn (your hStreamID is governed by the HealthStream Privacy Statement). Your hStreamID will give you access to the HealthStream Learning Center, where you can access your courses.
- From your nursing employer, as a service provider. If you use Nursegrid through your nursing employer, your nursing employer may submit your identifiers, employment information, or other Personal Information to create your Nursegrid profile and to automate shift swap requests and other features. We collect and use this information in our role as a service provider to your nursing employer at their direction and according to their privacy practices, or as permitted or required by law.
- When you participate in a chat with us. If you participate in a live chat with us on the Site or through any other Services, we collect and record any information, including Personal Information, that you choose to include in your chats. For example, you might provide identifiers like your name and email address along with other Personal Information you choose to include in the chat. Please note that our live chat feature is made possible through our relationship with a third-party service provider, and your chats may be accessible simultaneously and in real-time by that third-party service provider. BY INITIATING OR CONTINUING A LIVE CHAT, YOU CONSENT TO OUR THIRD-PARTY SERVICE PROVIDER ACCESSING YOUR CHATS. If you do not consent to such access to your chats, you should not initiate or participate in a chat with us.
- From your communications with us, with your consent. If you contact us by email, online form, or other means to request information or support, we will collect your name and email address to respond to your inquiry. If you complete one of our surveys, report a problem, or interact with our support team, we will collect any Personal Information you submit to us through those channels. If you use our SaaS services, we may also collect your employment information to confirm your account details. We may keep records of our interactions with you. We use this information for the purposes stated at the time of collection.
- From other users or third parties, with a legitimate interest. If a Nursegrid user invites you to Nursegrid, we will collect your email address and use it to send you an invitation on behalf of that user. You can unsubscribe from these emails at any time. Analytics companies, advertisers, and other third parties may provide us with Personal Information about you that is publicly available or related to your internet activities on online services. We collect and use this information for our legitimate interests of marketing the Services and developing new features.
In addition to the uses described above, we might also use your Personal Information to: (i) provide, maintain, and improve the Services; (ii) personalize the user experience and provide customer service; (iii) send you support and administrative messages; (iv) monitor your compliance with any of your agreements with us; (v) detect, investigate, and prevent fraudulent transactions and other illegal activities and protect our or others’ rights and property; (vi) protect your privacy, enforce this Privacy Notice, and comply with applicable laws, regulations, legal processes or court orders; (vii) if we believe it is necessary, to identify, contact, or bring legal action against persons who may be causing injury to you, to us, or to others; or (viii) fulfill any other purpose to which you consent.
We will not collect additional categories of Personal Information or use already collected Personal Information for purposes that are materially different, unrelated, or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law.
Your Nursegrid Shift Reflection Data
We do not share your personal Shift Reflection data with other users or third parties without your consent. Shift Reflection allows you to record personal details about your shifts. Shift Reflection collects your rating data (i.e., answers to standard choice questions) and your comments (i.e., answers to optional free text questions). Shift Reflection is optional, and the information you input is 100% private. Any comments you make in Shift Reflections remain 100% confidential.
Nursegrid and Nursegrid Learn should not be used to collect or process any health data. Please do not submit any health data about yourself, patients, or any other person to the Services. We cannot provide any assurances with respect to the health data you choose to submit to the Services. If we discover that health data has been submitted to the Services, we will delete such information from our systems. If you become aware of any unauthorized submission of health data, please contact us at email@example.com or 1-866-635-8151.
The Services are designed for users aged 18 and older. We do not knowingly collect Personal Information from children under 18. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our systems. If you believe we might have any information collected online from a child under 18, or if you become aware of any unauthorized submission of information to us, please contact us at firstname.lastname@example.org or 1-866-635-8151.
Retention of Personal Information
We only retain Personal Information as necessary to provide you with the Services you request. For example, if you contact us for information or support, we will retain the information you provide for the necessary length of time to respond to your inquiry. We will retain your account information, such as your identifiers and employment information, as long as your account remains active. We regularly review and deidentify unnecessary Personal Information, and we periodically delete data associated with inactive accounts.
Disclosure of Personal Information
We only disclose your Personal Information in limited circumstances and for specific purposes. In the last 12 months, we have disclosed all categories of Personal Information that we collected for a business purpose to these recipients:
- Your Nursing Employer. If you use Nursegrid through your nursing employer, we may disclose Personal Information collected from your use of certain features to your nursing employer so those features can function. For example, if you request a shift swap, your nursing employer will see your request so that your supervisor or other users can review and approve the request. We are committed to keeping your private information private, even from your nursing employer. We will never share your private messages sent via Nursegrid with your nursing employer. Nursegrid is designed to only share private messages with the selected message recipient.
- Our Chat Provider. To enable the chat feature available through the Services, we may transfer certain data to our third-party chat service provider simultaneously and in real-time. Our chat service provider will only use your chat data to facilitate your chat and provide you with support, to provide us with the live chat feature, or for internal operations purposes. BY PARTICIPATING IN A LIVE CHAT, YOU CONSENT TO THE DISCLOSURE OF YOUR CHATS, AND THE DATA YOU INCLUDE IN THOSE CHATS, TO OUR THIRD-PARTY SERVICE PROVIDERS, AND YOU WAIVE ANY POTENTIAL EAVESDROPPING OR WIRETAPPING CLAIMS.
- Other Service Providers. Service providers like our chat provider, data analyst companies, payment processors, and email and data hosting providers may have access to your Personal Information in order to perform their contractual obligations to us. Our service providers are subject to contractual agreements that protect your Personal Information, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Provider will depend on the service that they provide to We prohibit our service providers from selling or disclosing the Personal Information we provide, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Information.
- Affiliates. We disclose the information we collect from you to our affiliates or subsidiaries. If we do disclose your Personal Information to our affiliates or subsidiaries, their use and disclosure of your Personal Information will be subject to this Privacy Notice.
- Law enforcement or other government agencies as permitted or required by law.
- Cookie information recipients, subject to their respective privacy notices.
- Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
Aggregated and Deidentified Information
We reserve the right to disclose aggregated, anonymized, or de-identified information about any individuals with nonaffiliated entities for business development, marketing, advertising, research, or other purposes, without restriction.
We may create aggregate or trend reporting based on Nursegrid Shift Reflection ratings. Reports never include individual names or other identifiers. Journal Entries made in Shift Reflections are never included in our trend reporting. These reports only show data across large samples, and all data is 100% deidentified, meaning that the data excludes all Personal Information about the creators, so it is impossible to link the information to a specific user. Reports could be made public or shared with third parties, but all reports of this nature are 100% anonymous and de-identified.
Aggregated Reporting to Nursing Employer Subscribers
As a premium service to nursing employers subscribed to Nursegrid, we provide aggregated reporting on user trends in content consumption and Shift Reflection data. Rest assured that we will never allow your nursing employer or anyone else to see your Personal Information. Reporting may be aggregated at a facility or department level but will never include a sample size small enough for any Shift Reflection or content consumption data to be personally identifiable. Journal Entries made by users in the Shift Reflection are never included in any premium service reporting.
We may also use the same fully anonymized, deidentified or aggregated reports to assist with our research, marketing, advertising, or other purposes. If we ever have a data collection mechanism specifically intended for a nursing employer’s use, we will notify you that the data is being collected for that specific purpose and help you understand the privacy implications before you use it.
Your Privacy Choices and Controls
We believe you should have the ability to readily control the Personal Information we collect and hold about you. If you have questions or need help, please contact your nursing employer, send us a Consumer Privacy Request, or email us at email@example.com.
Your Account Profile and Device Settings
You can sign into your account to access, change, or delete your Personal Information at any time. If you require assistance to access or make certain changes, please contact firstname.lastname@example.org. You can also control the data we collect about you by adjusting your device settings.
Informational and Marketing Communications
If you provide your email address, Nursegrid may send you informational or support emails. If you opt-in to receive marketing communications from HealthStream or from Nursegrid, we may send you emails, push notifications, or in-app messages related to your activity on the Services, to inform you about Services features, or for direct marketing purposes. We will only send you these communications in ways that are compatible with your privacy choices. To opt out, change your preferences via the links provided in the emails or email email@example.com.
If you provide us with your wireless number, you consent to HealthStream sending you text messages for informational or authentication purposes. The number of texts that we send to you will be based on your circumstances and requests. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
Do Not Track Requests
Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. If this changes in the future, we will update this Privacy Notice.
Consumer Privacy Requests
You can exercise your rights beyond the methods provided, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information. If you use Nursegrid through your nursing employer, please contact your nursing employer with any privacy requests or inquiries.
All other users can contact us on privacy matters by submitting a Consumer Privacy Request or by email at firstname.lastname@example.org.
We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. In that case, we will tell you the cost estimate and why we are charging the fee before completing your request. We may be unable to fulfill some or all of your requests, for example, if your request falls within a statutory exception or if fulfilling your request would prevent us from complying with a statutory or contractual obligation. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting email@example.com.
U.S. Privacy Rights
In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses (e.g., HIPAA) and state privacy laws providing general consumer privacy rights. This section provides informational notices for state privacy laws applicable in California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) can exercise their privacy rights by submitting a Privacy Request as instructed above. Some of these laws may not apply to our Services, in which case these notices are offered as a courtesy to those Consumers.
- Right to Correct. You have the right to request that we correct inaccurate Personal Information about you on our systems. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
- Right to Deletion. You have the right to request that we delete the Personal Information that we collected and retained, with certain exceptions. We may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion.
- No Selling or Sharing Personal Information. Some states entitle Consumers to opt out of the sale or sharing of Personal Information or targeted advertising practices. We do not, and will not, sell the Personal Information we collect about you from your use of the Services or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If our practices change, we will update this posting and provide you with opt-out methods.
- No Profiling. You have the right to opt out of automated profiling. We do not use your Personal Information to evaluate, analyze, or predict your interests and preferences or otherwise use automated profiling to produce significant effects that concern you. If this changes in the future, we will update this Privacy Notice and provide you with a method to opt out.
- Limited Use and Disclosure of Sensitive Personal Information. You may have the right to opt out of or limit our use of your sensitive Personal Information. We do not require you to provide any Sensitive Personal Information. If you choose to input Sensitive Personal Information, such as your union or other organizational memberships, we will only use this information to complete your user profile, to facilitate your choice to use certain features of the Services, or for our internal business purposes. We do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to limit use and disclosure of Sensitive Personal Information.
- Right to Access. You have the right to request confirmation that we have collected Personal Information about you and that we provide you with access to that Personal Information. If you submit an access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that we may be prohibited by law from disclosing certain pieces of Personal Information, and we may be limited in the number or frequency of requests we must fulfill.
- Health Data Rights. Some state laws entitle consumers to certain details about health data collected about them, including (a) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (b) a method to withdraw consent related to use of health data, and (c) the right to have their health data be deleted.
- Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Information, such as: (a) the categories of Personal Information we have collected about you; (b) the categories of sources for the Personal Information we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Information, as applicable; (d) the categories of third parties with whom we share that Personal Information; and (e) if we sold or shared your Personal Information under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your privacy rights. Unless permitted by law, we will not (a) deny you goods or services, (b) charge you different prices or rates for goods or services, (c) provide you with a different level or quality of goods or services, (d) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (e) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services because you exercised a privacy right.
- Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
Consumers may exercise these rights by submitting a Privacy Request as instructed above. Only you or someone legally authorized to act on your behalf may make a verifiable Privacy Request related to your Personal Information. You may designate a third party to exercise your rights – an authorized agent – however, we will require written proof of the authorization and potentially proof of your identity.
Canadian Privacy Rights
This section provides supplemental information to residents of Canada (“Canadian Consumers”) in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applies solely to Canadian Consumers where PIPEDA applies. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
- Right to know why we collect, use and distribute the Personal Information we process. We have set the required notices in this Privacy Notice. We may provide you with additional notices about other ways we process your Personal Information, such as by sending you a notice via email or by other means of communication.
- Right to expect us to collect, use or disclose Personal Information responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Notice and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by submitting a Consumer Privacy Request or contacting us at firstname.lastname@example.org.
- Right to the accuracy of your Personal Information. We take steps to reasonably ensure that the Personal Information we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
- Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used, and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfill the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal and outline further steps that are available to you.
Canadian Consumers may exercise these rights by submitting a Privacy Request as instructed above. Only you or someone legally authorized to act on your behalf may make a verifiable Privacy Request related to your Personal Information. You may designate a third party to exercise your rights – an authorized agent – however, we will require written proof of the authorization and potentially proof of your identity.
Offered in the U.S. and Canada
Nursegrid and Nursegrid Learn are owned and operated in the United States and designed to serve nurses and nursing employers and their users located in the United States and Canada only. We do not market the Services to residents of the European Union or any other jurisdiction outside of the United States or Canada. If you reside outside of the United States or Canada, please do not submit any Personal Information to us.
If you are a Nursegrid user who is a non-US resident or if you visit the website from outside of the United States, you acknowledge and consent to your Personal Information being transferred to our servers in the United States and maintained there in accordance with our retention policy. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement, or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to this Privacy Notice in its entirety and the transfer and processing of your Personal Information as described in this paragraph, and you waive any and all remedies that you may have based on the laws of your jurisdiction.
HealthStream implements and maintains reasonable and appropriate technical, organizational, and physical security measures to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. HealthStream employees who handle user inquiries are informed of applicable privacy law requirements. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions are processed on a PCI-compliant third-party application. Our security measures are appropriate to the volume, scope, and nature of the Personal Information processed and designed to meet our duty of care with respect to your Personal Information.
Please note, however, that no transmission of data over the internet is 100% secure. We cannot guarantee that unauthorized third parties won’t defeat our security measures or use your Personal Information for improper purposes. It is your responsibility to keep your account secure from unauthorized access. We are not responsible for any lost, stolen, or compromised passwords, or any unauthorized activity on your account. We also have no control over any nursing employer or other third party’s security measures or practices, and we make no representations or guarantees that your Personal Information is secure once transmitted or stored on their systems.
The Services may include links to other websites whose privacy practices may differ from ours or to content or services provided by third parties. If you submit Personal Information to any third-party websites or services, your information is governed by the privacy policies of those third parties and HealthStream has no control over their privacy practices.
We may periodically update this Privacy Notice. If we make any material changes, we will notify you through the Services or by updating this posting. The date that this Privacy Notice was last revised is identified at the top of the page. Your continued use of the Services after the effective date will be subject to the new Privacy Notice. You are responsible for periodically checking this Privacy Notice for changes.