HomePrivacy Policy

Privacy Policy

Effective: June 17, 2026  ·  Last updated: June 17, 2026

Oximetrics, Inc. (“Oximetrics,” “we,” “us,” or “our”) operates a clinical workforce and FTE management platform designed for healthcare organisations operating in the United States. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access our website at oximetrics.com or use our software platform (collectively, the “Services”). By accessing the Services, you agree to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, work email address, job title, and organisation name collected when you register for or are provisioned on the platform.
  • Contact Form Data: Name, work email, role, organisation, and any message content submitted through our contact or demo request forms.
  • Clinical Workforce Data: Provider rosters, FTE allocations, taxonomy codes, department structures, and amendment records uploaded or entered by authorised users. This data is controlled by the subscribing healthcare organisation (the “Customer”), not by Oximetrics.
  • Support Communications: Messages, attachments, and metadata from support tickets or email correspondence.

1.2 Information Collected Automatically

  • Log Data: IP address, browser type and version, pages visited, referring URLs, and timestamps.
  • Usage Data: Feature interactions, session duration, and navigation patterns collected to improve platform performance and reliability.
  • Cookies & Similar Technologies: Session cookies required for authentication and security. We do not use third-party advertising cookies.

2. How We Use Information

  • To provision, operate, and maintain the platform and its security.
  • To authenticate users and enforce role-based and row-level access controls.
  • To generate audit logs required for HIPAA compliance and regulatory review.
  • To respond to support requests, demo inquiries, and account issues.
  • To send transactional communications (e.g., password resets, account notifications). We do not send unsolicited marketing emails.
  • To analyse aggregate, de-identified usage metrics to improve platform features and reliability.
  • To comply with applicable law, legal process, or governmental requests.

3. HIPAA and Protected Health Information

Oximetrics is designed to support healthcare organisations subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Where applicable:

  • Customer workforce data (provider rosters, FTE allocations) may constitute or relate to Protected Health Information (“PHI”) under HIPAA. Oximetrics acts as a Business Associate with respect to any PHI processed on behalf of Customers.
  • A Business Associate Agreement (“BAA”) is executed with each subscribing healthcare organisation prior to processing any PHI.
  • Oximetrics implements technical and administrative safeguards consistent with the HIPAA Security Rule, including encryption at rest and in transit, access controls, and audit logging.
  • Oximetrics does not sell, rent, or use PHI for its own commercial purposes.

4. Disclosure of Information

We do not sell personal information. We may share information only in the following circumstances:

  • Service Providers: Trusted sub-processors (e.g., cloud infrastructure, authentication services) under contractual confidentiality obligations consistent with this Policy and applicable law.
  • Customer Administrators: User account data is accessible to the Customer's designated hospital administrator within the scope of their provisioned role.
  • Legal Compliance: When required by law, regulation, court order, or to protect the rights, property, or safety of Oximetrics, our Customers, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the acquiring party assuming obligations under this Policy.

5. Data Retention

We retain account and platform data for the duration of the Customer's subscription and for a period of seven (7) years thereafter, consistent with standard healthcare records retention requirements in the United States, unless a longer period is required by applicable law or a Customer's BAA. Audit logs are retained for a minimum of six (6) years in accordance with HIPAA requirements. Customers may request data deletion upon contract termination, subject to applicable legal retention obligations.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect information against unauthorised access, disclosure, alteration, and destruction. These include TLS 1.2+ encryption in transit, AES-256 encryption at rest, multi-factor authentication options, row-level security at the database layer, and regular security assessments. No method of transmission over the Internet or electronic storage is 100% secure. We encourage Customers to implement strong authentication practices and promptly report any suspected security incidents to security@oximetrics.com.

7. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal information, including:

  • The right to access personal information we hold about you.
  • The right to correct inaccurate information.
  • The right to request deletion, subject to legal retention obligations.
  • The right to restrict or object to certain processing.
  • The right to data portability in a structured, machine-readable format.

To exercise these rights, contact us at privacy@oximetrics.com. Note that requests relating to Customer-controlled workforce data must be directed to the relevant Customer (your employer or healthcare organisation).

8. Children's Privacy

The Services are designed exclusively for use by healthcare professionals and administrative staff of healthcare organisations. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active Customers of material changes via email or in-platform notification at least 30 days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the updated Policy. The most current version is always available at oximetrics.com/privacy.

10. Contact Us

Oximetrics, Inc.

Privacy & Compliance Team

Email: privacy@oximetrics.com

General enquiries: contact@oximetrics.com

United States