Back to CallGrid

Privacy Policy

Last updated: January 25, 2026

Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights regarding your information.

1. Information We Collect

CallGrid collects information necessary to provide our medical residency scheduling service. This includes:

Account Information

  • Name and email address
  • Organization/program affiliation
  • Role within the program (Admin, Chief, Resident)
  • PGY (Post-Graduate Year) level

Schedule Data

  • Call schedule assignments and dates
  • Service/rotation assignments
  • Time-off requests and approvals
  • Schedule swap requests and history

Organization Data

  • Program name and settings
  • Roles, services, and scheduling rules
  • Academic year configuration

Technical Data

  • IP address and browser type
  • Device information
  • Usage logs and access timestamps

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain the scheduling service
  • Authenticate users and manage access permissions
  • Process schedule assignments and swap requests
  • Send notifications about schedule changes
  • Detect and prevent fraud or abuse
  • Improve our service and develop new features
  • Comply with legal obligations

3. Third-Party Services

We work with trusted third-party providers to deliver our service. These providers have access to your information only as needed to perform their functions:

Infrastructure & Hosting

  • Vercel - Application hosting and deployment
  • Neon - PostgreSQL database hosting

Authentication

  • Clerk - User authentication and session management

Communications

  • Resend - Transactional email delivery

Payments (if applicable)

  • Stripe - Payment processing

Error Monitoring

  • Sentry - Error tracking and performance monitoring

Each third-party provider is bound by their own privacy policies and data protection agreements with us.

4. Data Retention

We retain your information as follows:

  • Active accounts: Data is retained while your account is active
  • Schedule history: Retained for the duration specified by your program, typically 7 years for compliance purposes
  • Deleted accounts: Personal data is deleted within 30 days, except where retention is required by law
  • Backup data: May be retained in secure backups for up to 90 days

5. Data Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit using TLS/HTTPS
  • Database encryption at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure, isolated database connections

Note: While we take extensive measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@callgrid.app. We will respond within 30 days.

7. Cookies and Tracking

CallGrid uses essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

We do not use advertising cookies or sell your data to third parties for marketing purposes.

8. Children's Privacy

CallGrid is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your rights

We do not sell your personal information.

11. HIPAA Considerations

CallGrid is designed as a scheduling tool and is not intended to store Protected Health Information (PHI) as defined under HIPAA. Schedule assignments alone (who is on call when) are generally not considered PHI.

If your organization requires a Business Associate Agreement (BAA), please contact us to discuss your specific needs.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notice within the application

Your continued use of CallGrid after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@callgrid.app

Data Protection Inquiries: dpo@callgrid.app

Terms of ServiceHome

© 2026 CallGrid. All rights reserved.