This Privacy Policy ("Policy") describes how SwipeSense, Inc. ("SwipeSense," "Company," "we," "our," or "us") collects, uses, discloses, and protects information when you access or use our websites, applications, software, and related services offered through SwipeSense.com and related domains. For clarity, references to legacy Clean Hands - Safe Hands branding, including CleanHands-SafeHands.com, CHSH.io, or similar legacy names, refer to the same Company and service family now operated under the SwipeSense brand.

This Policy applies to our public websites, account portals, mobile applications, hosted software, and related support services (collectively, the "Services"). The Services are operated from the United States and offered to business customers in the United States and Canada. Our Services are typically purchased by hospitals, health systems, and other organizations that make the Services available to their workforce and authorized personnel. This Policy is intended to describe our general public-facing privacy practices and does not replace any more specific privacy, security, business associate, or data processing terms contained in a separate written agreement with a customer organization.

If you have any questions about this Policy, please feel free to contact us via our website, email: support@swipesense.com, or write to us at:

    SwipeSense,
    Attn: Privacy Policy
    1355 Peachtree Street NE, Suite 700
    Atlanta, GA 30309

What Information Do We Collect?

We collect information you provide directly, information collected automatically when you use the Services, and information provided by your organization or authorized third parties in connection with your use of the Services.

Categories of Personal Information We Collect

Depending on the Service and your organization's configuration, we may collect the following categories of personal information: identifiers and contact information such as first and last name, business email address, optional phone number, business address, and customer points of contact; professional and employment-related information such as job title, role, group, department, and organization; account and authentication information such as usernames, encrypted passwords, single sign-on identifiers, multi-factor authentication metadata, and related account security data; internet or other electronic network activity information such as IP address, browser type, device information, timestamps, audit logs, login history, and usage activity; customer and commercial information such as customer records, order or subscription details, invoices, billing-related records, and contract administration information; support and communications information such as support tickets, emails, troubleshooting notes, and similar business communications; and workforce compliance or operational information processed through the Services on behalf of customer organizations.

Sensitive Information and Excluded Data Types

We do not collect biometric identifiers or biometric information through the Services. We do not intend for the Services to be used to collect or store patient medical records or protected health information. We do not collect precise geolocation data, government-issued identifiers, or payment card numbers through the Services except where such information may appear in customer billing or contracting records handled outside ordinary product use. To the extent applicable law classifies account credentials or similar security data as sensitive personal information, we use that information only for authentication, account security, fraud prevention, and service administration.

Information Collected Automatically

When you access the Site or Services, we may automatically collect technical and usage information such as IP address, browser type, device identifiers, operating system, timestamps, pages viewed, referring URLs, login events, audit logs, and similar diagnostic or security information. We use this information to operate, secure, troubleshoot, support, and improve the Services.

Public Website, Marketing, and Recruiting Interactions

If you contact us through the public website, request a demo, subscribe to marketing updates, or submit recruiting or job application information, we may collect the information you provide in those interactions, such as your name, email address, phone number, company, role, and the contents of your submission. We use that information to respond to your request, manage our business relationship with you or your organization, send communications you request or that are otherwise permitted by law, and operate recruiting or business development processes. We do not use advertising technology to track you across third-party services.

Organization-Managed Account Information

If you use the Services through your employer, hospital, health system, or another organization, that organization may provide us with information about you, control your access permissions, and direct how certain information associated with your account is used or disclosed. In those cases, your organization's policies and agreements with us may also apply, and your organization may determine how certain privacy requests are submitted, reviewed, and fulfilled.

Single Sign-On (SSO), Directory Sync, and Integrations

SwipeSense may offer optional features such as single sign-on, directory synchronization, secure file transfer, API integrations, or other operational data exchanges. When these features are enabled by your organization, we collect and process the minimum information reasonably necessary to authenticate users, provision accounts, synchronize approved records, support reporting, and operate the relevant feature in accordance with applicable agreements and this Policy.

Healthcare and Regulated Data

The Services are intended for workforce compliance and operational use, not for patient treatment, diagnosis, or patient medical records. We do not intend for the Services to receive or store protected health information absent a separate written agreement expressly covering that use. Our handling of regulated information, where applicable, is also governed by applicable law and any relevant written agreement with the customer organization.

How Do We Use Information?

We use information to provide, maintain, secure, support, and improve the Services; authenticate users; manage accounts and access controls; respond to inquiries and support requests; send service-related notices, legal notices, and security alerts; generate reports and analytics for authorized customers; comply with applicable U.S. federal and state laws and other legal obligations; enforce our agreements; and protect the rights, safety, and security of our users, customers, and Services.

How We Share and Disclose Information

We do not sell personal information for money, and we do not share personal information for cross-context behavioral advertising. Because our Services are generally provided in a business-to-business context on behalf of customer organizations, we typically process account and service data as a service provider or processor for those organizations rather than as a direct-to-consumer business. Depending on the nature of the interaction or Service, we may disclose personal information to customer organizations and their authorized administrators; service providers and subprocessors that help us host, secure, support, and operate the Services; identity providers and integration partners enabled by a customer organization or needed to provide requested functionality; professional advisors such as auditors, legal counsel, and insurers; parties involved in an actual or proposed merger, acquisition, financing, or sale of assets; and government authorities, regulators, or other third parties where disclosure is required or permitted by law or reasonably necessary to investigate or prevent fraud, misuse, security incidents, or harm. We require appropriate contractual or operational safeguards where applicable.

Cookies and Similar Technologies

We use encrypted cookies and similar technologies for authentication, session management, security, load balancing, user preferences, and limited analytics related to the operation of our Services. We do not use cookies to track users across third-party services for advertising purposes. Some cookies are necessary for the Services to function properly. You can configure your browser to manage cookies, but disabling certain cookies may affect Service functionality.

Data Accuracy and Account Updates

We rely on users and customer organizations to help keep account and profile information accurate and current. You may request updates to your profile or account information by contacting support@swipesense.com, although certain changes may need to be made by your organization's administrator.

Retention

We retain personal and business information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Policy, comply with legal, contractual, accounting, auditing, or reporting obligations, resolve disputes, and enforce our agreements. For organization-managed Service data, retention is often governed by customer contracts, customer instructions, and operational needs. For other data we control directly, such as website inquiries, support records, security logs, recruiting submissions, and billing or contracting records, we apply internal retention practices based on the nature of the data, the purpose for which it was collected, and applicable legal requirements. When information is no longer needed, we take reasonable steps to delete, de-identify, or securely dispose of it, unless retention is otherwise required or permitted by law.

Security

SwipeSense uses administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption where appropriate, logging, monitoring, and security review processes. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we determine that a reportable data breach has occurred, we will provide notice as required by applicable law and contractual obligations.

Children's Privacy

The Services are business services and are not directed to children under 18. We do not knowingly collect personal information directly from children under 18 through the Services.

Cross-Border Processing

The Services are operated from the United States and offered to customers in the United States and Canada. Information is stored in the United States. Information may also be processed or accessed in the United States and, where applicable, from other jurisdictions where our service providers operate, subject to appropriate safeguards and applicable agreements. By using the Services, you understand that information may be transferred to, processed in, and stored in the United States.

U.S. State Privacy Law Context

We recognize that certain U.S. states, including California, provide privacy rights to residents under applicable law. In many cases, however, SwipeSense provides the Services to customer organizations and handles personal information on their behalf as a service provider or processor. Certain state-law rights may not apply, or may apply differently, to organization-managed account data, employment-related information, or information we process solely on behalf of a customer organization. For information associated with organization-managed accounts, privacy requests should generally be directed first to the applicable customer organization. Where we are required to respond directly under applicable law, we will do so in accordance with our legal obligations, our contractual commitments, and any applicable exceptions.

Your Choices and Rights

Depending on your relationship with us, your organization's role, and applicable law, you or your organization may have the ability to access, correct, update, or request deletion of certain information. Individual workforce users accessing the Services through a customer organization may have more limited direct rights from SwipeSense than a consumer in a direct-to-consumer relationship. In many cases, we act as a service provider or processor on behalf of customer organizations, so requests relating to organization-managed data should be directed first to the applicable organization. For personal information that SwipeSense controls directly, such as certain website, marketing, recruiting, billing, or business contact information, you may contact us at support@swipesense.com and we will review and respond as required by applicable law. We may need to verify your request, coordinate with the relevant customer organization, or deny the request where an exemption or other lawful basis applies.

Changes to This Policy

We may update this Policy from time to time to reflect changes in law, technology, business operations, or the Services. When we do, we will post the revised Policy on this page and update the revision date above. Where appropriate, we may also provide notice through the Services or by email. Continued use of the Services after the effective date of an updated Policy constitutes acknowledgment of the updated Policy.

Responsible Disclosure of Security Vulnerabilities

SwipeSense is committed to maintaining the security and integrity of our systems and Services. If you discover a security vulnerability or potential risk within any SwipeSense.com domain or associated service, we encourage you to report it responsibly. Please contact our security team at security@swipesense.com. We request that you provide a detailed description of the issue, including steps to reproduce if possible, and allow us a reasonable time to investigate and resolve the matter before public disclosure. SwipeSense is SOC 2 compliant, and we take all vulnerability disclosures seriously to ensure continued trust and protection of our user data.