Last Updated: October 14, 2025

1. Introduction

Welcome to the PGY-3 Chiefs Community Platform ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Information You Provide

When you register for an account, we collect:

• Full name
• Email address
• Residency program name
• Program location (city and state)
• Number of PGY-3 chief residents at your program
• User type (Chief Resident, Program Director, GME Administrator, or Other)
• Password (encrypted and never stored in plain text)
• Profile picture (optional)

2.2 Information Automatically Collected

When you use our platform, we automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website addresses
• Date and time of access

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Analyze platform usage and improve functionality
• Provide security features

3. How We Use Your Information

We use your information for the following purposes:

• Account Management: Create and manage your account, verify your identity, and authenticate your access
• Platform Functionality: Provide access to features including the user directory, resource library, and blog
• Communication: Send transactional emails (verification, notifications) and administrative updates
• Research: Create aggregate, anonymized statistics about PGY-3 Chief Resident programs for academic research
• Security: Monitor for and prevent fraudulent activity, unauthorized access, and security threats
• Improvement: Analyze platform usage to improve user experience and develop new features
• Compliance: Comply with legal obligations and enforce our Terms of Service

4. Information Sharing and Disclosure

4.1 Within the Platform

Your name, program name, program location, and number of chief residents are visible to other approved users in the directory. Your email address is only visible to other users if you explicitly opt-in to email sharing in your profile settings.

4.2 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating the platform:

• Vercel: Hosting and infrastructure
• MongoDB Atlas: Database services
• Resend: Transactional email delivery
• Vercel Blob: File storage for uploaded resources

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.3 Research and Academic Use

We may share anonymized, aggregate data with researchers for academic studies about PGY-3 Chief Resident programs. This data does not include any personally identifiable information.

4.4 Legal Requirements

We may disclose your information if required by law, court order, subpoena, or to protect the rights, property, or safety of our platform, users, or the public.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Password Protection: Passwords are hashed using bcrypt with 12 salt rounds and never stored in plain text
• Access Controls: Strict access controls limit who can view and modify data
• Monitoring: Continuous monitoring for security threats and unauthorized access
• Regular Backups: Automated backups ensure data recovery in case of incidents

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your profile information at any time by logging into your account and visiting the "My Account" page.

6.2 Email Sharing Control

You can control whether other users can see your email address by toggling the "Allow Email Sharing" setting in your profile.

6.3 Account Deletion

You may request deletion of your account by contacting us at contact@pgy3chiefs.org. We will delete your personal information within 30 days, though we may retain anonymized aggregate data for research purposes.

6.4 Data Portability

You may request a copy of your data in a machine-readable format by contacting us at contact@pgy3chiefs.org.

6.5 Marketing Communications

We do not send marketing emails. You will only receive transactional emails (verification, notifications) and occasional administrative updates about the platform.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. After account deletion, we retain anonymized aggregate data for research purposes but remove all personally identifiable information.

8. Children's Privacy

Our platform is intended for medical professionals and is not directed to individuals under 18. We do not knowingly collect information from minors.

9. International Users

Our platform is hosted in the United States. If you access the platform from outside the United States, your information will be transferred to, stored, and processed in the United States. By using our platform, you consent to this transfer.

10. HIPAA Compliance

This platform does not store Protected Health Information (PHI) as defined by HIPAA. We only collect professional information about residency programs and users' professional roles. Do not enter patient information or any PHI into the platform.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending an email. The "Last Updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: