Privacy Policy

1. Information We Collect

We collect the minimum account and application information needed to verify access and operate the service:

2. Location And External Services

If you choose to set your location, browser geolocation stays in your browser. If you type a neighbourhood into autocomplete, the typed query is sent to the Photon geocoding service to return place suggestions. Specialist Snapshot does not attach your account identity to Photon requests.

The service uses infrastructure providers such as Supabase and Vercel to host authentication, database, API, and static website functions. Provider processing may occur outside Alberta or Canada. No analytics product is active at launch.

3. How We Use Information

We use information to verify user eligibility, operate invite-only access, display specialist listing and structured aggregate information, prevent duplicate or abusive ratings, investigate platform misuse, maintain audit logs, secure the service, and respond to access, correction, dispute, or deletion requests.

4. What Other Users See

Ordinary users see specialist listings and aggregate structured rating information after the anonymity threshold is met. They do not see rating submitter name, email, CPSA number, clinic, account identifier, individual rating identity, or another physician's individual rating history.

5. Identity-Reveal Exception

A designated highest-trust administrator may reveal a rating submitter's identity only for a documented abuse, harassment, suspicious manipulation, account-blocking, or platform-misuse investigation. Reveal actions are audited and are not available to ordinary users or standard admins.

6. Retention

Account, application, rating, and audit records are retained according to the internal retention policy so the service can preserve professional trust, enforce one active rating per specialist, investigate misuse, and maintain required audit history. In general: rejected or withdrawn applications are minimized after the review window; inactive accounts are deactivated before deletion; ratings are detached or deleted only when doing so does not undermine audit integrity; and identity-reveal audit events are retained for the longest period.

7. Access, Correction, And Deletion Requests

You may request access to your personal information, correction of inaccurate account or application information, account deactivation, or deletion where deletion is available. Some information may need to be retained for security, audit, dispute, legal, or professional-trust reasons.

Specialist listing corrections should usually go to Alberta Referral Directory because it is the source of official listing details. Specialist Snapshot can apply a broad caution indicator or hide a listing while a dispute is reviewed.

8. Security

Access is invite-only and server-authorized through approved app-user records. The app uses service-role-only database access on the server, structured audit events, rating anonymity thresholds, security headers, and limited error logging. No system can be guaranteed secure, and users must protect their credentials and devices.

9. Patient Information

The service is not designed to collect patient information. If patient-identifying information is submitted accidentally, the administrator should restrict access, remove or minimize the information where feasible, and review whether notification or further action is required.

10. Contact

Privacy requests should be sent to the Specialist Snapshot Privacy Officer at privacy@specialistsnapshot.ca. This mailbox must be monitored before real physician invites begin.

11. Changes

This policy may be updated before or after launch. Material changes should be dated and communicated to approved users before continued use is required.