AXIALIS HEALTH PRIVACY POLICY
Effective Date: February 12, 2026
KEY POINTS SUMMARY
• We collect information you provide (account details, credentials, shift postings) and information collected automatically (device data, usage logs).
• We use your information to operate the Platform, facilitate Provider-Facility matching, process payments, provide support, and improve our services.
• We share information between Providers and Facilities as needed for staffing workflows, and with service providers who help us operate the Platform.
• The Platform is not an electronic health record (EHR). Do not upload PHI except the minimum necessary for staffing/credentialing through designated features.
• This Privacy Policy is not a Business Associate Agreement (BAA). A separate BAA is required if PHI processing by Axialis Health is needed.
• We do not sell your Personal Information.
• You have choices about your information, including access, correction, deletion, and marketing opt-out. State privacy laws may provide additional rights.
• We use reasonable security measures, but no system is 100% secure. You are responsible for protecting your account credentials.
• Contact us at privacy@axialishealth.com with privacy questions or to exercise your rights.
Axialis Health ("Company", ”Axialis Health”, "Axialis," "we," "us," or "our") operates an online platform that facilitates discovery, evaluation, matching, credentialing workflow support, scheduling, and engagement of independent healthcare providers for temporary clinical assignments (the "Platform").
This Privacy Policy describes how we collect, use, share, and protect information when you access or use our Platform, website, mobile applications, and related services, or when you otherwise interact with us. It applies to all users of the Platform, including healthcare providers ("Providers"), healthcare facilities and their staff ("Facilities" and "Authorized Users"), and visitors to our website.
By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
"Aggregated Data" means data that has been combined from multiple sources and presented in summary form such that individual users, Providers, Facilities, or patients cannot be identified.
"Authorized Users" means individuals authorized by a Facility to access and use the Platform on the Facility's behalf, such as staffing coordinators, medical staff office personnel, and administrators.
"De-Identified Data" means data from which identifiers that could reasonably be used to identify individuals have been removed in accordance with applicable de-identification standards.
"Facility" means a hospital, clinic, ambulatory surgery center, medical practice, healthcare system, or other healthcare organization that uses the Platform to post staffing needs and connect with Providers.
"Personal Information" (also referred to as "Personal Data") means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
"PHI" or "Protected Health Information" means individually identifiable health information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related regulations.
"Platform" means Axialis's proprietary technology platform, including web-based and mobile applications, APIs, and related tools and services.
"Provider" means an independent healthcare professional (such as a physician, advanced practice provider, CRNA, or other clinician) who uses the Platform to find and accept temporary clinical assignments.
"Sensitive Personal Information" means Personal Information that reveals racial or ethnic origin, religious beliefs, mental or physical health conditions, sexual orientation, citizenship or immigration status, genetic or biometric data, precise geolocation, or other categories defined as sensitive under applicable state privacy laws.
3.1 What This Policy Covers
This Privacy Policy applies to information collected:
• Through the Platform, including our website and mobile applications;
• Through email, text, and other electronic communications with us;
• Through customer support interactions; and
• When you otherwise interact with Axialis.
3.2 What This Policy Does Not Cover
This Privacy Policy does not apply to:
• Third-party websites, applications, or services linked from the Platform, including Facility websites, Provider personal websites, payment processors, or background check services—each has its own privacy practices;
• Information collected by Facilities or Providers outside the Platform;
• Employment applications submitted through separate career portals; and
• Information collected by third-party analytics or advertising providers, except as described in this Policy.
3.3 Platform Is Not an EHR
The Platform is designed as a staffing workflow and provider engagement tool. The Platform is not an electronic health record (EHR) and is not intended as a system of record for clinical documentation or patient care.
4.1 Information You Provide Directly
Account and Profile Information
• Name, email address, phone number, password, and username
• Role (Provider or Facility), organization name (for Facilities), job title
• Contact preferences and communication settings
• Profile photo, if you choose to provide one
Provider Credentialing and Professional Information
• Professional license numbers, states of licensure, license expiration dates
• National Provider Identifier (NPI), DEA registration, if applicable to your profession
• Board certifications, specialty, education, and training history
• Work history, references, and CV/resume
• Malpractice insurance coverage details
• Credentialing documents (certificates, attestations, immunization records)
• Availability, rate preferences, geographic preferences
Facility Information
• Facility name, address, and location details
• Departments, units, and service lines
• Scheduling contacts and administrative contacts
• Shift posting details (dates, times, requirements, compensation)
• Credentialing requirements and onboarding policies (non-PHI)
• Billing contacts and invoicing information
Engagement Workflow Information
• Shift postings and applications
• Messages and communications between Providers and Facilities
• Scheduling confirmations and calendar data
• Check-in/check-out or timekeeping data, if such features are used
• Dispute notes and resolution communications (non-PHI)
• Ratings and reviews, if such features are available
Payment and Billing Information
• Payment method information (processed and tokenized by our payment processor—we do not store full payment card numbers)
• Billing address
• Invoices and transaction history
• Tax identification information, if required for payment processing
Support and Communications
• Emails, chat messages, and support tickets
• Feedback and survey responses
4.2 Information Collected Automatically
When you use the Platform, we automatically collect certain information, including:
• IP address and approximate location derived from IP
• Device identifiers, device type, operating system, and browser type
• Mobile app version and settings
• Log data, including access times, pages viewed, and clickstream data
• Referring URLs and exit pages
4.3 Information from Third Parties
We may receive information about you from third parties, including:
• Background check providers
• Identity verification services
• Credential verification and primary source verification vendors
• Payment processors (transaction status, fraud signals)
• Public databases, including sanctions and exclusion lists (OIG, SAM)
• Professional licensing boards and certification bodies
We use the information we collect for the following purposes:
• Provide the Platform and enable Provider-Facility matching, scheduling, and staffing workflows
• Create, manage, and authenticate user accounts
• Facilitate credentialing workflow support and verification processes
• Communicate with you about shifts, engagements, platform updates, and service messages
• Provide customer support and respond to inquiries
• Process payments and billing through our payment processor
• Maintain safety, security, and integrity of the Platform
• Detect, prevent, and investigate fraud, abuse, and policy violations
• Monitor and enforce compliance with our Terms of Service
• Conduct analytics, improve products, and develop new features
• Create De-Identified Data and Aggregated Data for research and analytics
• Comply with legal obligations, respond to lawful requests, and protect our rights
• Send marketing communications (with opt-out rights—see Section 11)
• For any other purpose with your notice and consent as required by law
This section addresses Protected Health Information (PHI) and our approach to HIPAA compliance.
6.1 Platform Is Not an EHR
The Platform is designed for staffing workflows and provider engagement. The Platform is not intended to store PHI or patient medical records and is not an electronic health record (EHR) system.
6.2 PHI Restrictions
Users (Providers and Facilities) should not upload, store, or transmit PHI through the Platform except:
• To the extent minimally necessary for staffing and credentialing workflows; and
• Only through Platform features expressly designated for such purpose.
Do not include PHI in general messages, shift postings, profile fields, or other areas not specifically designed for PHI.
6.3 This Is Not a Business Associate Agreement
This Privacy Policy is not a Business Associate Agreement (BAA). This Policy does not create any obligations for Axialis Health as a Business Associate under HIPAA.
If a Facility's use of the Platform requires Axialis Health to act as a Business Associate, the Facility and Axialis Health must execute a separate BAA before using the Platform in that manner. Contact us at privacy@axialishealth.com to request a BAA.
6.4 Incident Reporting
If you become aware of any privacy or security incident involving the Platform, including unauthorized access, PHI entered in error, or suspected data breach, please contact us immediately at privacy@axialishealth.com.
7.1 Sharing Between Providers and Facilities
The Platform is designed to facilitate connections between Providers and Facilities. As part of normal Platform operations:
• Provider profile information and credentials are shared with Facilities for evaluation, matching, and credentialing workflows.
• Facility shift postings, requirements, and policies are shared with Providers.
• Scheduling, engagement, and communication data is shared between matched Providers and Facilities as needed for staffing workflows.
7.2 Service Providers and Processors
We share information with third-party service providers who perform services on our behalf, including:
• Cloud hosting and infrastructure providers
• Analytics and product improvement tools
• Customer support and communication platforms
• Payment processors (who receive payment information in tokenized form)
• Background check and identity verification vendors
• Credential verification and primary source verification services
These service providers are contractually obligated to use information only for the purposes for which it was disclosed and to maintain appropriate security.
7.3 Legal, Safety, and Compliance
We may disclose information when we believe in good faith that disclosure is necessary to:
• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Axialis, our users, or others
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims that content violates the rights of third parties
7.4 Business Transfers
If Axialis Health is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
7.5 With Your Consent
We may share information for other purposes with your consent or at your direction.
7.6 We Do Not Sell Personal Information
We do not sell your Personal Information. We do not exchange Personal Information for monetary consideration. We do not share Personal Information for targeted advertising.
We may create, use, and share De-Identified Data and Aggregated Data for any lawful purpose, including:
• Platform operations and improvement
• Product development and new features
• Industry benchmarking and market analysis
• Research and analytics
• Reporting and publications
De-Identified Data and Aggregated Data are not Personal Information because they cannot reasonably be used to identify you. We will not attempt to re-identify De-Identified Data except as required by law or with express consent.
We do not use cookies or similar tracking technologies for advertising or analytics purposes. If we use essential technologies strictly necessary to provide the Platform (such as for security or login functionality), they are used only for core operation and not for advertising or analytics.
10.1 Retention Periods
We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to:
• Provide the Platform and maintain your account
• Comply with legal, regulatory, and contractual obligations
• Resolve disputes and enforce agreements
• Maintain business records for tax, audit, and compliance purposes
10.2 Retention Categories
Different types of information may be retained for different periods:
• Account and profile data: Retained while your account is active and for up to 24 months after account closure, unless required longer for legal or compliance purposes
• Credentialing documents: Retained for up to 24 months after last engagement or as required by law
• Billing and payment records: Retained for 7 years for tax and audit purposes
• Communications and support records: Retained for 24 months
• Log and usage data: Retained for 12 months
10.3 De-Identified and Aggregated Data
De-Identified Data and Aggregated Data may be retained indefinitely as they are not Personal Information.
11.1 Our Security Measures
We implement reasonable administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, use, alteration, and disclosure. These measures include:
• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Employee training on data protection
11.2 No Guarantee
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use the Platform at your own risk.
11.3 Your Responsibilities
You are responsible for:
• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication, if available
• Logging out of shared devices
• Notifying us immediately at security@axialishealth.com if you suspect unauthorized access to your account
12.1 Account Controls
You can access and update your account information and preferences by logging into the Platform. You can request to close your account by contacting us at privacy@axialishealth.com.
12.2 Marketing Opt-Out
Email: You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@axialishealth.com. Note that you may still receive transactional and service-related communications.
12.3 State Privacy Rights (United States)
Depending on your state of residence, you may have additional privacy rights under state laws such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar laws. These rights may include:
• Right to Know/Access: Request information about the Personal Information we collect, use, and disclose about you, and obtain a copy of your Personal Information.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Delete: Request deletion of your Personal Information, subject to exceptions.
• Right to Portability: Receive your Personal Information in a portable format.
• Right to Opt-Out of Sale/Sharing: We do not sell Personal Information. We do not share Personal Information for targeted advertising.
• Right to Opt-Out of Targeted Advertising: Opt out of the use of your Personal Information for targeted advertising.
• Right to Limit Use of Sensitive Personal Information: Request that we limit use of Sensitive Personal Information to certain purposes.
• Right to Appeal: If we deny your request, you may appeal the decision.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
12.4 How to Submit a Request
To exercise your privacy rights, you may:
• Email us at privacy@axialishealth.com
We will verify your identity before processing your request. Verification may require you to provide information that matches our records. If you use an authorized agent, we may require proof of authorization.
12.5 California-Specific Disclosures
If you are a California resident, the following additional disclosures apply under the CCPA:
Categories of Personal Information Collected: Identifiers; professional/employment information; commercial information; internet/network activity; geolocation data; inferences.
Sources: Directly from you; automatically through the Platform; from third parties (verification services, public databases).
Business Purposes: Providing services; account management; communications; security; analytics; legal compliance.
Categories of Recipients: Providers and Facilities (for matching); service providers; legal/compliance parties.
Sale/Sharing: We do not sell Personal Information. We do not share Personal Information for targeted advertising.
Retention: See Section 10.
Financial Incentives: We do not offer financial incentives related to Personal Information.
The Platform is not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under 13. The Platform is intended for use by healthcare professionals and healthcare organizations, and users must be at least 18 years of age.
If we learn that we have collected Personal Information from a child under 13, we will take steps to delete that information. If you believe we have collected information from a child under 13, please contact us at privacy@axialishealth.com.
The Platform is operated from the United States. If you access the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
By using the Platform, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy.
We are based in the United States. If you access the Platform from outside the United States, your information may be processed in the United States and other jurisdictions.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
• We will update the "Effective Date" at the top of this Policy.
• For material changes, we will provide notice through the Platform, by email, or by other means as required by law.
• Your continued use of the Platform after the effective date of the revised Policy constitutes acceptance of the changes.
We encourage you to review this Privacy Policy periodically.
If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:
Shugal Ventures Inc.
Attn: Privacy
Email: privacy@axialishealth.com
Security/Incident Reporting: security@axialishealth.com
* * *