WorkIntelMD ("we," "our," or "us") operates the WorkIntelMD application available at app.workintelmd.com. This Privacy Policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have over your data.
We built WorkIntelMD specifically for physicians. We understand that your professional information is sensitive. This policy is written to be direct and specific — not vague boilerplate.
By creating an account and using WorkIntelMD, you agree to the data practices described in this policy.
We collect only the data you directly provide to us and the minimum technical data required to operate the service.
| Data type | What it includes | Why we collect it |
|---|---|---|
| Account information | Email address, name, specialty | Creating and identifying your account |
| Profile settings | Earnings goals, tax rate, minimum rate preference | Personalizing AI analysis and earnings tracking |
| Shift data | Facility names, dates, hours, pay rates, reimbursements | Earnings tracking and AI shift analysis |
| Employer records | Job title, facility, city, pay structure | Organizing shifts by workplace |
| Credential metadata | Credential name, issuing body, expiry date, alert settings | Credential tracking and expiry alerts |
| Credential files | PDF or image files you upload to the vault | Secure private document storage |
| Subscription data | Plan type, trial status, billing status | Managing your subscription |
| Usage data | AI call count (per day), session activity | Enforcing fair-use rate limits |
| Push notification subscription | Device push endpoint and encryption keys | Delivering push notifications for credential alerts and shift reminders. Stored only if you enable notifications; cleared when you disable them. |
We want to be explicit about what WorkIntelMD does not collect or store.
No patient data. WorkIntelMD is a tool for managing your work operations, not patient care. We have no fields, forms, or storage for patient names, diagnoses, medical record numbers, or any protected health information. Do not enter patient information into WorkIntelMD.
No license numbers or DEA numbers. We store the name and expiry date of your credentials — we do not ask for or store the license number, DEA registration number, NPI, or any government-issued identifier associated with those credentials.
No payment card data. All billing is processed by Stripe. We never see, handle, or store your card number, CVV, or billing address. We receive only your subscription status from Stripe.
Some WorkIntelMD features use external AI service providers to process user-submitted inputs. When you use AI Smart Text or AI Document Import, the text you enter and/or the document you upload may be sent to an external AI provider for processing. WorkIntelMD does not send your full account, credential vault, or unrelated profile data to AI providers for these features.
What is sent to AI: Only the text you enter or the document you upload when using AI Smart Text or AI Document Import — along with any related text needed to process your request. Your full shift history, credential vault, and account profile are not sent automatically.
What is never sent to AI: Your credential files, credential vault contents, full account profile, or any data outside the specific input you submit for AI processing.
Where provider controls allow, WorkIntelMD does not enable use of submitted data for AI model training. External AI providers may process and retain submitted inputs according to their own terms, privacy, and retention policies.
AI-generated responses are returned to your session and are not stored by WorkIntelMD beyond the current session. Document import content is processed in memory only and discarded after you confirm the extracted shift details.
Database and authentication: Your account data, shift records, employer records, and credential metadata are stored in Supabase, hosted on AWS in the us-east-1 region (Northern Virginia, USA).
Credential files: Files you upload to the credential vault are stored in a private Supabase Storage bucket on the same infrastructure. Files are not publicly accessible. Access requires a signed URL generated fresh for each view, which expires after 60 minutes.
Payments: Billing is handled by Stripe. Stripe stores your payment card and billing history. WorkIntelMD stores only your Stripe customer ID and subscription status — nothing from Stripe that is sensitive.
Email: Authentication emails (signup confirmation and password reset) are delivered via Resend. Resend processes your email address for delivery purposes. WorkIntelMD does not store email content after delivery.
No third-party analytics: We do not use Google Analytics, Meta Pixel, Mixpanel, or any behavioral analytics platform. We do not sell or share your data with advertisers.
WorkIntelMD is built with security as a design requirement, not an afterthought.
All data is transmitted over HTTPS. Database rows are protected by Row Level Security — your data is isolated to your account at the database level, not just the application level. Credential files are stored in a private bucket with no public access. Signed URLs are generated per-request and expire within one hour. We do not log the contents of credential files.
No member of the WorkIntelMD team has routine access to the content of your credential files or shift records. Administrative access to the database requires deliberate action and is not used in normal operations.
You have the following rights regarding your data at any time.
Access. You can view all of your shift records, employer records, and credential metadata directly within the WorkIntelMD app. There is no hidden data held separately.
Deletion. You can delete individual shifts, credentials, and employer records from within the app at any time. To request full account deletion — including all stored data and credential files — email us at hello@workintelmd.com. We will complete account deletion within 30 days and confirm when done.
Export. If you need a copy of your data for any reason, contact us at hello@workintelmd.com and we will provide it in a readable format within 30 days.
Correction. You can edit your profile, shift records, and credential details directly within the app.
WorkIntelMD is a personal productivity tool for physicians — it is not a covered entity under HIPAA and does not handle protected health information (PHI). The app has no fields for patient data of any kind.
If you are using WorkIntelMD through an employer-sponsored arrangement, please check with your employer regarding any applicable data policies. As an individual user, WorkIntelMD's relationship is with you personally, not with any hospital or health system you work for.
Do not enter patient names, dates of birth, diagnoses, medical record numbers, or any other patient information into WorkIntelMD under any circumstances.
If we make material changes to this Privacy Policy, we will notify you by email at the address associated with your account before the changes take effect. The effective date at the top of this page will be updated whenever the policy changes.
Continued use of WorkIntelMD after a policy change takes effect constitutes acceptance of the updated policy.
Privacy questions, data deletion requests, and data export requests should be sent to:
We will respond within 5 business days.