← CovershiftPrivacy Policy
Effective May 28, 2026
Covershift, Inc. (“Covershift,” “we,” “us”) operates the Covershift marketplace for specialty physician call coverage — a website at getcovershift.com and mobile apps on iOS and Android. This policy explains what data we collect from physicians, hospitals, and partner organizations, how we use it, and your rights.
1. What we collect
From physicians:
- Name, email, phone number
- National Provider Identifier (NPI) and state medical license number(s)
- Specialty, board certification, malpractice carrier
- Tax ID type (EIN preferred) and tax ID — used only for 1099 reporting via our billing partner
- Shift claim and earnings history while you use the platform
- Device push notification token (if you enable notifications in the mobile app)
From hospitals:
- Facility name, NPI, address, primary contact
- Medical Staff Office (MSO) contact details
- Shifts you post, including specialty, dates, rate, and any requirements
From partner organizations (e.g. EA Health):
- Their roster of credentialed physicians and contracted hospitals
- Per-state credentialing requirements they curate
- Pay benchmark data they license to the platform
2. How we use it
- Surface relevant shifts to physicians who are credentialed at the posting hospital
- Connect hospitals with credentialed physicians on a first-come, first-served basis
- Route 1099-eligible earnings through our billing partner (EA Health) for proper tax reporting
- Send transactional emails, SMS, and push notifications about shifts, credentialing status, and payments
- Generate AI-powered summaries and follow-up emails (see §5 below)
- Detect and prevent fraud, abuse, and platform-policy violations
3. We do not sell your data
Covershift does not sell or rent personal data to third parties. We are not an advertising business and do not run any third-party ad networks on the website or in the mobile apps.
4. Who we share with
- Hospitals you claim shifts at — they receive your name, NPI, credentials, and contact info to confirm coverage
- Partner organizations on whose roster you appear (e.g. EA Health) — for credentialing coordination and billing
- Service providers we use to run the platform: Vercel (hosting), Neon (database), SendGrid (email), Twilio (SMS), Anthropic (AI), Expo (push notifications). Each is bound by data-processing terms restricting use to providing the service
- Government authorities, where legally required (subpoena, court order, tax reporting)
5. AI features
Some features use AI (Anthropic Claude) to generate personalized content: follow-up emails for incomplete onboarding, shift summaries, and the in-app coach. We send the AI model the minimum information necessary (physician name, current credentialing state, shift description) and never send identifiers like SSN, full tax ID, or banking information. Anthropic does not retain our prompts or outputs beyond brief operational logging.
6. Protected Health Information (HIPAA)
Covershift is a marketplace; we do not store, transmit, or process Protected Health Information (PHI) as defined by HIPAA. The provider-directory data we maintain (NPI, license, specialty, credentialing status) is operational marketplace data, not health records. Hospitals retain all PHI for the patients they treat; nothing about specific patients flows through Covershift.
7. Your rights
- Access — request a copy of the data we hold about you
- Correction — fix anything that's wrong
- Deletion — close your account and request data removal. We retain anonymized claim/payment records for 7 years to satisfy IRS recordkeeping, and your name + NPI on any executed shift contract for the duration of that contract
- Export — receive your shift and earnings history in a portable format
- Notification preferences — turn email, SMS, and push notifications on/off independently from Settings
To exercise any of the above, email privacy@getcovershift.com from the email address on your Covershift account. We respond within 30 days.
8. Security
Data in transit is encrypted with TLS 1.2+. Passwords are hashed with bcrypt. Mobile auth tokens are stored in iOS Keychain / Android Keystore via Expo SecureStore. We maintain audit logs of all administrative access to physician and hospital records.
Despite reasonable safeguards, no internet service is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by applicable state law.
9. Children
Covershift is for licensed physicians (MD/DO) and the institutional staff who work with them. We do not knowingly collect data from anyone under 18.
10. Changes
We'll update the “Effective” date above when material changes are made and notify active users by email when changes affect your rights or how we use your data.
11. Contact
Covershift, Inc.
privacy@getcovershift.com · privacy questions and data requests
covershift@eahealthsolutions.com · everything else
Plain-English starting policy maintained by Covershift. Not a substitute for legal advice. Healthcare-privacy attorneys can adjust the disclosures above to fit jurisdiction-specific requirements.