Skip to main content

Legal

Privacy Policy

Effective April 19, 2026

At a glance

Anesthify is operated by Principle Stash Inc., a Delaware corporation doing business as Anesthify ("Anesthify"). For the purposes of applicable data-protection laws, Principle Stash Inc. is the "controller" (GDPR) and "business" (CCPA) of your personal information. We do not sell your personal information.

1. Overview

This Privacy Policy explains how Principle Stash Inc., a Delaware corporation doing business as Anesthify ("Anesthify," "we," "us," or "our"), collects, uses, shares, and protects information when you use our website, applications, and services (collectively, the "Service"). Anesthify is a platform for anesthesia professionals that combines a job board, an anonymous forum for verified anesthesia professionals, facility reviews, a salary benchmarking tool, a credentials wallet, and recruiting features.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. For rules that govern use of the Service itself, see our Terms of Service.

For the purposes of data-protection laws, Principle Stash Inc. is the data controller (GDPR, UK GDPR, Swiss FADP) and business (CCPA/CPRA and comparable U.S. state laws) with respect to the personal information described in this Policy.

2. Information We Collect

We collect information in three ways: you provide it, we generate it when you use the Service, and we receive it from third parties you authorize.

2.1 Account and identity information

  • Email address, verified via one-time code (OTP) or OAuth provider (Google, Apple, or LinkedIn).
  • Name, which you provide at signup or which is returned to us by your OAuth provider or the NPPES registry after NPI verification.
  • Optional profile photo you upload.
  • Authentication metadata: session tokens, device fingerprint, IP address, user agent, and timestamps for login events. For OAuth sign-ins, we store provider access and refresh tokens.

2.2 Professional credentials and verification data

  • NPI (National Provider Identifier). You provide your 10-digit NPI to verify CRNA status. We call the public NPPES registry and receive your legal name, taxonomy, active license states, and practice address. We store a salted one-way hash of your NPI for duplicate detection (we never store the raw NPI in our database).
  • NPPES-returned data: legal name, taxonomy code and description, active license states, city, and state. We cache this for up to 30 days.
  • License numbers and expiration dates that you enter in the credentials wallet (RN license, BLS/ACLS/PALS certifications, DEA, state-issued IDs, etc.).
  • Credential document uploads (PDFs or images) used for manual verification or audit.

2.3 Profile and preferences

  • Biography, phone number, practice-model preference, specialties, years of experience.
  • For employer accounts: company name, website, hiring-contact name and phone.
  • Resume uploads (PDF or DOCX) and parsed fields extracted from them.
  • Notification preferences (email-digest frequency, push on/off, muted threads or categories).
  • Opt-in flags, including the explicit opt-in required for AI-assisted recruiting.

2.4 Content you create

  • Forum posts, threads, polls, and reactions. These are attached to your anonymous forum identity, not your real identity, as described in Section 3.
  • Facility reviews (ratings across seven dimensions, pros, cons, review text, and current-employee status). Attached to your anonymous forum identity.
  • Salary submissions (compensation figures, state, city, setting, employment status, practice model, experience years, and other role context). Attached to your anonymous forum identity.
  • Direct messages sent through the chat feature between candidates and employers. Messages are attached to your real account, they are not anonymous.
  • Job listings you post as an employer, including compensation, scope, location, and contact information.
  • Applications you submit to job listings as a candidate, including resumes and application notes.
  • Images uploaded to the forum and other user-generated media (up to 5 MB per image).

2.5 Usage and device information

  • Pages and features you visit, search queries, filters you set, saved-search definitions, clicks, and timestamps.
  • IP address, device type, operating system, browser, and referring URL.
  • Error and diagnostic logs associated with your session.

2.6 Information from third parties

  • NPPES (U.S. Centers for Medicare & Medicaid Services) returns your verification data when we look up your NPI. NPPES is a public registry.
  • OAuth providers (Google, Apple, LinkedIn) return your email, name, and profile image if you use social login.
  • Resume parsing services return extracted fields from resumes you upload.

3. Anonymous Forum Architecture

Anesthify is built around a strong separation between your identified account (which powers the job board, messaging, and credentials wallet) and your anonymous forum identity (which powers forum posts, facility reviews, and salary submissions). We want you to understand exactly how that works and what its limits are.

3.1 How the anonymous identity is generated

  • Your anonymous forum identity is derived by applying a keyed one-way hash (HMAC-SHA-256) to your internal user ID using a secret key that lives outside the database.
  • No column in our database directly links your identified account row to your anonymous-identity row. The link exists only through the HMAC computation, which requires the secret key.
  • Your display name on the forum is either auto-generated from the anonymous identity or chosen by you and may be changed later.
  • Timestamps on anonymous forum content are offset by up to 60 seconds from the actual time of posting to reduce the risk of time-correlation attacks that could link anonymous activity to account events.

3.2 What this protects against and what it does not

  • A database-only breach (without the HMAC key) cannot link anonymous posts, reviews, or salary reports back to your identified account.
  • A database breach plus theft of the HMAC key could in principle allow recomputation of the link. We take substantial measures to protect the key, but no system is impervious.
  • We may be legally compelled to compute and disclose the link if required by valid legal process (for example, a court order or a subpoena we cannot lawfully contest). Where legally permitted, we will notify you before doing so.
  • Your own content can re-identify you. If you post details that identify you (your name, a specific facility paired with a specific date, a unique clinical case, etc.), neither our architecture nor we can protect your anonymity from another reader.

4. How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service.
  • Create and authenticate your account, and maintain your sessions.
  • Verify your CRNA status and display any earned credential badges.
  • Route job-board features: match candidates to listings, rank results, notify you of new matches, and support applications and messaging.
  • Generate anonymous aggregate statistics (for example, salary benchmarks by state, setting, and experience).
  • Detect and prevent fraud, abuse, duplicate accounts, spam, credential misrepresentation, and Terms of Service violations.
  • Send transactional communications (verification codes, credential expiry alerts, application updates, and digests you have subscribed to).
  • Send marketing communications where permitted by law and where you have not opted out.
  • Comply with legal obligations and enforce our agreements.
  • If and only if you opt in, compute AI recruiting signals described in Section 7.

De-identified and aggregated data. We may create, use, and share de-identified or aggregated data that cannot reasonably be used to identify you. De-identified and aggregated data are not "personal information" under this Policy and may be used for any lawful purpose, including research, benchmarking (for example, publishing compensation statistics), and improving the Service. We commit to maintain de-identified data in de-identified form and not attempt to re-identify it, except as necessary to validate the de-identification process.

5. When We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under California and other U.S. state privacy laws. We share it only in the following ways:

5.1 Service providers

We engage infrastructure and service providers who process information on our behalf under written data-processing agreements that (a) restrict their use of information to the services they provide to us, (b) require them to implement appropriate security measures, and (c) prohibit them from selling or using information for their own purposes or combining it across customers. Providers currently include:

  • Cloudflare, Inc.: compute (Workers), object storage (R2), CDN, edge AI, DDoS protection, and transactional email delivery (Cloudflare Email Service).
  • Neon, Inc.: managed Postgres database hosting.
  • Mistral AI: resume parsing (we send you the document, it returns structured fields).
  • Google, Apple, LinkedIn: OAuth identity providers if you choose to use social login.

5.2 Job board participants

  • When you apply to a job, your application information (resume, application notes, and profile data) is made available to the posting employer.
  • When you post a job, your contact information (as specified in the listing) is visible to candidates.
  • Direct messages between you and another party on the platform are visible to the recipient and are not anonymous.

5.3 With your consent

If you opt in to AI-assisted recruiting, we may share your non-anonymous profile data (including credentials, experience, and readiness signals) with recruiters on the platform as described in Section 7.

5.4 Legal and safety

We may disclose information if we believe in good faith that disclosure is required to: comply with a law, regulation, subpoena, court order, or other valid legal process; enforce our Terms of Service; protect our rights, property, or safety, or that of our users or the public; detect, prevent, or address fraud, security, or technical issues; or respond to claims that any content violates the rights of third parties.

5.5 Business transfers

If we are involved in a merger, acquisition, reorganization, financing, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will take reasonable steps to ensure that the recipient honors the commitments in this Privacy Policy, and we will notify you of any material change.

6. NPPES and Public Registries

The NPPES NPI Registry is a public U.S. government database. The data it returns about you (name, taxonomy, license states, practice address) is already publicly available. We look it up, cache it, and use it to verify that you are a CRNA and to populate parts of your profile. We do not publish your NPI on the Service, and we do not store your raw NPI in our database, only a salted one-way hash used to detect duplicate accounts.

7. AI and Automated Processing

We use AI and automated systems to operate the Service. Most uses involve no decision about you personally and are strictly operational, for example, ranking search results, computing aggregate salary statistics, moderating content for spam and abuse, and parsing resumes.

AI-assisted recruiting is strictly opt-in. If you opt in, we compute a readiness score from signals associated with your identified account (for example, saved searches, credential wallet updates, and engagement patterns). This score may be shown to recruiters on the platform along with your identified profile. We do not use your anonymous forum activity (posts, reviews, or salary submissions) as input to the readiness score or to any recruiter-facing feature. You may opt out at any time in your account settings.

No solely-automated significant decisions. Consistent with Article 22 of the GDPR and analogous provisions in other privacy laws, we do not make decisions that produce legal or similarly significant effects on you based solely on automated processing. A human is in the loop for any significant action (for example, account suspension, credential rejection, or a recruiter's hiring decision). Where required, we will provide you meaningful information about the logic involved and honor your right to request human review.

8. Use of Your Data for AI Training

We do not use Your Content to train third-party foundation models or to build general-purpose AI products. Internal models we use to operate the Service (for example, content moderation, readiness scoring, and aggregate analytics) may be trained on de-identified or aggregated data derived from the Service, or on labeled samples where necessary for safety and quality. Where we use third-party AI providers as processors (for example, to parse a resume), we contractually prohibit them from retaining or training on your content beyond the processing necessary to return a result.

We honor technical signals such as robots.txt, noai, and similar indicators where legally recognized, and we employ measures to detect and block unauthorized scraping of the Service for AI training by third parties.

9. Security and Breach Notification

We implement administrative, technical, and physical safeguards designed to protect your information. Key measures include:

  • Encryption in transit (HTTPS/TLS) for all client connections.
  • Encryption at rest for our database and object storage.
  • Secrets (such as the HMAC key that binds identified and anonymous identities) stored outside the database, in restricted secret stores with audit logging.
  • Passwordless authentication (email OTP or OAuth) so we never handle your password.
  • Rate limiting, bot detection, and DDoS protection at the edge.
  • Principle of least privilege for team members accessing production systems.
  • Regular review of access logs, periodic security reviews, and a documented incident-response plan.

No system is perfectly secure. If we determine that your personal information was acquired or accessed without authorization, we will notify affected users and the appropriate regulators as required by applicable law, and in any event without unreasonable delay and consistent with the shortest notification deadline imposed by any applicable law (for example, within 72 hours where GDPR applies).

10. Retention and Deletion

  • Account data: retained while your account is active. When you delete your account, we delete or de-link identifying information within 30 days, subject to legal and operational retention requirements described below.
  • Anonymous forum content: may persist after account deletion. Your posts, reviews, and salary submissions are attached to the anonymous identity and may remain on the Service to preserve the integrity of community discussions. Deletion of individual items is still available through the Service.
  • Credential documents: retained for the life of the credential and for up to seven years afterward for audit and dispute-resolution purposes, unless a shorter retention is required by law.
  • NPPES cache: 30 days, refreshed on lookup.
  • Session logs, authentication logs, and security logs: retained for up to 24 months.
  • Backups: routine backups may contain deleted data until the backup is rotated out, which happens within 90 days.
  • Legal holds: if we receive a legal hold or litigation request, we may retain affected information for the duration of that obligation.

11. Your Rights

Subject to applicable law, you have rights with respect to your information. These may include:

  • Access: request a copy of the personal information we hold about you and information about our processing.
  • Correction: ask us to correct inaccurate information.
  • Deletion: ask us to delete your account and associated identifying information.
  • Portability: request a machine-readable export of information you have provided.
  • Objection and restriction: object to or restrict certain processing, including direct marketing and profiling.
  • Withdrawal of consent: where processing is based on consent, withdraw that consent at any time.
  • Limit use of sensitive personal information: request that we limit our use of sensitive personal information to what is necessary to provide the Service.
  • Opt out of marketing: unsubscribe from marketing emails through the link in the email or from your notification preferences.
  • Appeal: if we deny a rights request, you may appeal by replying to our decision. We will inform you in writing of the outcome of the appeal and the reasons. If we deny the appeal, we will also inform you of your right to contact your state Attorney General or other regulator.
  • Non-discrimination: we will not deny, charge different prices for, or provide a different quality of the Service because you exercised a privacy right.

To exercise these rights, email us at legal@anesthify.com. We will verify your identity and respond within the time required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

12. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights described in Section 11 plus the following:

  • The right to know the categories of personal information we collect, the sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
  • The right to opt out of any "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law.
  • The right to limit the use of sensitive personal information to what is reasonably necessary to provide the Service.
  • The right to non-discrimination for exercising a privacy right, including financial incentives.
  • The right to designate an authorized agent to act on your behalf; we will require written proof of authorization.

Categories of personal information collected (CCPA categories): identifiers (name, email, IP address); commercial information (job activity); internet or network activity (pages viewed, clicks); professional or employment-related information (NPI, license states, taxonomy, resume); geolocation at state/city level; inferences drawn from the above; and audio or visual information in uploaded documents. We retain each category as described in Section 10.

Sensitive personal information we collect: account credentials used to access the Service (session tokens); professional license identifiers (license numbers, card numbers, DEA numbers). We use sensitive personal information only to provide the Service, verify identity and credentials, secure accounts, and prevent fraud, which are within the permitted purposes of CCPA § 1798.121(a).

Global Privacy Control (GPC) signals are treated as a request to opt out of any sale or sharing for users browsing from California.

13. Other U.S. State Privacy Rights

Residents of certain other U.S. states have rights similar to those described in Section 11. This includes, as of the effective date of this Policy, residents of Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Indiana (ICDPA), Iowa (ICDPA), Maryland (MODPA), Minnesota (MCDPA), Montana (MCDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Oregon (OCPA), Rhode Island (DTPPA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA), among others.

Residents of these states may, subject to the specific requirements of their state's law, request to access, correct, or delete their personal information; obtain a portable copy; opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects; and appeal a denial of a rights request. Colorado and certain other states recognize universal opt-out signals (such as the Global Privacy Control), which we honor. To exercise your rights, contact us at the address in Section 19.

14. EU/UK/Swiss Residents (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation, UK GDPR, or Swiss FADP (as applicable) applies. Our legal bases for processing your information are:

  • Contract: to provide the Service you have requested.
  • Consent: for AI-assisted recruiting features and for marketing communications. You may withdraw consent at any time.
  • Legitimate interests: to operate, secure, and improve the Service, and to prevent fraud. These interests are balanced against your rights and freedoms.
  • Legal obligation: to comply with applicable law.

You have the rights described in Section 11, plus the right to lodge a complaint with your supervisory authority. The Service is operated from the United States, and your information may be transferred to and processed there (see Section 16).

For questions about this Policy in an EU/UK/Swiss context, including data- protection-officer inquiries, email legal@anesthify.com.

15. Children

The Service is intended for licensed anesthesia professionals, recruiters, and healthcare employers. It is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided information to us, please contact us and we will delete it.

16. International Transfers

We operate the Service from the United States. By using the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States. Where required, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, the UK Addendum, or other approved mechanisms, and we implement supplementary measures where appropriate.

17. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Authentication: session cookies that keep you signed in.
  • Preferences: remembering your theme, filters, and saved state.
  • Analytics and security: understanding feature usage and detecting abuse.

Most browsers let you refuse or remove cookies. If you refuse required cookies, the Service may not work correctly. We honor the Global Privacy Control (GPC) signal where applicable.

18. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by email. The "Effective" date at the top of this policy indicates when the latest version took effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

19. Contact

Questions, concerns, or requests related to this Privacy Policy should be directed to: