Privacy Policy

Definitions

Unless otherwise stated, defined terms used in this Privacy Policy have the meanings associated with them in our Terms of Service.

Personal Data

Any information associated with an identified or identifiable individual, including data you provide to us and data we collect about you during your interaction with our Services.

Provider

Healthcare professionals, including physicians and other qualified clinicians, who create accounts to find and perform flexible, remote, or project-based work through the Platform.

Client

Organizations, such as healthcare companies and other employers, that use the Platform to find, verify, and engage Providers.

Services

Our platform, websites, tools, data, documentation, and other applications we provide.

Information we collect

We collect information in three ways: what you provide directly, what we observe automatically, and what we receive from trusted third parties.

2.1 Information you provide to us

Account information

When you create an account, we collect information such as your name, email address, and password; phone number (optional); professional credentials and qualifications (for Providers); and organization details (for Clients).

Profile information

Providers may add information to their profile, including educational and professional background, medical specialties and areas of expertise, work experience, licenses and certifications, a resume or CV, and professional interests and skills.

Verification information

To support trust and quality on the Platform, we collect documents and information used to verify your identity, credentials, and professional qualifications — for example, government-issued identification and professional licenses. We rely on trusted third-party providers to collect and process sensitive personal information used for identity verification, and we limit the amount of such material we store directly on our Platform. Some of this information — such as government-issued identification — may be considered “sensitive personal information” under certain state privacy laws. We collect and use it only to verify identity and credentials and to provide the Services, and we do not use it to infer characteristics about you.

Payment and billing information

We collect information necessary to process payments, but we do not directly store your payment card information. Our payment processor, Stripe, collects and processes payment information in accordance with its own privacy policy. Depending on your role, this may include banking information for direct deposits (for Providers), billing addresses, tax identification information (such as W-9/W-8 forms), and transaction history. As with identity verification, we use Stripe to process this sensitive information and limit what we store on our Platform.

Engagement and activity information

When you use the Platform to find work, post opportunities, or work together, we collect information such as applications and proposals, communications with other Users through the Platform, materials you submit through the Platform, and feedback, ratings, and reviews.

Communications

We collect information when you contact our support team, participate in surveys or provide feedback, communicate with other Users through Platform messaging, or engage with our support tools.

2.2 Information we collect automatically

Device and usage information

When you access our Platform, we automatically collect information such as your IP address and approximate location; device type, operating system, and browser type; unique device identifiers; pages viewed, links clicked, and navigation patterns; access times and dates; and referring URLs.

Cookies and tracking technologies

We use cookies, web beacons, and similar technologies to remember your preferences and settings, understand how you use our Platform, improve Platform performance and user experience, and deliver relevant content. Cookies are small data files stored on your device. You can control cookies through your browser settings, though disabling cookies may affect Platform functionality.

2.3 Information from third parties

We may receive information about you from identity verification services that validate your credentials; professional licensing boards and databases; educational institutions (where you provide consent); background check services (where permitted by law); payment processors regarding transaction status; and public databases and professional directories.

How we use your information

We use the information we collect to operate the Platform, build trust, personalize your experience, communicate with you, and meet our legal obligations.

3.1 Platform operations

• Provide, maintain, and improve our Services
• Create and manage your account
• Facilitate matching, hiring, and engagement between Providers and Clients
• Process payments and manage billing
• Enable communication between Users

3.2 Quality and trust

• Verify identities and credentials
• Help ensure the quality of services provided through the Platform
• Prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and policies
• Conduct background checks where permitted by law

3.3 Personalization and improvement

• Personalize your experience on the Platform
• Match Providers with relevant opportunities
• Recommend opportunities and services
• Analyze usage patterns and trends
• Conduct research and development, and test and improve Platform features

3.4 Communications

• Send transactional emails (account notifications, payment confirmations)
• Provide customer support
• Send service announcements and updates
• Send marketing communications (with your consent)
• Notify you of relevant opportunities or Platform changes

3.5 Legal and compliance

• Comply with legal obligations and respond to lawful requests
• Enforce contracts and resolve disputes
• Protect rights, property, and safety
• Meet tax and financial reporting requirements

How we share your information

We share personal information in the limited circumstances described below.

4.1 With other Users

Provider information shared with Clients

To facilitate matching and hiring, we share Provider information with Clients, including name and professional credentials; educational background and specialties; work history and experience; skills and areas of expertise; verification status; contact information; and ratings, reviews, and feedback.

Client information shared with Providers

We share Client information with Providers, including organization name and description, opportunity requirements and specifications, and communications and feedback.

Note: Providers can control certain information they make visible through their profile settings.

4.2 With service providers

We share information with third-party vendors who perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Payment processing (Stripe)
• Identity verification (Stripe Identity)
• Email and communications providers
• Analytics and data analysis providers
• Customer support tools
• Security and fraud prevention services

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to protect your information.

4.3 For legal reasons

We may share information to comply with laws, regulations, and legal processes; respond to lawful requests from government authorities; enforce our Terms of Service and other agreements; protect the rights, property, and safety of Folio, our Users, and the public; and investigate and prevent fraud, security incidents, and illegal activity.

4.4 Business transfers

If Folio is involved in a merger, acquisition, sale of assets, financing, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform before your information becomes subject to a different privacy policy.

4.5 With your consent

We may share your information for other purposes with your explicit consent or at your direction.

4.6 Aggregated and de-identified data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you. This may include industry trends, usage statistics, and research insights.

Data retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

• Account information is retained while your account is active and for a reasonable period after deactivation
• Payment and tax records are retained as required by financial regulations (typically 7 years)
• Materials submitted through the Platform may be retained as necessary to fulfill obligations to Clients
• Communications and support records are retained for customer service purposes
• Verification information is retained for compliance purposes

After the retention period, we will delete or anonymize your information. We may retain certain information in backup systems for a limited additional period.

Your rights and choices

You're in control of your information. Here's what you can do, and how.

6.1 Account information

You may update, correct, or modify your account information at any time by logging into your account or contacting us at support@folioworks.com.

6.2 Profile visibility

Providers can control what information is visible to Clients through their profile settings. You can choose to make your profile private or control which elements are displayed. Providers maintain ultimate control over the sharing of their information with Clients, and Folio must receive consent from the Provider before doing so.

6.3 Marketing communications

You may opt out of receiving promotional emails by following the unsubscribe instructions in those emails or by updating your communication preferences in your account settings. We will still send you transactional and service-related communications.

6.4 Cookies

Most web browsers accept cookies by default. You can usually adjust your browser settings to remove or reject cookies. Disabling cookies may affect the functionality of our Platform.

6.5 Do Not Track and opt-out preference signals

Some browsers and extensions can send “Do Not Track” or opt-out preference signals, such as the Global Privacy Control (GPC). Where required by applicable law, we treat a recognized opt-out preference signal as a valid request to opt out of the “sale” or “sharing” of personal information for the browser or device from which it is sent.

6.6 Access, correction, and deletion

You have the right to access your personal information, correct inaccurate information, request deletion of your information, request a copy of your information, and object to certain processing activities.

To exercise these rights, please contact us at support@folioworks.com. We will respond within the time required by applicable law (generally within 45 days under the CCPA). Note that we may need to retain certain information for legal or business purposes.

6.7 Account deactivation

You may deactivate your account at any time by contacting support@folioworks.com. Upon deactivation, your profile will no longer be visible to other Users, though we may retain certain information as described in the Data Retention section.

State-specific privacy rights

Residents of certain states have additional rights under their state's privacy laws. The rights below apply to the extent those laws apply to Folio; where they do, we honor them as described.

Security

We take the security of your personal information seriously and implement organizational, technical, and administrative measures designed to protect your data from unauthorized access, destruction, loss, alteration, or misuse.

Our security measures include:

• Encryption of data in transit and at rest
• Secure cloud hosting with established providers
• Internal security reviews
• Access controls and authentication requirements
• Employee training on data protection
• Incident response and breach notification procedures

We also rely on trusted third-party providers to process sensitive personal information such as identity verification and payments, which limits the amount of such data stored directly on our Platform.

No data transmission or storage system can be guaranteed to be 100% secure. We encourage you to protect your account by using a strong password, not sharing your login credentials, and logging out when finished.

If you suspect that your account security has been compromised, please notify us immediately at security@folioworks.com.

International data transfers

Folio is based in the United States, and we process and store information in the United States.

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. By using our Services, you consent to the transfer of your information to the United States and other countries.

Third-party links and services

Our Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Folio.

This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing them with your information.

Children's privacy

Our Services are not directed to individuals under the age of 18.

We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@folioworks.com, and we will take steps to delete such information.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

If we make minor changes that do not materially affect your rights, we will post the updated policy on our Platform and update the “Last Updated” date at the top.

If we make material changes that significantly affect your rights or how we use your information, we will notify you by:

• Sending an email to the address associated with your account
• Displaying a prominent notice on the Platform
• Requiring you to accept the new policy before continuing to use our Services

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please reach us at one of the addresses below.

Gudwork Inc. (Folio)