Privacy Policy
This Privacy Policy describes how ClaritasVentures LLC ("Company," "we," "us," or "our") collects, uses, stores, and discloses information in connection with your use of the NightPass application (the "App"). By using the App, you agree to the practices described in this policy.
1. Who We Are
ClaritasVentures LLC is a Texas limited liability company operating NightPass, a clinical night shift handoff tool designed exclusively for licensed healthcare professionals in hospital settings. NightPass facilitates real-time synchronization of overnight patient handoff data between authorized clinical providers. The App operates as a business associate to covered entities whose workforce members use the App in connection with protected health information.
2. Information We Collect
2.1 Account Information
When you register, we collect your email address and display name. Passwords are managed by Google Firebase Authentication and are never stored in plaintext by ClaritasVentures LLC.
2.2 Shift and Clinical Handoff Data
When you use the App, we collect the shift code, hospital name, and team configuration you enter. Clinical handoff data entered during a shift includes: de-identified patient identifiers (Last 3 letters of last name, First 3 letters of first name), room number, clinical diagnosis, attending provider name, admission source, and overnight event notes. All clinical data is stored in Google Cloud Firestore and automatically deleted after 48 hours.
2.3 Authentication Data
Authentication credentials are managed by Google Firebase Authentication. Biometric authentication (Face ID, Touch ID, fingerprint) is processed entirely on your device by your device's operating system and is never transmitted to or stored on our servers.
2.4 Usage Data
We collect basic application usage metadata through Firebase for reliability, debugging, and performance monitoring purposes.
2.5 Consent Records
At account registration, we record your acceptance of our Terms of Service and Privacy Policy, including: timestamp (UTC), Terms version, and Privacy Policy version. These records are retained for compliance purposes.
3. How We Use Your Information
We use collected information to:
- Authenticate users and maintain secure access to the App
- Enable real-time synchronization of handoff data between authorized users sharing the same shift code
- Generate handoff reports for clinical communication purposes
- Maintain the security, integrity, and performance of the App
- Maintain consent and compliance records
- Comply with legal obligations and enforce our Terms of Service
We do not sell, rent, or share your information with third parties for marketing purposes. We do not use your information to train artificial intelligence models.
4. Protected Health Information (PHI) and HIPAA
NightPass is designed to minimize the use of Protected Health Information (PHI) as defined under HIPAA. The App uses a de-identified patient identifier format (Last 3 / First 3) combined with room number to reduce PHI exposure.
NightPass operates under a HIPAA Business Associate Agreement (BAA) with Google Cloud Platform, accepted April 5, 2026. All clinical data stored in the App is maintained within Google Cloud's HIPAA-covered infrastructure.
Users are responsible for ensuring their use of the App complies with their institution's HIPAA policies and applicable law. Users must not enter full patient names, Social Security numbers, dates of birth, or other direct HIPAA identifiers into the App.
If you are a covered entity requiring execution of a Business Associate Agreement with ClaritasVentures LLC prior to deploying NightPass to your workforce, please contact us at privacy@claritasventuresllc.com before activating a subscription.
5. Data Retention
- Clinical handoff data: automatically deleted from Firestore 48 hours after the shift document is created
- Shared handoff report links: expire and become inaccessible after 48 hours
- Account information: retained for the duration of your active account
- Consent records: retained for a minimum of five (5) years from acceptance date
6. Data Security
We implement industry-standard technical and organizational safeguards, including:
- Encrypted data transmission (TLS 1.2 or higher) for all App communications
- Encrypted storage in Google Cloud Firestore (AES-256)
- Firebase Authentication managing all credential handling — plaintext passwords are never stored
- Firestore security rules restricting all data access to authenticated users
- Biometric authentication processed entirely on-device, never transmitted to our servers
- Automatic 48-hour data expiration as a primary privacy control
- No local caching of clinical data on user devices
7. Sharing of Information
7.1 We do not sell your personal information or clinical handoff data to any third party.
7.2 Service Providers. We share data with the following service providers solely as necessary to operate the App:
| Service | Purpose | HIPAA BAA |
|---|---|---|
| Google Firebase Authentication | Secure user account management and login | Yes |
| Google Cloud Firestore | Encrypted clinical data storage | Yes |
| Google Firebase Hosting | Application delivery and hosting | Yes |
| Google Fonts | Typography (no user data transmitted) | N/A |
7.3 Legal Requirements. We may disclose information if required by law, subpoena, or court order.
7.4 Business Transfers. In the event of a merger or acquisition, user data may be transferred as part of that transaction. You will be notified of any such transfer.
8. Your Rights and Choices
Account Data: You may access, update, or correct your account information by contacting us at privacy@claritasventuresllc.com.
Data Deletion: All clinical handoff data is automatically deleted after 48 hours. You may request deletion of your account and associated data at any time by contacting us. Account data will be deleted within 30 days of confirmed account deletion, subject to retention of consent records as required by law.
California Residents: If you are a California resident, you have additional rights under the CCPA and CPRA, including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@claritasventuresllc.com.
9. Cookies and Tracking
The App uses essential browser local storage to maintain your authentication session and user interface state. We do not use third-party advertising cookies, cross-site tracking technologies, or behavioral advertising services.
10. Children's Privacy
NightPass is intended exclusively for use by licensed healthcare professionals. We do not knowingly collect personal information from individuals under 18 years of age.
11. Apple App Store Distribution
NightPass is distributed through the Apple App Store. Apple Inc. is not a party to this Privacy Policy and has no obligation or liability with respect to your use of NightPass or this policy. Your use of the App is also subject to Apple's App Store Terms of Service and Apple's Privacy Policy, available at apple.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email and App notice at least 14 days prior to the effective date. Your continued use of the App after a material change takes effect constitutes acceptance of the updated policy.
13. Contact Us
ClaritasVentures LLC
Privacy Officer: Zachary Taliaferro, MSN, AGACNP-BC
Email: privacy@claritasventuresllc.com
Website: claritasventuresllc.com
San Antonio, Texas