Privacy Policy
Specialist Snapshot is a private professional-use service for verified Alberta family physicians. Do not submit patient-identifying information to the service.
1. Information We Collect
We collect the minimum account and application information needed to verify access and operate the service:
- Identity and eligibility information, including name, email address, CPSA number, invite lineage, application status, and administrator approval history.
- Authentication information handled by Supabase Auth, including account identifiers and session tokens. Passwords are managed by the authentication provider and are not visible to Specialist Snapshot administrators.
- Structured rating information, including rating categories, wait-time categories, referral method category, approximate experience date, attestation, and update history.
- Administrative and audit records, including invite creation, application review, listing caution review, identity-reveal events, reasons supplied by admins, timestamps, and involved account identifiers.
- Technical records, including request metadata, error logs, security events, and basic operational diagnostics.
2. Location And External Services
If you choose to set your location, browser geolocation stays in your browser. If you type a neighbourhood into autocomplete, the typed query is sent to the Photon geocoding service to return place suggestions. Specialist Snapshot does not attach your account identity to Photon requests.
The service uses infrastructure providers such as Supabase and Vercel to host authentication, database, API, and static website functions. Provider processing may occur outside Alberta or Canada. No analytics product is active at launch.
3. How We Use Information
We use information to verify user eligibility, operate invite-only access, display specialist listing and structured aggregate information, prevent duplicate or abusive ratings, investigate platform misuse, maintain audit logs, secure the service, and respond to access, correction, dispute, or deletion requests.
4. What Other Users See
Ordinary users see specialist listings and aggregate structured rating information after the anonymity threshold is met. They do not see rating submitter name, email, CPSA number, clinic, account identifier, individual rating identity, or another physician's individual rating history.
5. Identity-Reveal Exception
A designated highest-trust administrator may reveal a rating submitter's identity only for a documented abuse, harassment, suspicious manipulation, account-blocking, or platform-misuse investigation. Reveal actions are audited and are not available to ordinary users or standard admins.
6. Retention
Account, application, rating, and audit records are retained according to the internal retention policy so the service can preserve professional trust, enforce one active rating per specialist, investigate misuse, and maintain required audit history. In general: rejected or withdrawn applications are minimized after the review window; inactive accounts are deactivated before deletion; ratings are detached or deleted only when doing so does not undermine audit integrity; and identity-reveal audit events are retained for the longest period.
7. Access, Correction, And Deletion Requests
You may request access to your personal information, correction of inaccurate account or application information, account deactivation, or deletion where deletion is available. Some information may need to be retained for security, audit, dispute, legal, or professional-trust reasons.
Specialist listing corrections should usually go to Alberta Referral Directory because it is the source of official listing details. Specialist Snapshot can apply a broad caution indicator or hide a listing while a dispute is reviewed.
8. Security
Access is invite-only and server-authorized through approved app-user records. The app uses service-role-only database access on the server, structured audit events, rating anonymity thresholds, security headers, and limited error logging. No system can be guaranteed secure, and users must protect their credentials and devices.
9. Patient Information
The service is not designed to collect patient information. If patient-identifying information is submitted accidentally, the administrator should restrict access, remove or minimize the information where feasible, and review whether notification or further action is required.
10. Contact
Privacy requests should be sent to the Specialist Snapshot Privacy Officer at privacy@specialistsnapshot.ca. This mailbox must be monitored before real physician invites begin.
11. Changes
This policy may be updated before or after launch. Material changes should be dated and communicated to approved users before continued use is required.