Privacy Policy
Run The Board ("we", "us") provides an operating-room scheduling and staffing board for anesthesia teams, available at runtheboard.net and app.runtheboard.net (the "Service"). This policy explains what information we collect, how we use it, and the choices you have.
Information we collect
- Account information. A username, a hashed password, and optionally an email address set by your organization's administrator (used only for password resets).
- Scheduling data. Information your organization enters into the Service to run its board: staff names and roles, shift codes, room assignments, break and relief coverage, and phone directory entries. This data belongs to your organization.
- Contact form submissions. If you contact us through the form on our homepage, we receive the name, email address, and message you provide.
- Technical information. Standard server logs, including IP addresses, used for security purposes such as rate limiting and abuse prevention.
Patient information
Run The Board is a staff scheduling tool. It is designed to manage clinician assignments, breaks, and relief coverage — not patient records. Do not enter patient names, medical record numbers, or any other protected health information into the Service.
How we use information
We use the information we collect solely to provide, secure, and improve the Service: authenticating users, displaying your organization's board, sending password-reset emails, and responding to inquiries. We do not sell personal information, and we do not use your data for advertising.
Cookies and local storage
We do not use advertising cookies or third-party analytics. The Service uses your browser's local storage for functional preferences (such as theme and navigation layout) and your session token. The contact form uses Cloudflare Turnstile to prevent spam.
Service providers
We rely on a small number of infrastructure providers to operate the Service:
- Cloudflare — content delivery, network security, and bot protection (Turnstile).
- Neon — managed PostgreSQL database hosting (United States).
- Amazon Web Services (SES) — outbound email delivery (password resets and contact-form notifications).
These providers process data only as needed to deliver their services to us.
Data retention and deletion
Scheduling data is retained for as long as your organization uses the Service. When an organization's tenancy ends, its data is deleted. You may request deletion of your account information at any time by contacting us.
Security
All traffic is encrypted in transit with TLS. Passwords are stored using salted, one-way hashing (scrypt). Access to boards is controlled by per-organization accounts and role-based permissions. See our security.txt for how to report a vulnerability.
Your rights
You may request access to, correction of, or deletion of your personal information by contacting us. If your account was created by your organization, some requests may need to be handled through your organization's administrator.
Changes to this policy
If we make material changes to this policy, we will update the effective date above and post the revised version on this page.
Contact
Questions about this policy? Reach us through the contact form on our homepage, or email [email protected] for security-related matters.