Privacy Policy
Whatley Mill, Inc. ("Whatley Mill," "we," "us," or "our") operates the Pulse platform ("Pulse" or the "Service"), an AI-powered recruitment engagement platform used by healthcare organizations (hospitals, clinics, and health systems) to identify and contact licensed healthcare providers about open clinical roles at their institutions.
This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to two distinct groups:
- Customer Users: employees of healthcare organizations (typically HR / talent acquisition team members) who sign in to and operate the Service on behalf of their employer.
- Healthcare Providers: physicians, nurses, advanced practice providers, and other healthcare professionals whose contact information appears in the Service so that Customer Users can reach them about open clinical roles.
1. Information we collect
From Customer Users
- Account information: name, work email address, profile photo, and the organization you belong to. Collected via OAuth sign-in (Microsoft / Google) when you create an account.
- Usage data: pages viewed, actions taken in the Service (campaigns created, messages sent, providers added to lists), timestamps, and device / browser metadata.
- Communications you send: outbound SMS and email messages you or the Service's AI sends on your behalf to Healthcare Providers, and any replies received.
About Healthcare Providers
We obtain Healthcare Provider information from public and licensed sources, including:
- The U.S. National Plan and Provider Enumeration System (NPI Registry, a public dataset maintained by the Centers for Medicare & Medicaid Services)
- Licensed third-party data providers (e.g., Apollo.io, ZoomInfo, PeopleDataLabs)
- Publicly available web content, including hospital and clinic staff/leadership pages and search-engine results
- LinkedIn public profile information
- Communications and replies received from Healthcare Providers in response to outreach, including SMS opt-in submissions you make at https://pulseplacement.ai/sms-opt-in
Information collected may include name, professional title and credentials, specialty, NPI number, practice address, work phone numbers (landline and mobile), work email addresses, employer or facility affiliation, and publicly available professional history.
We do not knowingly collect personal information about individuals under the age of 18.
2. How we use information
We use the information described above to:
- Provide, operate, secure, and improve the Service
- Authenticate Customer Users and enforce access controls
- Enable Customer Users to identify and contact Healthcare Providers about specific employment opportunities
- Send transactional messages (SMS and email) and route responses back to the Customer User who initiated the outreach
- Detect and prevent abuse, fraud, and violations of our Terms of Service
- Comply with applicable legal obligations
We use AI models to generate and classify outreach messages. We do not use Healthcare Provider personal information to train third-party AI models without contractual restrictions that prohibit such training.
3. SMS and mobile messaging disclosures
We do not sell, rent, lease, or share mobile phone numbers, SMS opt-in information, or SMS consent data with any third party or affiliate for marketing, advertising, or promotional purposes.
Mobile phone numbers and SMS-related data are used solely to deliver the Service: to send clinical-role outreach messages on behalf of healthcare-organization Customer Users, and to route inbound replies back to the originating Customer User.
We share SMS message content and metadata only with the third parties strictly necessary to deliver the message (e.g., Twilio and downstream mobile carriers), as described in Section 5.
Healthcare Providers opt in to receive SMS by submitting the form at https://pulseplacement.ai/sms-opt-in with the consent checkbox checked. When you opt in, we record your phone number, full name, the exact consent text shown, the timestamp, your IP address, and the user-agent that submitted the form.
Recipients of SMS messages may opt out at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT. To request help, reply HELP. Message and data rates may apply. Message frequency varies and is determined by the Customer User initiating outreach.
4. Cookies and tracking
The Service uses strictly-necessary cookies and similar technologies to authenticate Customer Users and maintain session state. The public marketing pages at pulseplacement.ai use Cloudflare Turnstile, a privacy-preserving captcha, on the SMS opt-in form to prevent automated abuse. We do not use advertising cookies or third-party advertising trackers.
5. How we share information
We share information only as described below:
- Service providers / sub-processors: vendors that operate infrastructure and tooling we depend on to deliver the Service. These include, without limitation: Twilio (SMS), Google (Gmail API, OAuth), Microsoft (OAuth), Cloudflare (DDoS protection and Turnstile captcha), Anthropic (AI), OpenAI (AI), Apollo.io / ZoomInfo / PeopleDataLabs / SerpApi (data enrichment), Google Cloud Platform / Amazon Web Services (hosting and storage), Google Places (facility resolution). Each sub-processor is contractually limited to using the information only to provide its services to us.
- Customer's organization: Customer User activity within the Service is visible to other authorized members of the same organization.
- Healthcare-organization Customer Users: when you opt in to receive SMS via the public opt-in form, your name, phone number, and the specialties / states inferred from your professional profile may be made available to healthcare-organization Customer Users whose open clinical roles match your background.
- Legal compliance: when required by valid legal process, to enforce our Terms of Service, or to protect the rights, property, or safety of Pulse, our users, or others.
- Business transfers: in connection with a merger, acquisition, financing, or sale of all or part of our business, subject to customary confidentiality protections.
We do not sell personal information.
6. Data retention
We retain Customer User account information for as long as the account is active and for a reasonable period thereafter for record-keeping, legal, and audit purposes. We retain Healthcare Provider information for as long as it remains useful for the Service and not earlier than required to honor opt-out and deletion requests.
SMS opt-in records (phone number, consent text, timestamp, IP, user agent) are retained for the lifetime of the platform plus four years after opt-out or deletion request, to satisfy carrier and TCPA record-keeping expectations.
Communications logs (SMS and email message content and metadata) are retained for a minimum period required by applicable law and by our service providers' minimum retention requirements.
7. Security
We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit (TLS) and encryption at rest for sensitive data. No system is perfectly secure; we cannot guarantee absolute security.
8. Your rights and choices
Healthcare Providers
You may at any time:
- Opt out of SMS by replying STOP (or UNSUBSCRIBE / CANCEL / END / QUIT) to any message you receive. We will record the opt-out and cease sending SMS to that number across the Service.
- Opt out of email by using the unsubscribe link in any email message you receive from the Service.
- Request access, correction, or deletion of your personal information held in the Service by contacting us at the address in Section 12. We will respond within the timeframes required by applicable law.
Customer Users
You may update or correct your account information at any time within the Service, or request deletion of your account by contacting your organization's administrator or us directly.
State-specific rights
Depending on where you live, you may have additional rights. For example, the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), Virginia's CDPA, Colorado's CPA, and similar state laws typically grant the right to know what personal information we hold, the right to delete it, the right to correct it, and the right to opt out of certain processing. Contact us at the address in Section 12 to exercise these rights.
We do not "sell" personal information or engage in cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
9. International users
The Service is operated from the United States. If you are accessing the Service from outside the United States, you understand that your information will be transferred to and processed in the United States and other jurisdictions where our service providers operate.
10. Children's privacy
The Service is not directed to children under 18 and we do not knowingly collect personal information from individuals under 18.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, where material changes are made, provide additional notice via the Service or by email.
12. Contact us
To exercise your rights, ask questions, or report concerns about this Privacy Policy or our handling of your information:
- Email: contact@pulseplacement.ai
Whatley Mill, Inc. is registered in the United States. Postal mail address available on request via the email above.