Privacy Policy

Overview

Sourcery by DHM Agency ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. Sourcery is an intelligent HR platform designed for healthcare organizations, providing human resources management, compliance tracking, and organizational operations.

Information We Collect

We collect and process the following information:

• Authentication Data: Google account information (email address, name, profile photo)
• Employment Information: Position title, department, employment type, start date, manager assignments
• Time-Off Data: Time-off requests, balances, approval history
• Professional Credentials: Certifications, licenses, training records, document uploads
• Performance Data: Review cycles, assessments, feedback, goal tracking
• System Usage: Login timestamps, feature usage for system improvement

How We Use Your Information

• Authentication & Access: Verify your identity and provide secure access to the platform
• HR Management: Maintain accurate employee records and organizational structure
• Compliance Tracking: Monitor professional certifications, licenses, and regulatory requirements (HIPAA, state licensing)
• Performance Management: Facilitate reviews, goal setting, and professional development
• Leave Management: Process and track time-off requests, accruals, and balances
• Internal Communications: Send system notifications, reminders, and important updates

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Control: Role-based permissions ensure users only access data relevant to their role
• Authentication: Secure Google OAuth 2.0 authentication with workspace integration
• Database Security: Row-level security policies prevent unauthorized data access
• Audit Logging: System tracks access and modifications for compliance
• Regular Updates: Security patches and updates are applied promptly

Data Access & Sharing

Access to your information is restricted based on job function:

• You: Can view and update your own profile, documents, and time-off requests
• Your Manager: Can view your time-off requests, performance reviews, and team data
• HR Administrators: Have access to all employee data for HR management purposes
• System Administrators: Have technical access for system maintenance and support

We do not sell, rent, or share your personal information with third parties except as required by law or with your explicit consent.

Third-Party Services

We use the following trusted third-party services:

• Google Workspace: Authentication and email services
• Supabase: Secure database hosting with SOC 2 Type II compliance
• Vercel: Application hosting with enterprise-grade security
• Resend: Transactional email delivery

These services are bound by their own privacy policies and security standards.

Your Rights & Choices

You have the following rights regarding your personal information:

• Access: View all personal information we have about you
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive a copy of your data in a common format
• Objection: Object to certain processing activities

To exercise these rights, contact HR at hr@dhmagency.com

Data Retention

We retain your information for as long as you are employed with DHM Agency and for the period required by applicable employment laws and regulations. After employment ends, we retain records as required for:

• Legal and regulatory compliance (typically 7 years for employment records)
• Potential legal claims or disputes
• Tax and financial reporting requirements

HIPAA Compliance

As a healthcare-related organization, DHM Agency is committed to HIPAA compliance. This platform is designed to protect Protected Health Information (PHI) through:

• Encryption of all PHI data at rest and in transit
• Access controls limiting PHI visibility to authorized personnel
• Audit logs tracking all PHI access and modifications
• Regular security assessments and employee training

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify employees of significant changes via email or system notifications. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information: