Legal

Legal

>

>

Privacy Notice

Privacy Notice

Privacy Notice

Last Updated:

Last Updated:

May 16, 2025

May 16, 2025

Find out how we collect, use, and protect your personal information.

Find out how we collect, use, and protect your personal information.

Introduction

Moonlight Physicians ("Moonlight" or "We") respect your privacy and are committed to protecting it through our compliance with this privacy notice (the “Notice”).

This Notice describes how and why we collect, store, use, and/or share (“process“) your information when you use our services in which this privacy notice is directly linked (“Services”), such as when you:

  • Visit our website at moonlightphysicians.com (the “Website”), or any website of ours that links to this privacy notice; or

  • Use any other application or service of ours, including the Moonlight Physicians Mobile Application (the “App”), that attaches, links to, or, or otherwise expressly incorporates this privacy notice.

This Notice applies only to the personal information that we collect while enabling or providing the Services in which this Notice is directly linked and does not apply to any other services or data or information collected by us online or offline. Other services offered by Moonlight or its third party service providers, for example payment processors, may have their own applicable privacy notice.

Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using these Services, you agree to this Notice. This Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of these Services after we make changes is deemed to be acceptance of those changes, so please check the Notice periodically for updates.

Children Under the Age of 18

Our Services are not intended for children under 18 years of age. No one under age 18 may provide any [personal] information to [or on] the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on these Services If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us using the Contact Options listed at the bottom of this Notice.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Services, including information:

  • Information from which you may be personally identified ("personal information");

  • Information that is about you but individually does not directly identify you; and/or

  • Information about your internet connection, the equipment you use to access our Services, and usage details.

We collect this information:

  • Directly from you when you provide it to us;

  • Automatically as you navigate through the site; and

  • From third parties, for example, our service providers, government agencies.

Information You Provide to Us

Creating an Account. When you create and account to use our Services, we will ask you to provide the following information, which we need to administer your access to the Services:

  • Name

  • Password

  • Email Address

  • Phone Number

  • Role – for example, a healthcare worker such as a physician or nurse (a “Provider”) or representative of a hospital or other organization what wishes to engage Providers (a (“Healthcare Organization”).

Provider Onboarding. If you are a Provider, we will ask you to provide some additional information as part of the onboarding process to allow us to verify your credentials with third parties and to provide the Services, including:

  • Your preferred hourly rate;

  • Your availability, including preferred working hours;

  • Your mailing address;

  • Skillset and procedures within a skillset;

  • State licensure information;

  • National Provider Identifier (NPI) number;

  • Education information;

  • Supporting documentation, including driver’s license and/or other form of acceptable government issued identification; photograph (headshot); educational records; employment records; professional certifications and licensure, etc; and

Healthcare Organization Onboarding. If you are using the Services on behalf of a Healthcare Organization, we will collect the following additional information during your onboarding process necessary for us to provide you the Services:

  • Healthcare Organization name and primary address;

  • Primary contact of the Healthcare Organization, including name, title, and contact information; and

  • Each healthcare facility of the Healthcare Organization, including its name and address.

Financial Transactions. All transactions carried out through the Services are handled directly by third party payment processor, Stripe, through an integration with the Services. To participate in the Services, you will need to create a Stripe Connected Account, which will include entering certain personal information required by Stripe. To enable the ability to make and receive payments, you will also need to enter your financial account information directly into your Stripe Connected Account. Your use of the Stripe Connected Account is subject to the Stripe Terms of Service and other terms referenced therein, which you can find on the Stripe website at stripe.com/legal/connect-account.

Using the Services. In the course of using the Services, you may provide us additional information, including:

  • Information that you provide by filling in forms on our Services. We may also ask you for information when you report a problem with our Services.

  • Records and copies of your correspondence (including email addresses), if you contact us.

  • Your responses to surveys that we might ask you to complete for research purposes.

  • Details of transactions you carry out through our Services including work assignments.

  • Your search queries on the Services.

  • You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Services, or transmitted to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Usage Details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Services.

  • Device Information. We may collect information about your computer or mobile device and internet connection, including the device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features of our application(s) you accessed.

  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings; however, doing so may limit our ability to provide you the Services.

  • Location Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings; however, doing so may limit our ability to provide you the Services.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer or on your mobile device. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services. For information about managing your privacy and security settings for cookies, see Your Choices About How We Use and Disclose Your Information.

  • Web Beacons. Pages of our Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Moonlight, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications on the Services are served by third-parties. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

In particular, we use the following service providers for the purposes described below:

  • Infrastructure monitoring (Sentry). This type of service allows us to monitor the use and behavior of its components so the Services’ performance, operation, maintenance and troubleshooting can be improved. Which types of personal information are processed depends on the characteristics and mode of implementation of these monitoring services, whose function is to filter the activities of these Services. To perform this infrastructure monitoring, we use a monitoring service called Sentry, which is provided by Functional Software, Inc. Sentry processes data in the United States. Additional details on the processing of personal information by Sentry can be found in the Sentry Privacy Policy, which you can find at https://sentry.io/privacy.

  • Registration and Authentication (Google OAuth). By registering or authenticating, you allow us to identify you and give you access to dedicated Services. We may use third party services to assist us with registration and authentication. In so, then our Services will be able to access some data stored by these third-party services, for registration or identification purposes. In some cases, the third-party services may also collect personal information for targeting and profiling purposes; to find out more, please refer to the description of each service. In particular, we use Google OAuth, which is a registration and authentication service provided by Google LLC and is connected to the Google network. Google OAuth processes data in the United States. Additional details on the processing of personal information by Google OAuth can be found in the Google Privacy Policy, which you can find at https://policies.google.com/privacy.

  • Third Party Cookies. We use the following analytical cookies to help us understand the use and performance of the Services:

Cookie

Description

Type

_ga_*

Google Analytics sets this cookie to store and count page views.

Analytics

_ga

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Analytics

_gcl_au

The “_gcl_ls” cookie is used for conversion tracking in Google Ads and Google Tag Manager to measure advertisement performance.

Analytics

_gcl_ls

Used by Google AdSense to understand user interaction with the website by generating analytical data.

Analytics

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information, in the ways describe above and for the following purposes:

  • To present our Services and its contents to you.

  • To provide you with information, products, or services that you request from us.

  • To fulfill any other purpose for which you provide it.

  • To provide you with notices about your account, including expiration and renewal notices.

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • To notify you about changes to our Services or any products or services we offer or provide though it.

  • In any other way we may describe when you provide the information.

  • For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please use see the options provided under Your Choices About How We Use and Disclose Your Information.

How We May Disclose Your Information

We do not sell your personal information. Nor do we share your personal information with third parties for the purpose of cross-context behavioral advertising or targeting advertising.

We may disclose aggregated information about our users, and information that does not identify any individual in compliance with applicable law.

We may also disclose personal information that we collect or you provide as described in this Privacy Notice:

  • To our subsidiaries and affiliates.

  • To medical boards, licensing boards, and government agencies to verify Provider credentials;

  • To contractors, service providers, and other third parties we use to support our business.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Moonlight's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Moonlight about our Services users is among the assets transferred.

  • To fulfill the purpose for which you provide it. For example, if you give us an email address to use the "Refer a Friend" feature of our Services, we will transmit the contents of that email and your email address to the recipients.

  • For any other purpose disclosed by us when you provide the information.

  • With your consent.

  • We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Moonlight, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

How Long Do We Keep Your Information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When you request to terminate your account, we delete your profile information but retain information related to your transactions, including work assignments, for archival purposes. This information by include aspects of your personal information.

When we have no ongoing legitimate business need (including archival purposes or notifying you about our products and services) to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

How We Protect Your Information

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services. The information you share in public areas may be viewed by any user of the Services.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

Your Choices on How We Collect, Use, and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us.

Accessing and Correcting Your Information

You can review and change your personal information by logging into the Services and visiting your account profile page.

You may also send us an email using the Contact Options listed at the bottom of this Notice to request access to, correct, or delete any personal information that you have provided to us. You may also communicate such requests through functionality enabled by the Services, if implemented, from your registered account. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete or change your User Contributions from the Services, copies of your User Contributions may, in some cases, remain viewable in cached and archived pages, or might have been copied or stored by other Services users.

Privacy Settings

Additionally, you can adjust the privacy settings on your browser or mobile device to restrict certain ways in which we automatically collect personal information:

  • Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

  • Controls For Do-Not-Track Features. Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Also, we have provided mechanisms to allow you to opt-out of certain kinds of marketing and advertising based on your personal information.

  • Promotional Offers from Moonlight. If you do not wish to have your email address, phone number or other contact information used by Moonlight to promote our own or third parties' products or services, you can opt-out by logging onto your account and completing any provided forms in the Services, if implemented, or sending us an email stating your request using the Contact Options listed at the bottom of this Notice. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. If we have sent you a text message, you may reply back with the instruction “STOP.”

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Exercising Your Rights

Non-Discrimination for the Exercise of Your Privacy Rights

We will not discriminate against you if you exercise your privacy rights. As noted in this privacy notice, some requests may disable functionality of the Services.

Your Privacy Requests

  • Submitting Requests: To ask questions or comment about this Privacy Notice and our privacy practices, or to exercise any rights hereunder, you can contact us using the Contact Options provided at the end of this Notice.

  • Verifying Requests. Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

  • Appealing. If for any reason we refuse to take a privacy action that you request (e.g., deleting certain personal information) we will notify you in writing using contact information on file to explain the reason why. If you are not satisfied, you may reply using the same communication channel and request reconsideration (an “Appeal”). Not later than sixty days after receipt of an appeal, we will inform the you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Your State Privacy Rights

Some state consumer privacy laws may provide state residents who are consumers with additional rights regarding our use of their personal information. Your agreement to this Notice includes your agreement that you are acting in a commercial capacity and not for personal or household purposes, as would a traditional consumer. If and to the extent a state in which you are resident determines that you are covered by the state’s privacy law, we have included the additional disclosures below.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents who are consumers with rights to:

  • Know the categories of personal information we collect, how we use/process it and for what business purpose, and to which categories of third parties we disclose/share/sell it and for what business purpose.

  • Access and delete certain personal information.

  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).

  • Data portability.

  • Opt-out of personal data processing for:

    • targeted advertising (excluding Iowa);

    • sales; or

    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).

  • Either limit (opt-out of) or require consent to process sensitive personal data.

  • Appealing adverse decisions regarding your privacy requests (see above regarding Appeals).

The exact scope of these rights may vary by state. To exercise any of these rights please submit your request through a provided screen of the Services or send your request to us using one of the Contact Options listed at the bottom of this Notice.

California Privacy Laws

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.

The 2018 California Consumer Privacy Act (CCPA), including amendments and regulations thereto, is a law that protects the “personal information” of persons who the law defines as “consumers.” Under CCPA, qualifying consumers have particular rights regarding their personal information, including:

  • The right to know about the personal information a business collects about them and how it is used and shared;

  • The right to delete personal information collected from them (with some exceptions);

  • The right to opt-out of the sale or sharing of their personal information; and

  • The right to non-discrimination for exercising their CCPA rights.

Pursuant to the CCPA, “personal information” does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records. The definition of publicly available information also includes information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, or certain information disclosed by a consumer and made available if the consumer has not restricted the information to a specific audience. The CCPA also exempts certain types of information such as certain medical information and consumer credit reporting information.

Moonlight collects the following types of personal information from users generally. If you have used our Services in the past 12 months, we will have collected personal information some these categories from you. The categories and examples of the kinds of information defined by CCPA to be included in each category are provided below. We have indicated “yes” if we collect at least one type of information that the CCPA suggests is categorized within each category.

Category

CCPA Statutory Examples

Collected

A. Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute Cal. Civ. Code 1798.80(e).

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Note: Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Yes

E. Biometric Information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity

Activity on our websites, mobile apps, or other digital systems, such as internet browsing history, search history, system usage, electronic communications with us, postings on our social media sites.

Yes

G. Geolocation data

Physical location or movements, such as the time and physical location related to use of our internet website, application, or device, and GPS location data from mobile devices of consumers who visit our websites or use our mobile apps.

Yes

H. Sensory Data

Audio, electronic, visual, thermal, olfactory, or similar information, including customer service call monitoring and store video surveillance. Note: users upload headshots as part of creating an account. We consider these to be visual identifiers under Category A.

No

I. Professional or employment-related info

Current or past job history or performance evaluations.

No

J. Non-Public Education Information

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Yes

K. Inferences drawn from other personal information

Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

No

We Collect this personal information from the following categories of sources:

  • Directly and indirectly from you as described above in “How we Collect Your Information.”

  • From third-party data processors or business partners such as background check vendors, payment processors, and healthcare institutions.

  • Publicly available data bases, licensing boards, and government agencies.

We collect, process, and disclose this information for the business purposes set forth above in “How we Use Your Personal Information.

We disclose your personal information to the categories of third parties identified above in “Disclosure of Your Personal Information.

We do not sell your personal information. Nor do we share your personal information for the purpose of cross-context behavioral advertising or targeted advertising.

Sensitive Personal Information

We do not collect, process, or disclose sensitive personal information for any purpose other than one or more of the statutory exceptions set forth the CCPA, if at all, which include the following:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

  • To prevent, detect, and investigate security incidents that compromise the availability,

  • authenticity, integrity, and or confidentiality of stored or transmitted personal information;

  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions;

  • To ensure the physical safety of natural persons;

  • For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;

  • To perform services on behalf of the business;

  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business; or

  • To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

Changes to Our Privacy Notice

It is our policy to post any changes we make to our Privacy Notice on this page. The date the Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this Privacy Notice to check for any changes.

Contact Methods

To ask questions or comment about this Privacy Notice and our privacy practices, or to exercise any rights hereunder, you can complete a request through the applicable form on the Services, if implemented, using your existing account or you may contact us using the following contact information:

  • By email: admin@moonlightphysicians.com.

Please include “Privacy Notice Inquiry” in the subject line of your email for quicker processing.


Introduction

Moonlight Physicians ("Moonlight" or "We") respect your privacy and are committed to protecting it through our compliance with this privacy notice (the “Notice”).

This Notice describes how and why we collect, store, use, and/or share (“process“) your information when you use our services in which this privacy notice is directly linked (“Services”), such as when you:

  • Visit our website at moonlightphysicians.com (the “Website”), or any website of ours that links to this privacy notice; or

  • Use any other application or service of ours, including the Moonlight Physicians Mobile Application (the “App”), that attaches, links to, or, or otherwise expressly incorporates this privacy notice.

This Notice applies only to the personal information that we collect while enabling or providing the Services in which this Notice is directly linked and does not apply to any other services or data or information collected by us online or offline. Other services offered by Moonlight or its third party service providers, for example payment processors, may have their own applicable privacy notice.

Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using these Services, you agree to this Notice. This Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of these Services after we make changes is deemed to be acceptance of those changes, so please check the Notice periodically for updates.

Children Under the Age of 18

Our Services are not intended for children under 18 years of age. No one under age 18 may provide any [personal] information to [or on] the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on these Services If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us using the Contact Options listed at the bottom of this Notice.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Services, including information:

  • Information from which you may be personally identified ("personal information");

  • Information that is about you but individually does not directly identify you; and/or

  • Information about your internet connection, the equipment you use to access our Services, and usage details.

We collect this information:

  • Directly from you when you provide it to us;

  • Automatically as you navigate through the site; and

  • From third parties, for example, our service providers, government agencies.

Information You Provide to Us

Creating an Account. When you create and account to use our Services, we will ask you to provide the following information, which we need to administer your access to the Services:

  • Name

  • Password

  • Email Address

  • Phone Number

  • Role – for example, a healthcare worker such as a physician or nurse (a “Provider”) or representative of a hospital or other organization what wishes to engage Providers (a (“Healthcare Organization”).

Provider Onboarding. If you are a Provider, we will ask you to provide some additional information as part of the onboarding process to allow us to verify your credentials with third parties and to provide the Services, including:

  • Your preferred hourly rate;

  • Your availability, including preferred working hours;

  • Your mailing address;

  • Skillset and procedures within a skillset;

  • State licensure information;

  • National Provider Identifier (NPI) number;

  • Education information;

  • Supporting documentation, including driver’s license and/or other form of acceptable government issued identification; photograph (headshot); educational records; employment records; professional certifications and licensure, etc; and

Healthcare Organization Onboarding. If you are using the Services on behalf of a Healthcare Organization, we will collect the following additional information during your onboarding process necessary for us to provide you the Services:

  • Healthcare Organization name and primary address;

  • Primary contact of the Healthcare Organization, including name, title, and contact information; and

  • Each healthcare facility of the Healthcare Organization, including its name and address.

Financial Transactions. All transactions carried out through the Services are handled directly by third party payment processor, Stripe, through an integration with the Services. To participate in the Services, you will need to create a Stripe Connected Account, which will include entering certain personal information required by Stripe. To enable the ability to make and receive payments, you will also need to enter your financial account information directly into your Stripe Connected Account. Your use of the Stripe Connected Account is subject to the Stripe Terms of Service and other terms referenced therein, which you can find on the Stripe website at stripe.com/legal/connect-account.

Using the Services. In the course of using the Services, you may provide us additional information, including:

  • Information that you provide by filling in forms on our Services. We may also ask you for information when you report a problem with our Services.

  • Records and copies of your correspondence (including email addresses), if you contact us.

  • Your responses to surveys that we might ask you to complete for research purposes.

  • Details of transactions you carry out through our Services including work assignments.

  • Your search queries on the Services.

  • You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Services, or transmitted to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Usage Details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Services.

  • Device Information. We may collect information about your computer or mobile device and internet connection, including the device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features of our application(s) you accessed.

  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings; however, doing so may limit our ability to provide you the Services.

  • Location Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings; however, doing so may limit our ability to provide you the Services.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer or on your mobile device. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services. For information about managing your privacy and security settings for cookies, see Your Choices About How We Use and Disclose Your Information.

  • Web Beacons. Pages of our Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Moonlight, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications on the Services are served by third-parties. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

In particular, we use the following service providers for the purposes described below:

  • Infrastructure monitoring (Sentry). This type of service allows us to monitor the use and behavior of its components so the Services’ performance, operation, maintenance and troubleshooting can be improved. Which types of personal information are processed depends on the characteristics and mode of implementation of these monitoring services, whose function is to filter the activities of these Services. To perform this infrastructure monitoring, we use a monitoring service called Sentry, which is provided by Functional Software, Inc. Sentry processes data in the United States. Additional details on the processing of personal information by Sentry can be found in the Sentry Privacy Policy, which you can find at https://sentry.io/privacy.

  • Registration and Authentication (Google OAuth). By registering or authenticating, you allow us to identify you and give you access to dedicated Services. We may use third party services to assist us with registration and authentication. In so, then our Services will be able to access some data stored by these third-party services, for registration or identification purposes. In some cases, the third-party services may also collect personal information for targeting and profiling purposes; to find out more, please refer to the description of each service. In particular, we use Google OAuth, which is a registration and authentication service provided by Google LLC and is connected to the Google network. Google OAuth processes data in the United States. Additional details on the processing of personal information by Google OAuth can be found in the Google Privacy Policy, which you can find at https://policies.google.com/privacy.

  • Third Party Cookies. We use the following analytical cookies to help us understand the use and performance of the Services:

Cookie

Description

Type

_ga_*

Google Analytics sets this cookie to store and count page views.

Analytics

_ga

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Analytics

_gcl_au

The “_gcl_ls” cookie is used for conversion tracking in Google Ads and Google Tag Manager to measure advertisement performance.

Analytics

_gcl_ls

Used by Google AdSense to understand user interaction with the website by generating analytical data.

Analytics

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information, in the ways describe above and for the following purposes:

  • To present our Services and its contents to you.

  • To provide you with information, products, or services that you request from us.

  • To fulfill any other purpose for which you provide it.

  • To provide you with notices about your account, including expiration and renewal notices.

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • To notify you about changes to our Services or any products or services we offer or provide though it.

  • In any other way we may describe when you provide the information.

  • For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please use see the options provided under Your Choices About How We Use and Disclose Your Information.

How We May Disclose Your Information

We do not sell your personal information. Nor do we share your personal information with third parties for the purpose of cross-context behavioral advertising or targeting advertising.

We may disclose aggregated information about our users, and information that does not identify any individual in compliance with applicable law.

We may also disclose personal information that we collect or you provide as described in this Privacy Notice:

  • To our subsidiaries and affiliates.

  • To medical boards, licensing boards, and government agencies to verify Provider credentials;

  • To contractors, service providers, and other third parties we use to support our business.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Moonlight's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Moonlight about our Services users is among the assets transferred.

  • To fulfill the purpose for which you provide it. For example, if you give us an email address to use the "Refer a Friend" feature of our Services, we will transmit the contents of that email and your email address to the recipients.

  • For any other purpose disclosed by us when you provide the information.

  • With your consent.

  • We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Moonlight, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

How Long Do We Keep Your Information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When you request to terminate your account, we delete your profile information but retain information related to your transactions, including work assignments, for archival purposes. This information by include aspects of your personal information.

When we have no ongoing legitimate business need (including archival purposes or notifying you about our products and services) to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

How We Protect Your Information

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services. The information you share in public areas may be viewed by any user of the Services.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

Your Choices on How We Collect, Use, and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us.

Accessing and Correcting Your Information

You can review and change your personal information by logging into the Services and visiting your account profile page.

You may also send us an email using the Contact Options listed at the bottom of this Notice to request access to, correct, or delete any personal information that you have provided to us. You may also communicate such requests through functionality enabled by the Services, if implemented, from your registered account. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete or change your User Contributions from the Services, copies of your User Contributions may, in some cases, remain viewable in cached and archived pages, or might have been copied or stored by other Services users.

Privacy Settings

Additionally, you can adjust the privacy settings on your browser or mobile device to restrict certain ways in which we automatically collect personal information:

  • Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

  • Controls For Do-Not-Track Features. Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Also, we have provided mechanisms to allow you to opt-out of certain kinds of marketing and advertising based on your personal information.

  • Promotional Offers from Moonlight. If you do not wish to have your email address, phone number or other contact information used by Moonlight to promote our own or third parties' products or services, you can opt-out by logging onto your account and completing any provided forms in the Services, if implemented, or sending us an email stating your request using the Contact Options listed at the bottom of this Notice. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. If we have sent you a text message, you may reply back with the instruction “STOP.”

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Exercising Your Rights

Non-Discrimination for the Exercise of Your Privacy Rights

We will not discriminate against you if you exercise your privacy rights. As noted in this privacy notice, some requests may disable functionality of the Services.

Your Privacy Requests

  • Submitting Requests: To ask questions or comment about this Privacy Notice and our privacy practices, or to exercise any rights hereunder, you can contact us using the Contact Options provided at the end of this Notice.

  • Verifying Requests. Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

  • Appealing. If for any reason we refuse to take a privacy action that you request (e.g., deleting certain personal information) we will notify you in writing using contact information on file to explain the reason why. If you are not satisfied, you may reply using the same communication channel and request reconsideration (an “Appeal”). Not later than sixty days after receipt of an appeal, we will inform the you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Your State Privacy Rights

Some state consumer privacy laws may provide state residents who are consumers with additional rights regarding our use of their personal information. Your agreement to this Notice includes your agreement that you are acting in a commercial capacity and not for personal or household purposes, as would a traditional consumer. If and to the extent a state in which you are resident determines that you are covered by the state’s privacy law, we have included the additional disclosures below.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents who are consumers with rights to:

  • Know the categories of personal information we collect, how we use/process it and for what business purpose, and to which categories of third parties we disclose/share/sell it and for what business purpose.

  • Access and delete certain personal information.

  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).

  • Data portability.

  • Opt-out of personal data processing for:

    • targeted advertising (excluding Iowa);

    • sales; or

    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).

  • Either limit (opt-out of) or require consent to process sensitive personal data.

  • Appealing adverse decisions regarding your privacy requests (see above regarding Appeals).

The exact scope of these rights may vary by state. To exercise any of these rights please submit your request through a provided screen of the Services or send your request to us using one of the Contact Options listed at the bottom of this Notice.

California Privacy Laws

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.

The 2018 California Consumer Privacy Act (CCPA), including amendments and regulations thereto, is a law that protects the “personal information” of persons who the law defines as “consumers.” Under CCPA, qualifying consumers have particular rights regarding their personal information, including:

  • The right to know about the personal information a business collects about them and how it is used and shared;

  • The right to delete personal information collected from them (with some exceptions);

  • The right to opt-out of the sale or sharing of their personal information; and

  • The right to non-discrimination for exercising their CCPA rights.

Pursuant to the CCPA, “personal information” does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records. The definition of publicly available information also includes information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, or certain information disclosed by a consumer and made available if the consumer has not restricted the information to a specific audience. The CCPA also exempts certain types of information such as certain medical information and consumer credit reporting information.

Moonlight collects the following types of personal information from users generally. If you have used our Services in the past 12 months, we will have collected personal information some these categories from you. The categories and examples of the kinds of information defined by CCPA to be included in each category are provided below. We have indicated “yes” if we collect at least one type of information that the CCPA suggests is categorized within each category.

Category

CCPA Statutory Examples

Collected

A. Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute Cal. Civ. Code 1798.80(e).

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Note: Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Yes

E. Biometric Information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity

Activity on our websites, mobile apps, or other digital systems, such as internet browsing history, search history, system usage, electronic communications with us, postings on our social media sites.

Yes

G. Geolocation data

Physical location or movements, such as the time and physical location related to use of our internet website, application, or device, and GPS location data from mobile devices of consumers who visit our websites or use our mobile apps.

Yes

H. Sensory Data

Audio, electronic, visual, thermal, olfactory, or similar information, including customer service call monitoring and store video surveillance. Note: users upload headshots as part of creating an account. We consider these to be visual identifiers under Category A.

No

I. Professional or employment-related info

Current or past job history or performance evaluations.

No

J. Non-Public Education Information

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Yes

K. Inferences drawn from other personal information

Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

No

We Collect this personal information from the following categories of sources:

  • Directly and indirectly from you as described above in “How we Collect Your Information.”

  • From third-party data processors or business partners such as background check vendors, payment processors, and healthcare institutions.

  • Publicly available data bases, licensing boards, and government agencies.

We collect, process, and disclose this information for the business purposes set forth above in “How we Use Your Personal Information.

We disclose your personal information to the categories of third parties identified above in “Disclosure of Your Personal Information.

We do not sell your personal information. Nor do we share your personal information for the purpose of cross-context behavioral advertising or targeted advertising.

Sensitive Personal Information

We do not collect, process, or disclose sensitive personal information for any purpose other than one or more of the statutory exceptions set forth the CCPA, if at all, which include the following:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

  • To prevent, detect, and investigate security incidents that compromise the availability,

  • authenticity, integrity, and or confidentiality of stored or transmitted personal information;

  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions;

  • To ensure the physical safety of natural persons;

  • For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;

  • To perform services on behalf of the business;

  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business; or

  • To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

Changes to Our Privacy Notice

It is our policy to post any changes we make to our Privacy Notice on this page. The date the Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this Privacy Notice to check for any changes.

Contact Methods

To ask questions or comment about this Privacy Notice and our privacy practices, or to exercise any rights hereunder, you can complete a request through the applicable form on the Services, if implemented, using your existing account or you may contact us using the following contact information:

  • By email: admin@moonlightphysicians.com.

Please include “Privacy Notice Inquiry” in the subject line of your email for quicker processing.