Privacy Policy

Effective: April 19, 2026 · Last updated: April 19, 2026

1. Introduction

This Privacy Policy explains how CutScore Technologies LLC (“CutScore,” “we,” “us,” or “our”) collects, uses, and discloses information when you use TrustCut (the “Service”). It also describes choices available to you and how to contact us. Capitalized terms not defined here have the meanings given in the Terms of Service.

2. Information We Collect

We collect the following categories of information:

Category	Examples	Purpose
Account Information	Email address, password (hashed), account creation date	Authenticate you; contact you about your account
Nurse Credential Information	License type (RN/LPN/APRN/etc.), license number, issuing state, verification status	Verify eligibility to submit ratings; detect fraudulent accounts
Rating Content	Ratings, category scores, and any commentary you submit	Provide the core Service; display aggregated scores
Technical and Device Data	IP address, device model, OS version, app version, crash logs, usage analytics	Operate the Service; diagnose problems; detect abuse
Communications	Emails you send us; support requests	Respond to you; maintain support records
Log Data	Server logs, edge function logs, authentication events, timestamps	Security; debugging; abuse detection

2.1 Information You Provide

When you create a nurse account, you provide your email address, a password, and nurse credential information (license type, license number, state). When you submit a rating, you provide the rating content itself.

2.2 Information Collected Automatically

When you access the Service, we and our infrastructure providers automatically collect technical information including IP address, device identifiers, operating system, app version, session timestamps, crash reports, and usage events. Our infrastructure providers (including Supabase and Cloudflare) may also log network-level data as part of routine operations.

2.3 Information From Third Parties

Surgeon and podiatrist profile data is sourced from the National Plan and Provider Enumeration System (NPPES), a public database maintained by the Centers for Medicare & Medicaid Services. Nurse license status may be verified against publicly available licensing board databases (such as Nursys QuickConfirm).

3. How We Use Information

Provide, maintain, and improve the Service;
Verify that nurse users meet eligibility requirements before allowing rating submissions;
Aggregate ratings and display public score data (without identifying individual nurses);
Detect and prevent fraud, manipulation, spam, abuse, and security incidents;
Communicate with you about your account, service changes, and legal notices;
Comply with legal obligations, enforce our Terms, and defend our legal rights;
Analyze usage patterns to understand how the Service is used and to improve it.

4. How Ratings Are Separated From Identity

We apply technical measures designed to prevent public or casual association of nurse identity with submitted ratings:

Ratings are submitted through a server-side edge function that hashes identifying information using a secret salt before writing to the votes database;
The votes database does not contain the nurse’s credential identifier, email, or other direct identifiers;
Direct database writes from clients are blocked by row-level security; only authorized server-side functions can insert ratings;
Public lookup views are restricted to prevent exposure of credential identifiers.

IMPORTANT: While we design the Service to prevent public association of identity with ratings, we cannot guarantee absolute anonymity. Server logs, edge function logs, authentication timestamps, and IP-level data exist and may, under sufficient analysis or legal compulsion, be used to associate a rating with an account. See Section 8 for details.

5. How We Share Information

We do not sell personal information. We share information only as follows:

5.1 Service Providers

We share information with vendors that help us operate the Service, including:

Supabase (database, authentication, edge functions);
Cloudflare (network, DDoS protection, edge caching);
Resend (transactional email delivery);
Apple (app distribution and push notification delivery);
Netlify (website hosting).

Each provider is contractually obligated to use information only to provide services to us.

5.2 Legal Process and Safety

We may disclose information when we believe in good faith that disclosure is required to:

Comply with a subpoena, court order, warrant, or other valid legal process;
Enforce the Terms of Service or investigate potential violations;
Detect, prevent, or address fraud, security, or technical issues;
Protect the rights, property, or safety of CutScore, our users, or the public.

We are not obligated to, and generally will not, resist valid legal process on your behalf. Where legally permitted, we may notify you that your information has been requested.

5.3 Public Display

Aggregated rating scores are displayed publicly (after the minimum threshold of contributing ratings is reached). Individual rating submissions, including any commentary, may be displayed in aggregate form. We do not publicly display the identity of any nurse in connection with any rating.

5.4 Business Transfers

If CutScore is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify you of any such transfer that materially changes how your information is handled.

5.5 With Your Consent

We may share information for other purposes with your consent.

6. Your Choices

6.1 Access and Deletion

You may delete your account at any time using the in-app account deletion feature or by emailing legal@trustcutapp.com. Upon deletion, we will remove your account credentials and credential records. Ratings previously submitted may remain in aggregated, de-identified form, as permitted by law; this preserves the integrity of historical scores and does not identify you.

6.2 Correction

You may correct account information in-app or by contacting us.

6.3 Communications Preferences

You may opt out of non-essential communications by following unsubscribe links or contacting us. We will continue to send essential service and legal notices.

6.4 Do Not Track

The Service does not currently respond to browser “Do Not Track” signals.

7. Data Retention

Account information: retained while your account is active and for a reasonable period thereafter for security and legal purposes;
Credential records: retained while your account is active and for a reasonable period thereafter for audit and fraud-prevention purposes;
Aggregated rating data: retained indefinitely in de-identified form to preserve score integrity;
Server and edge function logs: retained for a limited period (typically 7–90 days depending on log type) for operational, security, and debugging purposes;
Records required for legal compliance: retained for the period required by applicable law.

8. Security and Anonymity Limitations

8.1 Security Measures

We implement technical and organizational measures designed to protect information, including encrypted connections (HTTPS/TLS), password hashing, row-level security policies, restricted administrative access, and server-side vote hashing. No system is perfectly secure.

8.2 Honest Disclosure About Anonymity

TrustCut is designed so that no one browsing the Service, and no ordinary administrator, can match a rating to a nurse’s identity. However, we want you to understand the following:

Our infrastructure providers collect metadata (including IP addresses, timestamps, and request logs) in the ordinary course of operations. This metadata exists on their systems and is subject to their own retention and legal-process policies.
Edge function logs may transiently contain data that, if combined with other information, could be used to associate an account with activity.
Timing correlation (the time a nurse’s account authenticated and the time a rating was submitted) is theoretically possible if logs are preserved and analyzed.
Valid legal process (subpoena, warrant, court order) may compel disclosure of any data we or our providers possess.
If you are considering submitting a rating where being identified would cause you serious harm (for example, where you believe litigation or employment retaliation is likely), you should not rely on the Service to provide protection that would withstand adversarial legal process. Consult your own attorney.

9. Children’s Privacy

The Service is not directed to, and we do not knowingly collect information from, children under 18. If you believe a child has provided information to us, contact legal@trustcutapp.com and we will take appropriate action.

10. Health Information and HIPAA

CutScore is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). The Service is not intended to, and users must not, submit protected health information (PHI) or information that could identify any patient, procedure, or clinical incident. If you submit PHI, we will remove it upon identification.

11. State Privacy Rights

11.1 California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of sale or sharing of personal information. We do not sell personal information. You may exercise these rights by contacting legal@trustcutapp.com. We will verify your request using reasonable measures. CutScore does not engage in “sharing” of personal information for cross-context behavioral advertising as defined under the CPRA.

11.2 Other States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws may have similar rights including access, deletion, correction, and opt-out rights. Contact legal@trustcutapp.com to exercise these rights.

12. International Users

The Service is operated from the United States and is intended for users located in the United States. If you access the Service from outside the United States, you consent to the transfer and processing of information in the United States.

13. Apple App Store Disclosures

In accordance with Apple App Store requirements, the data categories we collect and their linkage to user identity are disclosed in the Service’s App Store privacy label. You can review this label on the App Store listing for TrustCut.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. The “Last Updated” date at the top indicates when the policy was last revised. Continued use of the Service after the effective date of revisions constitutes acceptance.

15. Contact Us

CutScore Technologies LLC
4030 Wake Forest Rd, Ste 349
Raleigh, NC 27609
Email: legal@trustcutapp.com