This Privacy Policy explains what information Prospect 811 (“we,” “us”) collects when you use prospect811.com (the “Service”), how we use it, and the choices you have. It is part of our Terms of Service.
The short version: we collect what we need to run the Service — your account details, a session cookie, the working data you save, and server logs, plus your email address if you opt in to our mailing list. We don't sell your data, we don't run ads, and we don't use third-party analytics trackers.
We do not collect information about you from data brokers or other third-party sources, and the Service contains no advertising or third-party analytics scripts.
We do not sell or rent your personal information. We share it only with the service providers that make the Service run, and only for that purpose:
| Provider | Purpose | What they process |
|---|---|---|
| Optional sign-in | Your Google account email, name, photo | |
| Resend | Login, transactional, and (if you opt in) mailing-list email | Your email address and message contents |
| Stripe | Payments | Billing details and payment method (held by Stripe) |
| Cloudflare | Network and DDoS protection | Request traffic, IP addresses |
| Mapbox | Drive-route optimization and road distances | Provider practice locations (public data), sent from our servers — not your identity or account details |
| Esri | Map imagery (base tiles) | Map-tile requests from your browser (IP address); no account information |
We may also disclose information if required by law, or to protect the rights, safety, or property of Prospect 811, our users, or the public. If Prospect 811 is involved in a merger, acquisition, or sale of assets, account data may transfer with the business; this Policy would continue to apply to it.
The healthcare-provider information displayed in the Service (names, NPIs, practice addresses, phone numbers, billing statistics) comes from public datasets published by the U.S. government, including CMS Medicare provider utilization files and the NPPES registry. It is professional/business information about healthcare providers, published for public use — it is not data we collected about our users, and it contains no patient information.
We use a single first-party, HTTP-only session cookie to keep you signed in. It is essential to the Service and is deleted when you log out. We do not use advertising, tracking, or third-party cookies.
You can access the data you've stored in the Service at any time by signing in. To request a copy of your data, correct your account information, or delete your account and all associated data, email [email protected] from your account email. We respond to verified requests within 30 days. Depending on where you live (e.g., California, the EU/UK), you may have additional statutory rights — we honor access, correction, and deletion requests from all users regardless of location.
All traffic to the Service is encrypted over HTTPS. Sessions use secure, HTTP-only cookies. Access to production data is limited to those who operate the Service. No system is perfectly secure — if we learn of a breach affecting your personal information, we will notify you as required by law.
The Service is a business tool for adults. It is not directed to anyone under 18, and we do not knowingly collect information from children.
If we make material changes, we will notify you in the app or by email before they take effect. The “Last updated” date at the top reflects the current version.
Privacy questions or requests: [email protected]