WAYPOINT

Privacy Policy

Effective May 21, 2026 · Waypoint Recruitment and Staffing, Inc. · Questions: info@waypointrecruit.com
This Privacy Policy describes what Waypoint Recruitment and Staffing, Inc. collects when you use the Waypoint job board, how we use it, who we share it with, and the choices you have. We try to keep it plain. See our Terms of Service for the contract that governs your use of the service.

1. Who we are

Waypoint Recruitment and Staffing, Inc. ("Waypoint", "we", "us") operates https://jobs.waypointrecruit.com, a healthcare-only job board. This Privacy Policy describes what we collect, why, how we use it, and your rights regarding that information.

Questions about this policy or your data: info@waypointrecruit.com.

2. Information we collect from job seekers

Job seekers can browse and apply through Waypoint without creating an account. We do not collect resumes, cover letters, or application materials — those go directly to the hiring organization's applicant-tracking system when you click Apply.

When you visit the public site we automatically collect:

  • A first-party visitor identifier stored in a secure, HTTP-only cookie ("visitor_id"). This is used to deduplicate page views and clicks. It is not a third-party tracking cookie and does not follow you across other websites.
  • A session identifier stored in your browser's session storage, used to group views and clicks within a single visit.
  • Page views, search queries, impressions, card clicks, apply-button clicks, scroll depth, and time on page. We record which job was viewed or clicked, the page path, the referring URL, and the campaign UTM parameters (if any) that brought you to the site.
  • Your approximate location at the country, region, and city level, derived from your IP address by our hosting provider. We do not collect precise geolocation.
  • Basic technical information: browser, operating system, device type, screen size.

3. Information we collect from hospital and recruiter accounts

When an organization creates an account via /signup, we collect: organization name, contact name, work email, work phone (optional), your role at the organization, organization size, any free-text notes you provide, and the UTM parameters and IP-derived hash of the visit during which you signed up.

Once your account is active, we additionally collect the content of any job roles you post (title, location, specialty, apply URL, wage range, sponsorship tier), screening questions you configure, and all activity in your dashboard for security and audit purposes.

Payment information (credit or debit card) is collected and stored by our payment processor Stripe — Waypoint never sees or stores your full card number. We store only a Stripe customer reference, the card brand, last four digits, and expiration date for display in your dashboard.

4. Information we collect from lead-capture forms

Forms on /pricing and other public pages collect the contact details you submit (name, email, phone, organization, message) along with UTM source attribution and a hashed IP for spam rate-limiting. We do not sell or rent this information.

5. How we use this information

  • To operate the Service, including showing relevant jobs, surfacing sponsored placements, and routing apply clicks to the hiring organization;
  • To bill Clients for sponsored clicks and to stamp the verified cost-per-click on each billable event;
  • To prevent fraud, abuse, scraping, and unauthorized access;
  • To improve the Service, including aggregated analytics on which roles, regions, and specialties receive interest;
  • To communicate with Client account holders about their account, billing, and material changes to the Service;
  • To respond to inquiries received through contact and lead-capture forms.

We do not use job-seeker data for advertising on other sites, and we do not sell job-seeker data to third parties.

6. Cookies and tracking technologies

We use first-party cookies and browser storage only. The visitor_id HTTP-only cookie lasts up to 13 months and is used solely for analytics deduplication. UTM source attribution is stored in your browser's localStorage so we can credit the original source even if you return days later through a different link.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking.

7. Service providers we share data with

We share necessary information with a small set of vendors that operate parts of the Service. Each is bound by contract to use the data only for the purposes we specify:

  • Stripe (payment processing) — handles all card collection and one-time bundle charges for credit-model purchases. Receives Client contact info, transaction amount, and metadata identifying your account. No card is stored on file; each purchase is a fresh Checkout Session. See stripe.com/privacy.
  • Supabase (database hosting and authentication) — hosts our data and runs the login system. Receives all data described above.
  • Vercel (web hosting + Vercel Analytics) — serves the site and provides aggregate page-view metrics. Receives request logs and basic device info.
  • Cloudflare Turnstile (bot challenge on signup) — receives the bot challenge token and your IP address for the duration of the verification request.

When apply clicks route to the hiring organization, the destination URL includes UTM parameters (utm_source=waypoint_recruit, utm_medium=job_board, etc.) so the organization can attribute the visit. We do not pass identifying information about the candidate.

8. Data retention

  • Analytics events (page views, clicks, impressions) are retained for 24 months in detail, after which they are aggregated and the row-level visitor_id and session_id are dropped.
  • Client account data is retained for the lifetime of the account plus 7 years after closure, as required for tax and billing records.
  • Lead-capture form submissions are retained for 24 months unless converted to a Client account.
  • Visitor cookies expire after 13 months of inactivity.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to certain processing. To exercise these rights, email info@waypointrecruit.com from the address associated with your account.

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect and the right to opt out of any "sale" of personal information. We do not sell personal information as that term is defined under the CCPA.

EU/UK residents have rights under the GDPR/UK-GDPR, including data portability and the right to lodge a complaint with a supervisory authority. Our lawful basis for processing Client account data is contract performance; for analytics on the public site, our lawful basis is legitimate interest in operating and improving the Service.

10. Security

We use encryption in transit (HTTPS) for all traffic, encryption at rest for stored data, role-based access controls on our database, and short-lived access tokens for authentication. Payment information is never stored on Waypoint infrastructure.

No system is perfectly secure. If you believe an account has been compromised, contact info@waypointrecruit.com immediately so we can investigate and respond.

11. Children

The Service is intended for adults seeking employment in healthcare and for the organizations recruiting them. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact info@waypointrecruit.com and we will delete it.

12. International users

Waypoint is operated from the United States. By using the Service from outside the US you understand that your information will be transferred to and processed in the US, where data-protection laws may differ from those in your country.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to active Client billing contacts and via a notice in the dashboard at least 14 days before they take effect.

14. Contact

Privacy questions: info@waypointrecruit.com.

Effective date: May 21, 2026.

Terms of Service · Pricing · Sign up