NextBed, Inc. (doing business as Benchmark.care) — Privacy Policy

1) Information We Collect

A. Information You Provide

• Simulation and training data (no Patient Data): When learners complete practice scenarios, we capture their actions inside the simulation—such as selected case facts, decisions, free-text rationales, roleplay transcripts, use of hints, and documentation notes. Scenarios are designed to use synthetic or de-identified clinical context; they should not contain real patient identifiers.
• Account & organization information: Name, email, role, organization name, and configuration you or your organization provide (for example, which workflows you pilot, rubric configurations, and manager/learner assignments).
• Contact and demo requests: When you fill out a contact form, request a demo, or ask for a sample scorecard, we collect the information you submit (such as name, work email, organization, role, and details about the workflow you're onboarding).
• Customer support and feedback: If you contact us for support or provide feedback, we collect the contents of your messages and any additional information you choose to provide.

B. Automatic Collection

• Usage and device data: We automatically collect certain technical information when you use the Service, such as IP address, browser type, device identifiers, pages viewed, actions taken in the app (for example, simulations started, hints requested, attempts scored), timestamps, and referring pages. We use this data for security, troubleshooting, analytics, and to improve the product.
• Cookies and local storage: We use cookies and similar technologies to keep you signed in, remember preferences, associate events within a session, and understand how people discover and use the Service. You can control cookies through your browser settings, but some features may rely on them.
• Aggregated training metrics: We may create aggregated metrics such as completion rates, average readiness scores, hint dependency trends, or common rubric misses across a cohort, without identifying individuals in those summaries.

2) How We Use Information

• Operate, maintain, and improve the Service and underlying infrastructure.
• Provide workflow simulations, AI coaching, scorecards, and manager dashboards to you and your organization.
• Generate readiness scores, subscores, and coaching recommendations based on observable actions taken in the simulation.
• Provide customer support, respond to inquiries, and communicate about updates, pilots, and product changes.
• Monitor for abuse, secure the Service, and detect or prevent fraud, unauthorized access, or other harmful activity.
• Create aggregate, de-identified analytics (for example, training throughput by workflow, average time to independence, or common rubric gaps).
• Comply with legal obligations and enforce our agreements and policies.

3) PHI and HIPAA

Benchmark is designed for training and readiness simulation without Protected Health Information (PHI). Scenarios rely on synthetic or de-identified cases. You should not enter real patient identifiers into the Service.

• Do not include PHI: Do not enter names, full dates of birth, medical record numbers, street addresses, personal phone/email, or other direct identifiers in simulation responses, notes, or free-text fields.
• Business Associate Agreements (BAAs): By default, Benchmark is not your HIPAA Business Associate. If your organization requires a BAA to use the Service in a HIPAA-regulated context, we will execute a separate written BAA before PHI is introduced. Without a BAA in place, you agree not to submit PHI to the Service.
• Erroneous PHI: If we become aware that PHI was submitted contrary to this Policy, we will take reasonable steps to delete it where feasible and may contact the submitting user or organization.

4) How We Share Information

• Within your organization: Readiness scores, attempts, and related training data may be visible to managers, administrators, or other authorized personnel in your organization, consistent with how the Service is configured.
• Service providers: We use trusted vendors for hosting, data storage, logging, email/SMS delivery, analytics, and similar services. These providers are bound by contracts that require them to protect data and use it only according to our instructions.
• Product analytics and improvements: We may use aggregated and de-identified information to understand how features are used and to prioritize improvements. These insights do not identify individual learners.
• Legal, safety, and rights: We may access, preserve, or disclose information if we believe it is reasonably necessary to comply with law or legal process; protect the rights, property, or safety of Benchmark, our users, or others; or to enforce our agreements or policies.
• Corporate transactions: If we are involved in a merger, acquisition, financing, or sale of all or a portion of our business, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
• No sale of personal data: We do not sell or rent personal information.

5) Data Retention

We retain information for as long as reasonably necessary to provide the Service, support pilots and contracts, comply with legal obligations, resolve disputes, and enforce our agreements. Aggregated and de-identified training analytics may be retained indefinitely. Where required by law or by your contract, we will delete or anonymize certain data after a specified period. You or your organization may also request deletion of account information, subject to legal and operational limitations.

6) Security

We use administrative, technical, and physical safeguards appropriate for the data we process, such as encrypted transport, authentication controls, and restricted access based on role. However, no system is 100% secure. You are responsible for using good judgment in what you submit, following your organization's policies, and avoiding the inclusion of PHI unless a BAA is in place and the Service is configured for that use.

7) Your Choices

• Account and notification settings: Where available, you can update your profile and notification preferences (for example, email alerts) in the Service.
• Access, correction, deletion: You or your organization may request access to, correction of, or deletion of certain account information by contacting us. We may need to retain some records for legal, security, or operational reasons.
• Cookies and analytics: Most browsers allow you to manage cookies and similar technologies. Disabling them may affect sign-in and some personalization features. If you use browser-based analytics opt-outs, those tools may limit certain types of measurement.

8) Children’s Privacy

The Service is intended for professional use by adults in healthcare organizations. It is not directed to individuals under 18, and we do not knowingly collect information from minors. If we learn that we have collected information from a minor, we will take reasonable steps to delete it.

9) International Use

The Service is hosted in the United States and primarily intended for U.S.-based providers and organizations. If you access the Service from outside the United States, you are responsible for complying with local laws and understand that your information may be processed in the U.S., where data protection laws may differ from those in your jurisdiction.

10) Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice, such as by updating the “Last updated” date above, displaying a notice in the app, or sending an email to account contacts. Your continued use of the Service after an update means you accept the revised Policy.

11) Contact Us

If you have questions about this Policy or would like to exercise your privacy-related rights, you can contact us at: bryan@benchmark.care.