How VitalCV handles your data

VitalCV is designed for healthcare credentialing workflows. We process only publicly available provider data and never store Protected Health Information.

Last updated: April 2026

Data We Process

VitalCV processes publicly available credentialing data including National Provider Identifier (NPI) numbers, OIG/LEIE exclusion status, CMS PECOS enrollment records, and state licensure information. We do not collect, store, or transmit Protected Health Information (PHI).

How We Use Your Data

We use provider data solely to generate source-backed readiness snapshots and credential passports. Employer review actions are audit-logged and attributed to the acting organization. We do not sell, share, or monetize individual provider data.

Data Storage & Security

All data is stored in HIPAA-aligned infrastructure with encryption at rest and in transit. Readiness snapshots are scoped to the requesting session. Credential passports are shareable only by the provider or an authorized employer reviewer.

Third-Party Services

VitalCV integrates with federal data sources (CMS/NPPES, OIG/LEIE, CMS PECOS) and configured state board registries. Authentication is provided by Clerk. Analytics use PostHog with no PII collection. We do not use third-party advertising trackers.

Your Rights

You may request deletion of any stored readiness data by contacting privacy@vitalcv.com. Providers can view what data is attached to their NPI at any time through the passport surface. Employers may request audit logs of review actions taken by their organization.

Contact

For privacy questions, data requests, or to report a concern, contact privacy@vitalcv.com.