Privacy Policy

1. Plain-language summary

The directory is free for nurses. You can browse all 1,213 programs without an account and without any cookie on your device. We do not run advertising pixels, session replay, or behavioral tracking. We do use Google Analytics 4 in a cookieless configuration to count aggregate visits — no cookies are stored, your IP is anonymized before logging, and ad personalization signals and Google Signals are disabled. If you create an account (to claim a listing or submit a correction), we store the minimum needed to make that work, on a private database we operate. We never sell, rent, share for advertising, or "monetize" personal data. Period.

2. Who we are

The Nurse Residency Directory ("we", "us", "the directory") is operated by Global Cyber Institute, Inc., a 501(c)(3) non-profit organization registered in New York State. Global Cyber Institute is the data controller for personal information collected through this site.

3. What data we collect

3.1 If you browse without an account

Nothing personally identifying. Browsing does not require an account. We do not load advertising pixels or session-replay code. We do load Google Analytics 4 in a strict cookieless configuration (client_storage: 'none', anonymize_ip: true, allow_ad_personalization_signals: false, allow_google_signals: false) to measure aggregate page views, country, and device class. Google receives a per-request beacon with an anonymized IP, page URL, and standard request metadata; no cookies are stored on your device, no cross-site identifiers are sent, and the visit cannot be tied to advertising profiles. Your IP address may also briefly appear in our hosting provider's edge logs (Vercel) for delivery and abuse-prevention purposes; we do not store, query, or join those logs to anything else.

3.2 If you submit a correction

Corrections are sent to our editorial inbox by email through our email provider (Resend). When you submit one, we receive:

• The correction itself (which field, suggested value, source URL or note)
• Optionally, your email and role — only if you choose to provide them, and only used if a reviewer needs to follow up
• Your browser's user-agent string, included in the email for abuse triage

No account is required to submit a correction, and we do not store submissions in a database — they live in our email inbox like any other message.

4. How we use it

We use collected data only to:

• Operate the directory (display listings and accept corrections)
• Reach out about a correction if needed (only with the email you provide)

We do not use any data for behavioral advertising, profiling, or training third-party AI models.

5. When we share it

We do not sell, rent, trade, or share personal data for advertising. We share data only with:

• Sub-processors required to run the site:
  • Vercel, Inc. — hosting and content delivery (United States). Privacy.
  • Resend — delivers correction submissions to our editorial inbox by email (United States). Only the contents of a correction you choose to submit are processed. Privacy.
  • Google LLC — (1) Google Fonts CDN serves typefaces; Google may briefly receive your IP for font delivery. (2) Google Analytics 4 in a cookieless configuration (see §3.1) — Google receives an anonymized per-request beacon used to count aggregate visits. We do not use Google Ads, conversion tags, Google Signals, or any Google service for behavioral profiling. Privacy.
• Law enforcement when legally required, with notice to the affected user where lawful.
• Successor entity if Global Cyber Institute's assets are transferred to another non-profit; in such a case, this policy continues to apply.

6. Cookies, pixels & trackers — explicit list

We list every tracking technology used on this site, in plain language, so you can audit us against your network log:

• Cookieless Google Analytics 4 beacon (every page). Configured with client_storage: 'none', anonymize_ip: true, and ad signals disabled. Does not write any cookie to your device. Google receives an anonymized IP, page URL, and device class per page view. Cannot be joined to advertising profiles. Measurement ID: G-PH5VNTSZB6.

That is the complete list. This site sets no cookies of any kind — there is no sign-in, and no checkout.

We do not use:

• Meta (Facebook) Pixel
• Google Ads conversion tags, Google Signals, or any standard (cookie-based) Google Analytics configuration
• TikTok Pixel, LinkedIn Insight Tag, Pinterest Tag, Twitter/X Pixel
• Hotjar, FullStory, Mouseflow, Microsoft Clarity, or any session-replay tool
• Any cross-site behavioral advertising network
• Any "data broker" sharing arrangement
• Any healthcare-related third-party tracker (the directory is a public information resource, not a covered entity, but we hold ourselves to the same anti-tracking posture that healthcare-pixel litigation has identified as the safe baseline)

Because the only browse-time technology we load is the cookieless GA4 beacon (which sets no cookies and sends no personally identifying data to Google), a cookie-consent banner is not required and would be misleading. We do not display one.

7. Your rights

Regardless of where you live, you can:

• Access the data we hold about you
• Correct inaccurate data
• Delete your account and all associated data
• Export your data in a portable format (JSON)
• Opt out of all marketing emails (we send minimal transactional emails only)

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with specific privacy rights (GDPR, UK GDPR, CCPA/CPRA), those rights apply in full. Email privacy@globalcyberinstitute.org to exercise any of them.

8. Data retention

We retain personal data only for as long as it is needed to operate the service. When you delete your account, your personal data is removed from production systems within 30 days and from backups within 90 days. Aggregated, non-identifying analytics may be retained indefinitely.

9. Security

Data is encrypted in transit (TLS 1.3) and at rest. Authentication uses magic-link sign-in (no passwords stored on the site). Ownership verification follows the same standards as Google Search Console.

10. Children's privacy

The directory is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. Nurse residency programs require licensure (which presumes adulthood), so this should never be an issue in practice.

11. Changes to this policy

We will update this policy if our practices change. Material changes will be announced via email to active account holders at least 14 days before they take effect. Non-material changes (clarifications, formatting, fixes) may be made without notice.

12. Contact us

Global Cyber Institute, Inc. is the data controller. You can reach us at:

This policy is provided for transparency and is not a substitute for legal advice. Global Cyber Institute reviews and updates this policy annually as part of its non-profit governance practices. A summary of all sub-processors and our anti-tracking posture is also published as a static page at /trust.