Jemma
Sign inJoin free
Jemma
Join freeSign in

Privacy Policy

Last updated April 27, 2026

Jemma exists to help nurses see their financial picture clearly and earn what they're worth. To do that we collect data — some you give us directly, some we generate as you use the product. This page explains what we collect, why we collect it, who we share it with, and how you can take it back.

We aim for plain language. If a section is unclear, email privacy@nursejemma.com and we'll fix it.

1. What we collect

Account information

When you sign up: email address, first and last name, account type (nurse or student), and any profile details you choose to add (state, city, specialty, years of experience, education level, license type). Authentication uses magic links delivered via email, or Google OAuth if you choose that option.

License and verification

To verify you're a real nurse, we collect your nursing license number and the state it was issued in. CNAs provide their state Nurse Aide Registry number instead. This data is used only to confirm your credential and is never displayed publicly. We do not sell or share license numbers with third parties.

Salary submissions and pay stubs

When you submit a salary, you give us employer name, location, specialty, hourly or annual pay, differentials, bonuses, and other compensation details. To verify the data, you upload a pay stub image or PDF.

Pay stub images are processed in your browser before upload.Sensitive fields (SSN, bank account, routing number, employee home address, employee ID, date of birth) are detected on your device, blacked out as opaque pixels in the image, and permanently removed before any byte of the file leaves your browser. The redacted image is what we receive, store in our private file storage, and process via Anthropic's Claude vision API for salary extraction. Anthropic never sees the redacted fields. We retain the redacted image so we can re-verify if questioned.

You can verify the "never leaves your device" claim yourself: open your browser's DevTools to the Network tab during the redaction step and watch the data sent stay at zero until you tap Submit.

Salary submissions feed our aggregate Salary Explorer at the state-and-specialty level. Individual rows are visible to other verified Pro nurses on the platform but are stripped of your name and identifying details before display.

Voice recordings (Career Chapters)

Pro nurses can record short voice notes (up to two minutes) describing a career moment. Audio is uploaded to a private storage bucket scoped to your account. We send the audio to OpenAI's Whisper API for transcription, then send the resulting transcript text (not the audio itself) to Anthropic's Claude to propose structured chapter fields. Both providers' published API policies prohibit using submitted data to train their models by default.

You control retention with two separate actions:

  • Revoking audio consent deletes the audio file from our storage but keeps the transcript and chapter content. Useful if you want the words you spoke preserved as data but not the recording itself.
  • Deleting the recordingremoves both the audio file and the transcript text. A short pull-quote that's already been paraphrased into your timeline narrative is retained as part of the chapter; everything else from that recording is gone.

If you opt in via the consent checkbox at recording time (default on), your audio may also be used as input to a future Year-in-Review video-assembly feature. That feature is not yet shipped, and you can revoke this consent at any time using either of the controls above.

Career Chapters (text)

Chapter titles, dates, descriptions, personal notes, and uploaded photos. Photos are stored in a private bucket scoped to your account. Career Chapters content is private to your account and is not shared publicly unless you explicitly enable sharing for a specific chapter.

Honest Debt Club check-ins

If you use the Honest Debt Club tracker, we collect debt account balances, account types, and your monthly check-in entries. This data is private to your account.

Tool inputs and saved state

When you save inputs from our calculators (cost of living, tax, debt payoff, offer compare), the inputs and computed results are stored against your account so you can return to them. These are private to your account.

Payment information

When you subscribe to a paid plan, payment is processed by Stripe. We never see or store your full card number; Stripe sends us a customer ID and a token representing your payment method. Billing email, plan tier, and subscription status are stored against your account.

Referral data

If you refer another nurse, we record the relationship between your account and the referee account so we can credit you when the referral qualifies. Referral payouts above the credit threshold are processed via PayPal email; we collect that email only when you reach the payout tier and only for that purpose.

Product analytics

We use PostHog to understand how the product is used — which features are visited, where flows drop off, what calculators get saved. Per our internal taxonomy, analytics events never include your email, license number, pay stub file path, full name, phone number, or street address. Two-letter state codes and email domains (e.g. unc.edu for student verification) may appear; full email addresses do not.

PostHog session replays are sampled (10–25%) and exclude sensitive form fields (license number, pay stub upload).

Cookies

We use a small number of cookies. Strictly-necessary cookies (your authentication session, the consent choice itself) are set when you interact with the site and can't be turned off without breaking login. Analytics cookies are set only after you click Accept on our cookie banner; reject means none are set and no tracking fires.

The full per-cookie inventory (name, provider, purpose, duration) lives on the dedicated Cookie Policy page. You can change your choice at any time using the “Cookie Preferences” link in the footer.

2. Why we collect it

  • Verification.License and pay stub data confirm you're a real working nurse and that your salary submission is accurate. Verification is what makes our aggregate data trustworthy.
  • The product itself. Career Chapters needs your chapter content to render your timeline. The Salary Explorer needs verified submissions to show meaningful aggregates. The debt tracker needs your accounts to track your progress.
  • Improving the product. Anonymous usage analytics tell us which features matter and where flows are confusing.
  • Operating the business. Payment processing, transactional email (verification links, receipts), customer support.

3. Who we share it with

We do not sell your personal data. We share data only with the service providers we need to run the product, and only for the specific purposes listed below.

  • Supabase— authentication, database, file storage. Hosts your account, salary submissions, career chapters, and uploaded files.
  • Vercel— web hosting and request routing.
  • Stripe— payment processing for paid plans.
  • Resend— transactional email delivery (magic links, .edu verification, notifications).
  • Anthropic— pay stub vision extraction, Career Chapters AI insights, voice transcript extraction. Per Anthropic's API data-use policy, your data is not used to train their models.
  • OpenAI— Whisper transcription of voice recordings (audio only; no other data is sent). Per OpenAI's API data-use policy, API submissions are not used to train their models by default.
  • PostHog— product analytics and session replay (sampled).
  • Google— only if you choose Google as your sign-in provider. Google sees that you signed into Jemma; Jemma sees your Google email and name.
  • PayPal— only if you reach the referral payout tier and provide a PayPal email for disbursement.

We may also disclose data when required by law (subpoena, court order) or to protect Jemma, our users, or the public from harm.

4. Aggregate data and the public Salary Explorer

Verified salary submissions are aggregated and surfaced through the Salary Explorer for other nurses to learn from. Aggregation thresholds protect your identity:

  • Cells with fewer than 5 verified submissions show no data.
  • Cells with 5–29 submissions show limited statistics (median, range) without individual rows.
  • Cells with 30+ submissions show full statistics; verified Pro nurses can see individual submissions stripped of name and identifying details.

You can opt out of contributing to the aggregate by deleting your salary submission. The data is removed from public surfaces immediately; aggregate statistics recalculate without your row.

5. Your rights and controls

  • Access. Your dashboard shows all data we hold against your account. Request a portable export by emailing privacy@nursejemma.com.
  • Correction. Edit your profile, salary submissions, career chapters, and saved tool inputs from the dashboard at any time.
  • Deletion. Individual records (a chapter, a saved tool result, a voice recording) can be deleted from the dashboard. To delete your entire account and all associated data, email privacy@nursejemma.com.
  • Marketing consent. Marketing email consent is stored separately from transactional consent and can be toggled from your account settings. Transactional email (magic links, receipts) cannot be disabled while you have an active account.

6. Retention

We retain account data for as long as your account is active. After account deletion, most data is removed within 30 days, with limited exceptions for tax records (kept as required by law) and aggregated statistics (your individual row is removed; aggregates remain in historical form). PostHog analytics events are retained per its retention policy (free tier: one year).

7. Security

We host on Supabase and Vercel, both of which encrypt data in transit (HTTPS) and at rest. File storage (pay stubs, career photos, audio recordings) sits in private buckets with row-level security policies that restrict access to the owning user. Authentication tokens are short-lived and rotated. We do not have direct access to your card number; Stripe handles payment information.

No system is perfectly secure. If you believe your account has been compromised, email security@nursejemma.com immediately.

8. Children

Jemma is intended for working nurses and nursing students aged 18 and older. We do not knowingly collect data from anyone under 18.

9. Changes to this policy

When this policy changes materially, we'll email registered users and update the “Last updated” date at the top of this page. Continued use of Jemma after a change means you accept the updated terms.

10. Contact

Privacy questions: privacy@nursejemma.com
Security concerns: security@nursejemma.com
General: hello@nursejemma.com