1. Overview

This Privacy Policy describes how Desert Oasis Recovery (“we,” “us,” or “our”) collects, uses, and protects information in connection with the Secure Send staff portal (“the Portal”). The Portal is an internal communication tool used exclusively by authorized staff members of Desert Oasis Recovery.

2. Who This Applies To

This Portal is restricted to authorized employees and contractors of Desert Oasis Recovery. It is not a public-facing application. Access is granted only to individuals with a valid organizational Google Workspace account (@desertoasisrecovery.org or @desertoasisrecovery.com).

3. Information We Collect

When you sign in and use the Portal, we collect:

• Authentication information — Your Google account email address and display name, obtained via Google Sign-In (OAuth 2.0). We do not collect or store your Google password.
• Message content — Secure messages you compose and send through the Portal. Message bodies are encrypted at rest using AES-256-GCM encryption before being stored.
• Usage logs — Server-side logs of API requests (IP address, timestamp, HTTP method/path). These logs do not include message content or encryption keys.
• Recipient email addresses — Email addresses of message recipients, used solely to deliver one-time access PINs.

4. How We Use Information

• To authenticate authorized staff members via Google Sign-In
• To deliver encrypted messages securely to intended recipients
• To send one-time PIN codes to recipients for message access
• To maintain audit logs for security and compliance purposes
• To enforce access controls and message revocation

We do not sell, share, or disclose any information to third parties except as required by law or as necessary to operate the Portal (e.g., AWS SES for email delivery, Google Cloud for hosting and authentication).

5. HIPAA Compliance

Desert Oasis Recovery is a HIPAA-covered entity. All Protected Health Information (PHI) transmitted or stored through the Portal is handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and our organizational policies. Message content is encrypted at rest and in transit. Access is strictly limited to authenticated, authorized staff. Audit logs are maintained as required by HIPAA Security Rule §164.312(b).

6. Data Security

• All data is transmitted over HTTPS (TLS 1.2+)
• Message bodies are encrypted with AES-256-GCM before storage
• Encryption keys are stored separately from ciphertext
• All client-side Firestore access is denied — data is only accessible via authenticated server-side API routes
• PIN codes are hashed with bcrypt and expire after use
• Messages can be revoked by administrators at any time

7. Data Retention

Message data is retained for the period required by applicable law and our internal records retention policy. Staff authentication records are retained for the duration of employment plus a reasonable period thereafter. You may request deletion of your data by contacting the IT department.

8. Google Sign-In

The Portal uses Google OAuth 2.0 for authentication. When you sign in with Google, we receive your name and email address from Google. We do not request access to your Google Drive, Gmail, calendar, or any other Google services. Your use of Google Sign-In is also governed by Google's Privacy Policy.

9. Contact

For questions about this Privacy Policy or our data practices, contact:

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the effective date at the top of this page. Continued use of the Portal after changes constitutes acceptance of the updated policy.