Privacy Policy

The Healthcare Executive Compensation Project collects anonymous compensation data through our survey form. This data includes organizational characteristics (size, region, tax status), role information (title, tenure), and compensation details (salary, incentives, deferred compensation, equity, and employment agreement terms).

We do not collect your name, employer name, or any information that could directly identify you or your organization.

• Aggregated benchmarks: Your submission is combined with others to produce percentile-based compensation statistics (25th, 50th, 75th percentiles). Individual submissions are never displayed.
• Prevalence statistics: We report what percentage of respondents have certain plan types (deferred comp, LTIP, severance, etc.) to help executives understand what is standard in the market.
• Email (optional): If you provide your email to create a free account or subscribe to our newsletter, we use it solely for account access and to send quarterly compensation insights. We never sell or share your email.

We enforce strict aggregation rules to protect your anonymity:

• No statistic is ever displayed unless it represents at least 5 submissions.
• No single submission can represent more than 25% of any displayed statistic.
• We only show percentile ranges and prevalence rates — never individual data points.
• When a filter combination returns fewer than 5 results, we display an “insufficient data” message instead.

To maintain data quality, we use a one-way hash of your IP address and a browser fingerprint (screen resolution, timezone, and language settings) to detect duplicate submissions. These hashes are irreversible — we cannot determine your actual IP address or identity from them. They are used solely to prevent the same person from submitting multiple times within a 24-hour period.

The Healthcare Executive Compensation Project uses an invite code system to maintain data quality. Each invite code is single-use and tracks only whether it has been used — not who used it. After submitting, you receive 3 new codes to share with peers. The invite system creates a trust chain without collecting identifying information.

Your data is stored in a secured PostgreSQL database hosted by Supabase with row-level security policies. The public API and website only access data through aggregation functions that enforce our privacy thresholds. Individual submissions are never exposed publicly.

All data is transmitted over HTTPS. We do not store raw IP addresses, and browser fingerprints are hashed before storage.

We use essential cookies only for authentication (if you create a free account). We do not use advertising cookies, tracking pixels, or third-party analytics that follow you across the web.

• Supabase: Database hosting and authentication.
• Vercel: Application hosting.
• Resend: Transactional email delivery (only if you provide your email).

We do not sell, rent, or share your data with any other third parties.

Because submissions are anonymous and not linked to any identifying information, we cannot retrieve, modify, or delete a specific individual's submission after it has been submitted. This is by design — it's part of how we protect your privacy.

If you have created an account (email login), you can request deletion of your account and associated email address by contacting us.

We may update this privacy policy from time to time. Material changes will be noted by updating the “last updated” date at the top of this page.

Questions about this privacy policy or how we handle your data? Reach out at info@healthcomp.org.