What is the difference between W-2 and 1099 for healthcare professionals?

W-2 healthcare professionals are traditional employees who receive benefits and have taxes withheld by their employer. 1099 independent contractors set their own schedules, negotiate higher rates, and are responsible for their own taxes, retirement, and benefits. 1099 Ops helps independent healthcare professionals manage the added complexity of self-employment.

How do 1099 CRNAs handle quarterly taxes?

1099 CRNAs must make estimated quarterly tax payments to the IRS (and often state agencies) using Form 1040-ES. Payments are due in April, June, September, and January. 1099 Ops includes a tax engine that estimates your quarterly liability based on your actual shift income, deductions, and entity structure (sole prop vs. S-Corp).

What tax deductions can 1099 healthcare contractors claim?

Common deductions include malpractice insurance, licensing and credentialing fees, continuing education, travel and lodging for locum tenens assignments, health insurance premiums (self-employed health insurance deduction), home office expenses, professional memberships, and equipment. 1099 Ops helps track and categorize these deductions automatically.

Should a 1099 CRNA or NP form an S-Corp?

Forming an S-Corp can reduce self-employment taxes by allowing you to split income between a reasonable salary and distributions. This typically benefits 1099 healthcare professionals earning over $80,000-$100,000 annually. 1099 Ops includes scenario modeling to compare your tax liability as a sole proprietor vs. S-Corp so you can make an informed decision.

How does 1099 Ops help independent healthcare professionals?

1099 Ops is an all-in-one platform built specifically for 1099 healthcare professionals including CRNAs, NPs, PAs, and physicians. It provides shift tracking with per-facility pay rules, a real-time tax estimation engine, credential and license management, income scenario modeling, and export tools for accountants. Start free with core features or upgrade to Pro for the full tax engine and unlimited facility rules.

Privacy Policy

Effective date: May 4, 2026 · Last updated: May 4, 2026

This Privacy Policy describes how CRNA Link LLC ("we", "us", "our") collects, uses, shares, and protects personal information when you use 1099 Ops at https://1099ops.app, our mobile applications, and related services (collectively, the "Service").

Who we are. CRNA Link LLC is a US limited liability company. The Service is built for US-based independent healthcare contractors (CRNAs, NPs, PAs, physicians, and other 1099 healthcare professionals).

Information We Collect

We collect the following categories of information:

Account information you provide: your name, email address, mobile phone number (if you opt into SMS), provider type (CRNA / NP / PA / MD-DO / Other), business entity election, filing state, and (optionally) spouse first name + dependent count for tax planning.
Work data you enter: shift records (date, hours, facility, amount, mileage), facility rules, credentials (license type, expiry date — never license numbers), receipts (vendor, amount, category, date, optional photo), mileage log entries.
Tax-planning inputs you enter: filing status, dependent count, prior-year AGI estimate, quarterly estimated payments you've made, retirement contribution amounts, depreciable assets.
Authentication identifiers: Google OAuth refresh token (encrypted at rest) when you connect Google Calendar; Apple Sign-In subject identifier (if used); Supabase auth session cookies.
Subscription and billing: Stripe customer ID, subscription tier, billing cycle, and addon entitlements. Card numbers and bank account details are stored by Stripe — we never see them.
Connected-account transaction data: if you choose to connect a financial account through Plaid, we receive limited account and transaction metadata such as institution name, account type/subtype, account mask or last four digits where available, transaction date, amount, merchant or description, category, and pending/posted status. We use this to identify 1099 income, business expenses, transfers, refunds, and tax/cash-flow summaries. We do not store full bank account numbers, routing numbers, or Plaid Identity/Auth profile data.
Usage analytics: page views, device type, browser, operating system, referrer, anonymized IP address, and feature interactions.
Diagnostic / error data: client and server error reports (via Sentry) which may include URLs, breadcrumbs of recent actions, and stack traces — we scrub known PII fields before sending.

Information we do NOT collect: we do not collect Social Security Numbers, Tax Identification Numbers, full bank account or routing numbers, full credit or debit card numbers, NPI numbers, or specific medical information about you or any patient.

How We Use It

We use the information we collect to:

Provide, operate, maintain, and improve the Service
Calculate tax estimates, write-offs, and quarterly amounts
Match imported calendar events to your facility rules
Generate the year-end CPA package on request
Send transactional SMS notifications you opted into (see SMS Communications below)
Process subscription payments through Stripe
Classify connected-account transactions as income, expenses, transfers, refunds, or payments when you connect Plaid
Generate transaction review queues, documentation prompts, tax estimates, and cash-flow recommendations from limited Plaid-derived data
Detect, investigate, and prevent fraud or abuse
Comply with legal obligations and respond to lawful requests
Communicate with you about account issues and product updates

We never sell your personal data. We do not use your personal data for advertising, train AI models on your data, or share it with data brokers.

Sub-Processors and Third-Party Services

We rely on the following sub-processors to operate the Service. Each is contractually required to process your data only on our behalf and only to deliver their specific function:

Supabase (Supabase, Inc.) — database hosting and authentication
Vercel (Vercel Inc.) — application hosting and edge delivery
Stripe (Stripe, Inc.) — subscription billing and payment processing
Plaid Inc. — financial account connection and transaction data retrieval when you choose to connect an account. Plaid stores and processes bank-side credentials and account-access details; 1099 Ops receives limited account and transaction metadata for income and expense classification.
Twilio (Twilio Inc.) — transactional SMS delivery (when you opt in)
Twilio Verify — one-time passcode delivery for phone verification and two-factor authentication
Google LLC — Google Calendar API (when you connect calendar) and Google OAuth (when you sign in with Google)
Anthropic, PBC — AI model inference for in-app assistance, year-end document drafting, and the OpsPilot agent. Your conversation content is sent to Anthropic to generate replies; Anthropic does not retain your data for training.
Sentry (Functional Software, Inc.) — error and performance monitoring (PII fields scrubbed before send)
Resend (Resend Inc.) — transactional email delivery (account, billing, year-end package emails)

We do not transfer your personal data to any party outside this list except (1) to comply with a lawful request such as a subpoena or court order, (2) to a successor entity in connection with a merger or sale of CRNA Link LLC (in which case the successor will be bound by this Policy), or (3) with your explicit consent.

Data Retention

We retain different categories of information for different periods:

Account information: for as long as your account is active. Deleted within 30 days of account deletion request.
Work and tax data: retained while your account is active. After account deletion, retained in encrypted form for up to 7 years to comply with IRS audit windows applicable to tax records.
Authentication tokens: Google OAuth refresh token retained while you have Google Calendar connected. Deleted immediately when you disconnect calendar from the Settings page.
Plaid connection data: Plaid access tokens are retained only while your connected financial account is active and are deleted when you disconnect Plaid or delete your account. Plaid-derived transaction records are retained while your account is active and may be retained after deletion only where required for tax, accounting, legal, fraud-prevention, or backup-retention obligations. We do not retain full account or routing numbers.
Billing records: retained for 7 years for tax and accounting purposes.
Server logs and analytics: retained for up to 13 months in aggregated form.
Backups: may persist up to 35 days after deletion as part of routine backup rotation, then are overwritten.
SMS data: see the SMS Communications section below for SMS-specific retention windows.

Data Security

All data is encrypted in transit (TLS 1.2 or higher) and at rest. Plaid connection tokens are server-only and are not returned to the browser, exposed in SMS, or included in model-visible agent context. We use Supabase row-level security so each user can only access their own records. We use industry-standard security practices and regularly audit our infrastructure. Access to production systems is restricted to authorized personnel and is logged.

Security incident notification. If we discover a security breach that materially affects your personal information, we will notify you by email within 72 hours of confirming the scope, and we will report the incident to applicable regulators as required by law.

Google API Services User Data Policy

1099 Ops's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access. With your explicit consent, 1099 Ops requests the https://www.googleapis.com/auth/calendar.readonly scope to read events from your Google Calendar. We read event titles, start and end times, and locations. We do not read attendees, descriptions, or attachments, and we do not write, modify, or delete any calendar data.

How we use it. Calendar events are matched to your configured facility rules to automatically create shift records inside 1099 Ops. This lets you track earnings, hours, mileage, and tax estimates without manually re-entering each shift.

How we store it. We store the OAuth refresh token for your Google account in our database (encrypted at rest, with row-level security policies so only your account can read it). Imported shifts are stored in your 1099 Ops account. We do not copy the underlying Google Calendar events into long-term storage; only the derived shift records you confirm are persisted.

How we share it. We do not sell, rent, or transfer data received from Google APIs to any third party, and we do not use Google user data for advertising, training AI models, or any purpose other than providing the shift-sync features you requested. Subprocessors (Supabase for database hosting, Vercel for application hosting) process data solely to operate the service.

How to revoke access.You can disconnect Google Calendar at any time from the app's Settings page, which deletes the stored refresh token. You can also revoke access directly at myaccount.google.com/permissions.

SMS Communications

This section describes how 1099 Ops handles data for our SMS notification program. The full program disclosure, including the channel list and sample messages, is at 1099ops.app/sms-consent.

Data we collect when you enroll in SMS. When you opt in to SMS we collect: your mobile phone number (US numbers only); the date, time, and IP address of your opt-in; the exact consent disclosure text you agreed to (TCPA evidence); your channel preferences (which categories of message you opted into); and a log of every message we send you, including sender, recipient, channel, timestamp, delivery status, message body, and the body of any reply you send to us.

How we use it. Phone numbers and message metadata are used solely to deliver the transactional SMS messages you opted into (tax-deadline reminders, payment alerts, account notifications, 1099OPS Agent replies), to process your STOP, HELP, START, or app-side opt-out requests, to respond to your replies (Y/N approvals of pending actions, 2FA codes, natural-language questions to 1099OPS Agent), and to audit our compliance with TCPA and debug delivery issues.

How we do NOT use it. We do NOT use SMS for marketing or promotional content. We do NOT sell, rent, lease, or trade your phone number to third parties. We do NOT share your phone number with affiliates for their marketing or with data brokers. We do NOT enroll you in any other SMS programs without separate consent.

Sub-processors. We use Twilio Inc. as our SMS service provider and Twilio Verify for one-time passcodes used in two-factor authentication and phone verification. Twilio is a sub-processor under our Data Processing Agreement and is contractually required to process your phone number and message content only on our behalf and only to deliver the SMS messages you opted into.

Data retention. Phone numbers are retained as long as your account is active or you have active SMS opt-ins; after you opt out we retain your phone number for 30 days for re-opt-in convenience, then anonymize the record. Message metadata (sender, recipient, channel, status, timestamp) is retained for 13 months for compliance and audit. Message body text is retained for 90 days, then truncated. Consent evidence (timestamp, IP, user agent, disclosure text) is retained for 4 years per TCPA statute of limitations.

How to opt out. You can opt out at any time by replying STOP (or STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) to any of our SMS messages, by toggling a channel off in the SMS Preferences page in the app, by clicking "Disconnect SMS" in the app, or by emailing support@1099ops.app to request manual removal. For help, reply HELP to any message.

Your rights. You have the right to receive a copy of all SMS metadata we hold for you (email support@1099ops.app), to request deletion of your phone number and SMS history (subject to our legal retention obligations), and to opt out of SMS at any time without affecting your other use of 1099 Ops.

Cookies and Similar Technologies

We use cookies and similar local-storage mechanisms to keep you signed in, remember your preferences, and measure how users interact with the Service.

Strictly necessary cookies: Supabase auth session cookies required for sign-in. Cannot be disabled while signed in.
Functional storage: localStorage and sessionStorage used to remember your wizard progress, last-used filters, and SMS opt-in timestamp (TCPA evidence).
Analytics: we use first-party page analytics to count page views and referrers. We do not run third-party advertising trackers.

You can clear cookies and local storage at any time through your browser settings; doing so will sign you out and reset wizard state.

Your Rights

Regardless of where you live, you have the right to:

Access the personal information we hold about you
Correct inaccurate information
Delete your account and associated data (subject to the retention obligations listed above)
Export a copy of your data in a machine-readable format
Withdraw consent for SMS, Google Calendar access, or any optional data use at any time
Object to particular uses of your data

Most rights can be exercised directly in the app from the Settings page. To request access, correction, deletion, export, or to withdraw consent, you can also email support@1099ops.app. We will acknowledge your request within 5 business days and respond substantively within 30 days.

Account and Data Deletion

You can request account deletion at any time:

In the app: Settings → Delete Account. Account access is revoked immediately. Stored data is permanently deleted within 30 days, except for records we are legally required to retain (tax records, billing history) which are retained encrypted for the periods listed above and then deleted.
By email: send a deletion request from your account email address to support@1099ops.app with subject "Delete my account". We will confirm receipt within 5 business days and complete the deletion within 30 days.

Disconnecting Google Calendar. You can disconnect Google Calendar without deleting your account by visiting Settings in the app or by revoking access at myaccount.google.com/permissions. When you disconnect, we delete the stored OAuth refresh token immediately. Shift records previously imported are kept inside your 1099 Ops account; you can delete them individually from the Shifts page.

California Residents (CCPA / CPRA)

If you are a California resident, you have the additional rights granted by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

The right to know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with — disclosed throughout this Policy
The right to delete your personal information
The right to correct inaccurate personal information
The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
The right to limit the use of sensitive personal information
The right not to be discriminated against for exercising these rights

We do not sell or share your personal information for cross-context behavioral advertising. To exercise any of the above rights, email support@1099ops.app. We will verify your identity by matching your email to the account on file before responding.

Children's Privacy

The Service is built for working healthcare professionals and is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please email support@1099ops.app and we will delete the information promptly.

International Users

The Service is operated from the United States and is intended for US-based independent healthcare contractors. All data is stored on servers located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Effective date" and "Last updated" at the top of this page reflect the most recent change. Material changes will be communicated to active users by email and through an in-app notice at least 14 days before taking effect, so you have time to review and decide whether to continue using the Service.

Contact

For privacy questions, requests, or complaints:

Email: support@1099ops.app
Entity: CRNA Link LLC (United States)
Response time: acknowledgment within 5 business days, substantive response within 30 days