Privacy Policy

1. INFORMATION COLLECTION

1.1 Information You Provide Directly

We collect information that you voluntarily provide when registering for an account, using our services, or communicating with us, including but not limited to:

• Identity Information: Full legal name, date of birth, government-issued identification numbers (where legally required)
• Contact Information: Email address, telephone number, mailing address, emergency contact details
• Account Credentials: Username, password, security questions and responses
• Professional Information: For facility operators and healthcare professionals—business name, professional licenses, certifications, credentials, facility information, and employment details
• Care-Related Information: Care preferences, medical needs summaries, budget requirements, location preferences, and tour scheduling information
• Financial Information: Payment card details, billing address, and transaction history (processed through PCI-DSS compliant third-party payment processors)
• Communications: Content of messages exchanged through the Platform, customer support inquiries, and feedback

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical and usage information, including:

• Device Information: Hardware model, operating system, unique device identifiers, browser type and version, mobile network information
• Log Data: IP address, access times, pages viewed, links clicked, referral URLs, and actions taken on the Platform
• Location Data: General geographic location derived from IP address; precise geolocation data when you grant permission for location-based services
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as described in our Cookie Policy

1.3 Information from Third Parties

We may receive information about you from third-party sources, including: (a) identity verification services; (b) professional license verification databases; (c) payment processors; (d) analytics providers; and (e) publicly available sources. We combine this information with other data we collect to ensure accuracy and enhance our services.

1.4 Data-Driven Insights and The Bridge Analyst

Our Service includes "The Bridge Analyst," a data-driven assistant (powered by artificial intelligence) designed to provide strategic insights and navigation support. When you interact with the Analyst, we may collect and process contextual metadata, including:

• Session Context: The specific page, document title, and feature area you are currently viewing to provide relevant, page-specific guidance.
• Role-Based Context: Your account role and permissions to ensure guidance is appropriate for your level of access.
• Interaction History: The content of your queries and the Analyst's responses to maintain conversation continuity.

This data is processed through enterprise-grade AI infrastructure. We do not use your private interactions or contextual data to train public AI models.

2. USE OF INFORMATION

We use collected information for the following lawful purposes:

2.1 Service Provision and Operations

• Providing, maintaining, and improving the Service
• Processing account registration and authentication
• Facilitating communication between platform users
• Processing transactions and managing subscriptions
• Providing customer support and responding to inquiries
• Personalizing user experience and content
• Generating data-driven strategic insights and navigation assistance via The Bridge Analyst

2.2 Safety, Security, and Legal Compliance

• Detecting, investigating, and preventing fraud, unauthorized access, and other illegal activities
• Enforcing our Terms of Service and other policies
• Verifying facility licensure and compliance status
• Complying with legal obligations, including subpoenas, court orders, and regulatory requirements
• Protecting the rights, safety, and property of The Bridge, our users, and third parties

2.3 Analytics and Improvement

• Analyzing usage patterns and trends to improve functionality
• Conducting research and development for new features
• Measuring the effectiveness of our services and marketing

3. DISCLOSURE OF INFORMATION

We may disclose your information in the following circumstances:

3.1 With Your Consent

When you request a tour, submit an inquiry, or otherwise consent to sharing your information with facilities, healthcare professionals, or other users, we share the information necessary to fulfill your request.

3.2 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions on our behalf, including: cloud hosting, data storage, payment processing, analytics, customer support, email delivery, and security services. These providers are contractually obligated to use your information only for the purposes of providing services to us and must maintain appropriate security measures.

3.3 Legal Requirements and Protection of Rights

We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; (d) protect the rights, property, or safety of The Bridge, our users, or the public; or (e) respond to an emergency involving danger to personal safety.

3.4 Business Transfers

In connection with a merger, acquisition, corporate restructuring, sale of assets, bankruptcy proceeding, or similar transaction, your information may be disclosed, transferred, or assigned as part of the business assets. We will endeavor to provide notice before personal information becomes subject to a different privacy policy.

4. DATA SECURITY

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Security measures include, but are not limited to:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest using AES-256 encryption
• Secure authentication mechanisms with optional multi-factor authentication
• Role-based access controls and least-privilege principles
• Regular security assessments, penetration testing, and vulnerability scanning
• Employee security awareness training
• Incident response and breach notification procedures

Disclaimer: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. You acknowledge and accept that you transmit information to us at your own risk.

For information regarding our HIPAA compliance practices, please review our HIPAA Compliance page.

5. DATA RETENTION

We retain personal information for as long as reasonably necessary to: (a) fulfill the purposes for which it was collected; (b) comply with legal, regulatory, and contractual obligations; (c) resolve disputes and enforce agreements; and (d) maintain business records for legitimate business purposes. When information is no longer required, we will securely delete or anonymize it in accordance with our data retention policies.

6. YOUR RIGHTS AND CHOICES

Subject to applicable law and verification of your identity, you may have the following rights regarding your personal information:

• Right to Know/Access: Request information about the categories and specific pieces of personal information we have collected about you
• Right to Correction: Request correction of inaccurate personal information
• Right to Deletion: Request deletion of your personal information, subject to certain legal exceptions
• Right to Portability: Request a copy of your personal information in a structured, machine-readable format
• Right to Opt-Out: Opt out of certain data processing activities, including marketing communications
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us at privacy@thebridge.care. We may require verification of your identity before processing requests. Certain requests may be subject to legal exceptions or limitations.

7. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In addition to the rights described above, California residents may:

• Request information about the categories of personal information collected, disclosed, and sold
• Request information about the business purposes for collecting personal information
• Designate an authorized agent to make requests on their behalf
• Limit the use and disclosure of sensitive personal information

Notice of Financial Incentive: We do not currently offer financial incentives for the collection, sale, or deletion of personal information.

8. INTERNATIONAL DATA TRANSFERS

The Bridge is headquartered in the United States. If you access the Service from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States, where data protection laws may differ from those in your jurisdiction. We implement appropriate safeguards for international transfers in accordance with applicable law.

9. CHILDREN'S PRIVACY

The Service is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

10. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites, applications, or services not operated or controlled by The Bridge. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access. We are not responsible for the privacy practices, content, or security of third-party services.

11. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated through prominent notice on the Platform or via email. The "Last Updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service following the posting of changes constitutes acceptance of those changes.

12. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: