Privacy Policy

Effective date: February 1, 2026

This privacy policy ("Privacy Policy") is entered into by and between you ("You" or "User") and The Bridge Health Collective, an Arizona company ("Company"). This Privacy Policy governs your access to and use of the Company's:

  1. Online and Mobile Services
  2. Offline Services
  3. Platform Services: This includes, but is not limited to, perinatal mental health care coordination workflows, referral submission and routing, clinician claiming of referrals, scheduling and capacity management tools, secure messaging, administrative and billing support, and other practice support features that may be made available from time to time.
  4. Company Software Applications: This includes, but is not limited to, the Company's website (www.bhc.healthcare) and platform, as well as any mobile applications provided by the Company (collectively referred to as the "Company Apps").

The term "Company Apps" encompasses all content, functionality, and care coordination and practice support services offered on or through the Company Apps, including content published by the Company for educational and informational purposes.

This page informs you of our policies regarding the collection, use, and disclosure of information, including personal information and, where applicable, protected health information ("PHI") when you use our Company Apps and the choices you have associated with that data. This Privacy Policy is a legally binding agreement between you ("User", "you" or "your") and the Company. By accessing and using the Website and Company Apps, you acknowledge that you have read, understood, and agree to be bound by the terms of this Agreement, including through the Company's click wrap consent process that requires you to affirmatively agree before submitting any information through the Company Apps. This Policy does not apply to the practices of companies that we do not own or control. This policy applies to all of our Company Apps, including Company Apps used by patients, clinicians, and referring providers.

We use your information to provide, operate, support, and improve the Company Apps, including to facilitate care coordination workflows and to support timely access to qualified perinatal mental health clinicians. By using the Company Apps, you agree to the collection and use of information in accordance with this policy now and as amended by us. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Service. For clarity, the Company supports access, coordination, and infrastructure, and clinical services are delivered by independently licensed clinicians operating independent practices.

Not a Notice of Privacy Practices

This Privacy Policy describes how the Company collects, uses, and discloses information through the Company Apps. It is not intended to serve as, and does not replace, a Clinician's Notice of Privacy Practices for clinical care. Each Clinician is responsible for their own clinical practice and may provide separate notices and consents that govern the Clinician's collection, use, and disclosure of protected health information in connection with treatment.

Scope and Roles

This Privacy Policy applies to the Company Apps and related services, including the referral and intake workflows, and it applies to Patients, Clinicians, Referring Providers, and other Users who access or use the Company Apps. The Company supports care coordination, referral routing, administrative workflows, and related practice support functions. Clinical services, including psychotherapy and psychiatric medication management, are provided by independently licensed Clinicians operating independent practices. The Company does not provide medical diagnosis, treatment, or prescribing services.

Definitions

  • Company Apps: Company Apps means our online and/or mobile services, offline services, and Company software applications, including but not limited to, the Company's www.bhc.healthcare website and platform, and any mobile applications provided by the Company and operated by us.
  • Personal Data: Personal Data means data about a living individual who can be identified from that data (or from other information either in our possession or likely to come into our possession), including information that identifies you or can reasonably be used to identify you.
  • Protected Health Information (PHI): Protected Health Information, or PHI, means individually identifiable health information that is created, received, maintained, or transmitted through the Company Apps in connection with facilitating care coordination, including information submitted through referral and intake workflows, secure messages, scheduling and coordination information, and related administrative and billing information, as applicable.
  • Usage Data: Usage Data is data collected automatically either generated by the use of the Company Apps or from the Company Apps infrastructure itself (for example, the duration of a page visit).
  • Cookies: Cookies are small pieces of data stored on your device (computer or mobile device).
  • Patient: Patient means a User who submits a referral or intake request, whether by self-referral or by provider facilitated referral, and who may receive clinical services from an independently licensed clinician through the care coordination workflows supported by the Company Apps.
  • Clinician: Clinician means an independently licensed mental health professional, including licensed therapists, psychologists, psychiatrists, and other appropriately licensed prescribing clinicians, who is vetted for licensure and scope of practice and who may voluntarily claim referrals through the Company Apps.
  • Referring Provider: Referring Provider means a healthcare provider or organization that submits, or assists with submitting, a referral through the Company Apps.
  • Data Controller: Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, the Company may act as a data controller for certain information and may also process certain information, including PHI, in connection with providing care coordination and platform services, as described in this Privacy Policy.
  • Data Processors (or Service Providers): Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
  • Data Subject (or User): Data Subject is any living individual who is using our Company Apps and is the subject of Personal Data, including Patients, Clinicians, and Referring Providers.
  • De-identified Data: De-identified Data means information that has been anonymized or de-identified so it does not identify you and cannot reasonably be used to identify you, including the post care completion metrics described in this Privacy Policy.

General Information Collection and Use

We collect several different types of information for various purposes to provide, operate, support, and improve our Company Apps to you, including to facilitate care coordination workflows and related platform services. Our information collection includes collecting information you provide directly through forms and account features, and collecting certain information automatically through your use of the Company Apps, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information as described in this Privacy Policy, all of which activities will take place in the United States. The Company Apps are intended for Users located in the United States only.

Specific Information Collection and Use

Based on our Company Apps, from the Users we may collect and use information including:

  • Account and profile information for Patients, Clinicians, and Referring Providers, including usernames, passwords, and role based permissions.
  • Patient identifying information and contact information submitted through referral and intake workflows, including name, email, phone number, demographic information, insurance information, presenting concern, state of residence, and referral source.
  • Information submitted and exchanged through care coordination workflows, including referral details, clinician claiming activity, outreach status, scheduling and coordination information, and secure messages between Patients, Clinicians, and, as applicable, Referring Providers.
  • Type of care sought, including psychotherapy, medication management, or other services offered by independently licensed Clinicians.
  • Insurance provider information, including whether a Patient is cash pay or seeking to use insurance, as applicable.
  • Clinical intake information submitted by Patients and any other information a Patient or Clinician provides through the Company Apps in connection with the referral and care coordination process.
  • Operate the Company Apps and facilitate care coordination, including routing referrals into a live queue, enabling Clinicians to voluntarily claim referrals, supporting outreach tracking, and supporting early clinical engagement workflows.
  • Internal operations and performance monitoring, including time to claim, time to contact, time to care completion, and related system metrics, including through the anonymization process described below.
  • Derive aggregated, de-identified insights about platform performance and care coordination workflows, without using PHI for marketing or advertising purposes.

PHI and Access Controls

The Company Apps may collect, receive, store, and transmit PHI submitted by Patients and Referring Providers to support care coordination and referral workflows. Access to PHI is limited through role based access controls. PHI is accessible only to authorized Company administrators and to verified Clinicians who have claimed a specific referral, and only to the extent needed to perform their roles in connection with that referral. The Company maintains policies and technical controls intended to limit access, support least privilege, and protect the confidentiality and security of PHI.

Artificial Intelligence (AI) Information Collection and Use

The Company may use automated tools to support platform operations, quality assurance, and security monitoring. The Company does not use PHI for advertising, behavioral targeting, or marketing, and does not use automated decision making to make clinical decisions or to replace a Clinician's independent professional judgment.

The primary purpose of any automated processing is to support the functionality of the Company Apps and the care coordination workflows described in this Privacy Policy, including maintaining system performance, preventing misuse, and supporting internal analytics using de-identified data.

Please note that the use of automated tools may result in the collection and analysis of certain technical information. This data may include information such as device and browser information, IP address, and other relevant details, primarily for security, fraud prevention, and system performance purposes.

Rest assured that we are committed to safeguarding your privacy and ensuring the security of your data information, including PHI. We do not use AI automated decision making to make decisions that have a significant impact on you without your explicit consent, and we do not use automated tools to provide medical diagnosis, treatment, or prescribing services.

Types of Data Collected

Personal Data

While using our Company Apps, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"), and, where applicable, protected health information ("PHI"). Personally identifiable information may include, but is not limited to:

  • Account Registration Information
  • Email address
  • First name and last name
  • Phone number (if provided)
  • Insurance provider information (if applicable)
  • State of residence (used for matching and compliance purposes)
  • Referral source information (how you heard about us)
  • Technical information such as device identifiers and IP addresses, primarily for security and system performance
  • IP addresses of individuals when using the Company Apps
  • Information you submit through referral and intake workflows, including presenting concern and related information that may constitute PHI

We do not use PHI for marketing or advertising purposes. We use information primarily to facilitate care coordination, support platform operations, and communicate with you about your referral, scheduling, care coordination activity, account related notices, and other service related communications.

Usage Data

We may also collect information that your browser sends whenever you visit our Company Apps or when you access the Company Apps by or through a mobile device. This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Company Apps that you visit, general interaction timestamps for security and system integrity purposes, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Company Apps by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. The Company uses Usage Data primarily for security, fraud prevention, and system performance monitoring, and not for third party advertising.

Location Data

We do not intentionally collect precise geolocation information from your device. The Company may use your state of residence and other location related information you provide for matching Clinicians, supporting in person care coordination where applicable, and complying with licensure and service availability requirements.

Tracking & Cookies Data

We may use limited cookies or similar technologies that are necessary for the operation, security, and integrity of the Company Apps, including maintaining user sessions and supporting authentication. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Company Apps.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Company Apps.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes. We do not use third party advertising cookies or tracking pixels to sell or share PHI or other sensitive health information for targeted advertising.

Use of Data

Company may use the collected data for various purposes, including, but not limited to:

  • To provide and maintain our Company Apps, including care coordination workflows, referral routing, clinician claiming, outreach tracking, scheduling, secure messaging, and related platform functionality
  • To notify you about changes to our Company Apps
  • To allow you to participate in interactive features of our Company Apps when you choose to do so, including account features and secure messaging between Patients, Clinicians, and Referring Providers, as applicable
  • To provide customer support and respond to requests, questions, and technical issues
  • To gather analysis or valuable information so that we can improve our Company Apps, including through de-identified and aggregated metrics such as time to claim, time to contact, and time to care completion
  • To monitor the usage of our Company Apps for system performance, quality assurance, and capacity planning
  • To detect, prevent and address technical issues, security incidents, misuse, fraud, and unauthorized access
  • To process and administer payments and subscriptions where applicable, including collecting cash pay amounts or co-payments, disbursing funds to Clinicians, and administering Clinician subscription fees, subject to applicable agreements and payment processor terms
  • To enforce our Terms of Service and other agreements, and to protect the rights, safety, and security of the Company, Users, and the public
  • We do not use PHI for marketing or advertising, and we do not sell PHI. We do not share PHI with third parties for their direct marketing or promotional use. Information we have about you for their direct marketing and other promotional use.

No Sale of PHI and No Targeted Advertising

The Company does not sell PHI, and does not share PHI with third parties for targeted advertising or marketing. The Company does not use third party tracking pixels or advertising cookies to track Users across third party websites for advertising purposes. If the Company ever introduces optional marketing communications unrelated to care coordination, Users will be able to opt out of those communications, and PHI will not be used for marketing without appropriate authorization.

Legal Basis for Processing Personal Data

The Company Apps are intended for Users located in the United States only. The Company processes information, including PHI where applicable, for purposes that include facilitating care coordination, providing the Company Apps, administering accounts, processing payments and subscriptions where applicable, maintaining security, and complying with applicable legal requirements.
Company may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests, and it's not overridden by your rights
  • For payment processing purposes
  • To comply with the law

In addition, where applicable, the Company may process PHI as needed to support care coordination workflows and related platform operations, consistent with this Privacy Policy and applicable healthcare privacy and security requirements.

Retention of Data

Company will use commercially acceptable means to retain your Personal Data and PHI for as long as reasonably necessary to facilitate care coordination and provide the Company Apps, and as otherwise described in this Privacy Policy. We will use commercially acceptable means to retain and use your Personal Data as needed to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Company Apps, or we are legally obligated to retain your data for longer time periods. After a Patient has been marked as "Care Completed" by the Clinician who claimed the request, the Company anonymizes the Patient's data, and the Company retains only a newly generated random UUID, the request type, the insurance provider, and de-identified time difference metrics, including time to claim, time to contact, time to care completed, and total care duration, and the Company does not retain datetimes or timestamps for that Patient following anonymization.

De-identification and Anonymization

The Company may use de-identified, aggregated, or anonymized information for internal analytics, product improvement, operational planning, and reporting, including evaluating access metrics and platform performance. When the Company anonymizes Patient data after care completion, the Company removes direct identifiers and retains only the limited anonymized elements described above. Anonymized and aggregated information is not intended to identify any individual Patient, and the Company does not attempt to re-identify anonymized information.

Transfer of Data

Your information, including Personal Data, will be processed and stored in the United States. The Company Apps are intended for Users located in the United States only. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to the processing and storage of your information in the United States. Company will use commercially acceptable means to ensure that your data is treated securely and in accordance with this Privacy Policy.

Business Transaction

If Company is involved in a merger, acquisition, reorganization, or asset sale, your Personal Data and, where applicable, PHI may be transferred. We will use commercially acceptable means to provide notice before your Personal Data and PHI are transferred and become subject to a different privacy policy, subject to applicable healthcare privacy and security requirements and any obligations the Company may have under agreements with Clinicians, Referring Providers, or other parties.

Disclosure for Law Enforcement

Under certain circumstances, Company may be required to disclose your Personal Data or PHI if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), including as required to respond to lawful process, to cooperate with regulatory inquiries, or to protect against fraud, security threats, or other unlawful activity, subject to applicable healthcare privacy requirements.

Legal Requirements

Company may disclose your Personal Data or PHI in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of the Company
  • To prevent or investigate possible wrongdoing in connection with the Company Apps
  • To protect the personal safety of users of the Company Apps or the public, including in connection with threats of harm, emergencies, or crisis situations
  • To protect against legal liability, including to establish, exercise, or defend legal claims

Any such disclosure will be limited to what the Company reasonably believes is necessary for the applicable purpose and will be made in accordance with applicable healthcare privacy and security requirements.

Security of Data

Broadly, security measures include:

  • Using a HIPAA compliant managed database for storing patient data, including Supabase (PostgreSQL) under a HIPAA compliant plan and business associate agreement ("BAA").
  • Using identity providers for authentication, including role-based access controls that limit access to PHI to authorized personnel and to verified Clinicians who have claimed a specific referral.
  • Limiting storage of identifiable Patient information to what is necessary to facilitate care coordination and platform operations, and anonymizing Patient data after care completion as described in this Privacy Policy.
  • Encrypting PHI and other sensitive information in transit using HTTPS (TLS 1.2 or TLS 1.3) and encrypting information at rest within the Company's managed database environment.
  • Using a managed service for running the front end (user facing) and backend application servers, including Vercel (serverless functions) and other infrastructure providers used by the Company under HIPAA compliant plans and BAAs as applicable.
  • Maintaining administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of PHI, including access controls, least privilege, and ongoing monitoring.

The security of your information, including PHI, is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, PHI, we cannot guarantee absolute security.

Breach Notification

If we become aware of a suspected or confirmed incident that compromises the security or privacy of Personal Data or PHI, we will investigate and take reasonable steps to contain and remediate the incident. Where required and as applicable, we will provide notice to affected individuals. Notice may be provided by email, phone, or other reasonable means based on the contact information available and the nature of the incident.

Because the Company anonymizes Patient data after a Patient has been marked as "Care Completed," we generally expect that notices, where required, would most commonly apply to Patients whose referral is in the active workflow window, which is typically approximately two weeks from submission, and whose contact information remains available for outreach and care coordination.

California Online Privacy Protection Act (CalOPPA)

We do not respond to Do Not Track ("DNT") signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. For clarity, the Company does not use third party advertising cookies or tracking pixels to track Users across third party websites, and does not sell or share PHI for targeted advertising.

Your Privacy Choices and Requests

The Company Apps are intended for Users located in the United States only. Company aims to take commercially acceptable steps to allow you to correct, amend, delete, or limit the use of your Personal Data and, where applicable, to address certain requests relating to PHI, subject to applicable healthcare privacy and security requirements. If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us at connect@bridgehealthcollective.com. Certain information may be retained as needed to facilitate care coordination, comply with applicable obligations, resolve disputes, and enforce our agreements, and Patient data may be anonymized after care completion as described in this Privacy Policy.

In certain circumstances, you have the following privacy rights:

  • The right to access, update, or request deletion of the information we have on you. Whenever made possible, you can access, update, or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to request that we limit certain processing of your Personal Data where feasible, subject to the purposes described in this Privacy Policy and applicable requirements.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine readable, and commonly used format, to the extent reasonably available and legally permitted.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where Company relied on your consent to process your personal information, recognizing that withdrawal of consent may limit or prevent your use of certain Company Apps features.

Requests relating to PHI may be subject to additional requirements and limitations, including verification requirements and limitations on what the Company can provide based on the Company's role in supporting care coordination and the Clinician's independent practice.

Please note that we may ask you to verify your identity before responding to such requests. If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at connect@bridgehealthcollective.com so we can work with you to address your request or concern.

Service Providers

We may employ third party companies and individuals to facilitate our Company Apps ("Service Providers"), to provide the Company Apps on our behalf, to perform Company Apps-related services, or to assist us in analyzing how our Company Apps is used. These third parties may have access to your Personal Data and, where applicable, PHI only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Where applicable, the Company uses HIPAA compliant vendors and enters into business associate agreements ("BAAs") as appropriate. Here are some of the Service Providers we use:

  • Supabase: The Company uses Supabase (PostgreSQL) for database services and data storage under a HIPAA compliant plan and BAA.
  • Vercel: The Company uses Vercel for hosting and serverless functions, and the Company will maintain a HIPAA compliant plan and BAA with Vercel prior to launch.
  • Identity and Access Providers: The Company uses authentication and identity tools to support secure login, multi factor authentication where applicable, and role based access controls.
  • Payment Processors: In later phases, the Company may use third party payment processors to facilitate patient payments, clinician disbursements, and clinician subscription fees. Payment processors receive payment information directly and process it in accordance with their own privacy policies and terms.
  • Email and Communications Providers: The Company may use third party providers to send operational communications, including referral confirmations and clinician notifications.
  • Other Infrastructure Providers: The Company may use additional hosting, monitoring, and security service providers as needed to operate the Company Apps and will update this Privacy Policy as appropriate.

Third Party Disclosures

The Company discloses Personal Data and, where applicable, PHI only as described in this Privacy Policy, including to Service Providers that support the Company Apps, to payment processors where payments are enabled, and to comply with applicable legal requirements. The Company does not disclose PHI to third parties for their own marketing purposes. The Company may also disclose de-identified or aggregated information that does not identify an individual Patient for internal analytics, operational reporting, and platform improvement.

Payments

We may provide paid products and/or services within the Company Apps, including processing patient payments where applicable and administering clinician subscription fees. In that case, we use third party services for payment processing (e.g., payment processors). We will not store or collect your payment card details on the Company's servers. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their privacy policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The Company does not use payment information for marketing and does not sell payment information.

Operational Communications

The Company may send operational communications related to the Company Apps, including confirmations of referral submissions, notifications about referral status, clinician outreach and scheduling communications, administrative messages, and security or system notices. These communications are part of the core service and may be delivered by email, phone, or other reasonable means based on the contact information you provide and your stated preferences. The Company does not send marketing emails to Patients based on PHI, and if the Company offers optional non-care marketing communications in the future, you will be provided a way to opt out.

Links to Other Sites

Our Company Apps may contain links to other sites that are not operated by us, which may include educational resources, third party provider resources, and insurer or payer resources. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. The Company does not control how third-party sites collect, use, or disclose information, and your interactions with third party sites are governed by their terms and policies.

Children's Privacy

Patients under 18 may create accounts and receive services only with appropriate parental or legal guardian consent and authorization, consistent with applicable healthcare requirements. If you are a parent or guardian and you are aware that a minor has provided us with Personal Data or PHI without appropriate consent, please contact us. If we become aware that we have collected Personal Data or PHI from a minor without verification of appropriate consent, we take steps to address the issue, which may include restricting access, removing information where feasible, and taking other actions consistent with applicable requirements.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If we make material changes, we may also provide additional notice through the Company Apps or via email, where reasonably practicable.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

← Back to Home
The Bridge Health Collective

© 2026 The Bridge Health Collective. All rights reserved.

This is a mockup for demonstration purposes and is not a real service.