CareBridge Connect← Back to Home

Privacy Policy

Last updated: March 2026

Introduction

CareBridge Connect LLC (“CareBridge,” “we,” “us,” or “our”) operates the CareBridge Connect platform available at carebridgeconnect.ai. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our platform and services.

CareBridge Connect is a HIPAA-compliant, B2B SaaS platform designed for skilled nursing facilities (SNFs) to improve communication between care teams, residents, and their families. We take data privacy seriously and are committed to protecting all personal and health information entrusted to us.

Information We Collect

We collect the following categories of information in order to provide and improve our services:

  • Facility Information: Facility name, address, administrator contact details, NPI numbers, CMS certification information, and billing details.
  • Resident Information: Resident names, room assignments, admission dates, care status, and other information necessary to provide care updates to authorized family members.
  • Family Contact Information: Names, email addresses, phone numbers, and relationship to residents for authorized family members who are invited by the facility.
  • Care Log Data: Care notes, activity updates, wellness observations, meal and hydration tracking, vitals summaries, and other care-related entries created by facility staff.
  • Usage Analytics: Page views, feature usage patterns, device information, IP addresses, and browser type. This data is used in aggregate to improve our platform and is not linked to protected health information (PHI).

How We Use Information

We use the information we collect for the following purposes:

  • Providing the Service: Delivering care updates, enabling secure messaging between staff and families, managing resident timelines, and powering the family portal.
  • Sending Care Notifications: Delivering email and in-app notifications to authorized family members when new care updates, photos, or messages are posted by facility staff.
  • Improving Our Product: Analyzing aggregate usage patterns to improve user experience, identify bugs, and develop new features that better serve facilities and families.
  • Billing and Account Management: Processing payments, managing subscriptions, and communicating with facility administrators about their accounts.

HIPAA Compliance

CareBridge Connect operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). Our platform is designed to handle Protected Health Information (PHI) in compliance with HIPAA Privacy, Security, and Breach Notification Rules.

We enter into a Business Associate Agreement (BAA) with every skilled nursing facility that uses our platform. The BAA defines how we may access, use, and safeguard PHI on behalf of the facility (the Covered Entity).

All PHI is processed and stored in accordance with the HIPAA minimum necessary standard. Access to PHI is restricted to authorized personnel and systems that require it to perform the contracted services. We maintain comprehensive audit logs of all PHI access events.

Data Sharing

We never sell your data. We do not sell, rent, or trade personal information or PHI to any third party for marketing or advertising purposes.

We share data only with the following service providers, each of which is contractually bound to protect your information:

  • Supabase: Our database and authentication infrastructure provider. Supabase provides SOC 2 Type II certified, HIPAA-eligible infrastructure with data encrypted at rest and in transit.
  • Resend: Our transactional email provider, used to deliver care update notifications and account communications to authorized family members.
  • Vercel: Our application hosting provider. Vercel provides SOC 2 Type II certified infrastructure with a global CDN for reliable, fast access.

Data Retention

We retain data in accordance with the HIPAA minimum necessary standard and applicable CMS (Centers for Medicare & Medicaid Services) requirements:

  • Protected Health Information (PHI): Retained for the duration of the facility’s active subscription and for a reasonable period thereafter to allow data export. PHI is permanently deleted upon verified request from the Covered Entity.
  • Audit Logs: Retained for a minimum of 7 years in compliance with CMS data retention requirements and HIPAA audit trail standards.
  • Account and Billing Data: Retained for the duration of the business relationship and as required by applicable tax and financial regulations.

Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to applicable legal and regulatory retention requirements.

To exercise any of these rights, please contact us at privacy@carebridgeconnect.ai. We will respond to all verified requests within 30 days.

Security

We implement comprehensive technical and organizational measures to protect your information:

  • Encryption at Rest: All data is encrypted at rest using AES-256 encryption.
  • Encryption in Transit: All data transmitted between your device and our servers is protected by TLS 1.3 encryption.
  • SOC 2 Type II Infrastructure: Our infrastructure providers (Supabase, Vercel) maintain SOC 2 Type II certification, ensuring rigorous controls over security, availability, and confidentiality.
  • Access Controls: Role-based access controls ensure that only authorized users can access specific data. All access to PHI is logged and auditable.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

CareBridge Connect LLC

Privacy Inquiries: privacy@carebridgeconnect.ai

Website: carebridgeconnect.ai