Privacy Policy

Version 2.0 | Last Updated: February 14, 2026

Joy Bridge Care, LLC ("Joy Bridge Care," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

• Schedule an appointment through our booking system
• Submit a contact form or inquiry
• Apply for caregiver positions
• Sign up for communications

This information may include:

• Name (first and last)
• Email address
• Phone number
• Appointment preferences and details
• Messages you send to us

Automatically Collected Information

When you visit our website, we may automatically collect certain technical information, including:

• Browser type and version
• Device type
• Pages visited and time spent
• Referring website

2. How We Use Your Information

We use the information we collect to:

• Process and manage appointment requests
• Send appointment confirmations and reminders
• Respond to your inquiries and provide customer support
• Communicate about our services
• Improve our website and services
• Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our website and delivering services:

• Database Services: We use Supabase to securely store appointment and contact information.
• Email Services: We use email service providers to send appointment confirmations and communications.
• SMS Services: If you opt in, we use SMS providers to send appointment reminders.

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure database access controls
• Regular security assessments
• Limited employee access to personal data

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure.

5. Your Rights and Choices

You have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Opt-Out: Unsubscribe from marketing communications at any time.
• SMS Opt-Out: Reply STOP to any SMS message to stop receiving text reminders.

To exercise these rights, please contact our Privacy Contact using the information at the bottom of this page. We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reason.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements

Appointment records and related communications are retained for a minimum of six (6) years in accordance with healthcare record retention requirements. After the retention period, data is securely deleted.

7. Cookies and Tracking Technologies

Our website uses essential cookies necessary for the website to function properly. These cookies:

• Maintain your session while browsing
• Remember your preferences
• Enable security features

We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings.

8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

10. HIPAA Notice of Privacy Practices

As a fiscal intermediary serving participants in Georgia Medicaid waiver programs, Joy Bridge Care is committed to protecting health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

Your HIPAA Rights

Under HIPAA, you have the right to:

• Receive a copy of this notice of privacy practices
• Request restrictions on how we use or disclose your PHI
• Request confidential communications (alternative address or method)
• Inspect and obtain a copy of your health information
• Request amendments to your health information
• Receive an accounting of disclosures of your health information
• File a complaint with us or the HHS Office for Civil Rights

How We Use Health Information

We may use and disclose protected health information for: treatment coordination, payment processing (payroll, tax withholding), healthcare operations, and as required by law. We will not use or disclose your information for marketing purposes without your written authorization.

Business Associate Agreements

We ensure all vendors handling protected health information have signed Business Associate Agreements (BAAs):

• Supabase — HIPAA-compliant database hosting (BAA executed, US East region)
• Twilio — HIPAA-compliant SMS notifications (BAA executed)
• Resend — Email service for appointment confirmations (BAA executed)

All data is stored and processed within the United States. We do not transfer data outside the US.

11. Data Processing Legal Basis

We process personal data on the following legal bases:

12. Geographic Scope

Joy Bridge Care operates exclusively in Georgia, USA, serving participants in Georgia Medicaid waiver programs (including Community Care Services Program and Independent Care Waiver Program). All personal data is processed and stored in the United States (AWS US-East region via Supabase). We do not knowingly collect data from individuals outside the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

14. Privacy Contact

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to file a HIPAA complaint, please contact our Privacy Officer:

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa. We will not retaliate against you for filing a complaint.