Privacy Policy
How We Collect, Use, and Protect Your Information

Version 2.0 | Last Updated: February 14, 2026
Version History
- v2.0 (Feb 14, 2026) — Added HIPAA NPP elements, BAA disclosures, version control, privacy contact, data processing legal basis table, deletion timelines
- v1.0 (Jan 18, 2026) — Initial privacy policy
Joy Bridge Care, LLC ("Joy Bridge Care," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
1. Information We Collect
Personal Information You Provide
We collect information you voluntarily provide when you:
- Schedule an appointment through our booking system
- Submit a contact form or inquiry
- Apply for caregiver positions
- Sign up for communications
This information may include:
- Name (first and last)
- Email address
- Phone number
- Appointment preferences and details
- Messages you send to us
Automatically Collected Information
When you visit our website, we may automatically collect certain technical information, including:
- Browser type and version
- Device type
- Pages visited and time spent
- Referring website
2. How We Use Your Information
We use the information we collect to:
- Process and manage appointment requests
- Send appointment confirmations and reminders
- Respond to your inquiries and provide customer support
- Communicate about our services
- Improve our website and services
- Comply with legal obligations
3. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information in the following circumstances:
Service Providers
We work with trusted third-party service providers who assist us in operating our website and delivering services:
- Database Services: We use Supabase to securely store appointment and contact information.
- Email Services: We use email service providers to send appointment confirmations and communications.
- SMS Services: If you opt in, we use SMS providers to send appointment reminders.
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure database access controls
- Regular security assessments
- Limited employee access to personal data
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure.
5. Your Rights and Choices
You have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Opt-Out: Unsubscribe from marketing communications at any time.
- SMS Opt-Out: Reply STOP to any SMS message to stop receiving text reminders.
To exercise these rights, please contact our Privacy Contact using the information at the bottom of this page. We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reason.
6. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services to you
- Comply with legal and regulatory requirements
- Resolve disputes and enforce our agreements
Appointment records and related communications are retained for a minimum of six (6) years in accordance with healthcare record retention requirements. After the retention period, data is securely deleted.
7. Cookies and Tracking Technologies
Our website uses essential cookies necessary for the website to function properly. These cookies:
- Maintain your session while browsing
- Remember your preferences
- Enable security features
We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings.
8. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
9. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
10. HIPAA Notice of Privacy Practices
As a fiscal intermediary serving participants in Georgia Medicaid waiver programs, Joy Bridge Care is committed to protecting health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
Your HIPAA Rights
Under HIPAA, you have the right to:
- Receive a copy of this notice of privacy practices
- Request restrictions on how we use or disclose your PHI
- Request confidential communications (alternative address or method)
- Inspect and obtain a copy of your health information
- Request amendments to your health information
- Receive an accounting of disclosures of your health information
- File a complaint with us or the HHS Office for Civil Rights
How We Use Health Information
We may use and disclose protected health information for: treatment coordination, payment processing (payroll, tax withholding), healthcare operations, and as required by law. We will not use or disclose your information for marketing purposes without your written authorization.
Business Associate Agreements
We ensure all vendors handling protected health information have signed Business Associate Agreements (BAAs):
- Supabase — HIPAA-compliant database hosting (BAA executed, US East region)
- Twilio — HIPAA-compliant SMS notifications (BAA executed)
- Resend — Email service for appointment confirmations (BAA executed)
All data is stored and processed within the United States. We do not transfer data outside the US.
11. Data Processing Legal Basis
We process personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Appointment scheduling | Contract performance / Consent |
| Payroll processing | Legal obligation / Contract |
| SMS reminders | Explicit consent (opt-in) |
| Newsletter | Consent |
| Security & audit logging | Legitimate interest / Legal obligation |
| Record retention (6 years) | Legal obligation (HIPAA) |
12. Geographic Scope
Joy Bridge Care operates exclusively in Georgia, USA, serving participants in Georgia Medicaid waiver programs (including Community Care Services Program and Independent Care Waiver Program). All personal data is processed and stored in the United States (AWS US-East region via Supabase). We do not knowingly collect data from individuals outside the United States.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
14. Privacy Contact
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to file a HIPAA complaint, please contact our Privacy Officer:
Privacy Officer
Joy Bridge Care, LLC
3075 Oak Ridge Path
Buford, GA 30519
Email: privacy@joybridgecare.com
Phone: (678) 523-4807
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa. We will not retaliate against you for filing a complaint.

