Privacy Policy

1. Who we are and what this policy covers

Willowcare LLC ("Willowcare", "we", "us") is the developer and operator of the WillowBridge software-as-a-service platform for Medicare care management. This Privacy Policy describes how we collect, use, and share information when you:

• visit the public marketing website at willowbridge.app, www.willowbridge.app, or related pages we operate;
• contact us to request a demo or otherwise communicate with us;
• use the WillowBridge software platform as an authorized user of a healthcare-provider customer that has signed an agreement with us; or
• are a patient whose health information is processed by WillowBridge on behalf of your healthcare provider.

2. Information we collect on willowbridge.app

The marketing website collects only limited information:

2.1 Information you give us directly

If you fill out the "Book a 20-min demo" form, click an email link, or otherwise contact us, you provide whatever information you choose to share — typically your name, work email, practice name, role, and the message body. The current "Book a demo" form opens your email client and sends the message directly to us ([email protected]); no separate database stores this submission unless we reply and thread the conversation.

2.2 Information collected automatically

Our static-site host (Cloudflare Pages) records standard server logs for every page request: IP address, request URL, user-agent string, referrer, and timestamp. Cloudflare uses this information to defend the site against abuse, deliver content from the nearest edge, and produce aggregate traffic statistics. We do not run third-party analytics scripts (Google Analytics, Mixpanel, Segment, etc.) on the marketing site as of the date of this policy.

3. How we use marketing-site information

We use the information described in Section 2 to:

• respond to your inquiry or demo request;
• operate, defend, and improve the marketing website;
• understand aggregate traffic (how many people visit, what pages they read);
• comply with legal obligations and respond to lawful requests; and
• where you have given permission, send you product updates or sales follow-ups.

We do not sell your personal information. We do not share it with third parties for their own marketing purposes.

4. Cookies and analytics

The marketing website does not set any first-party cookies as of the date of this policy. We may add a privacy-respecting analytics tool in the future (for example, Plausible or Fathom) to count visits and identify which content is useful; if we do, we will update this policy and limit it to aggregate, non-personally identifying data.

The WillowBridge application (the authenticated product at demo.willowbridge.app or your practice's production host) sets a session cookie that holds an opaque session identifier. That cookie is HTTP-only, Secure, SameSite=Lax, and is used only to keep you signed in. It expires with your session.

5. How we share information

We share marketing-site information only with the following categories of recipients:

• Service providers that help us run the marketing site and respond to inquiries. Today this is Cloudflare, Inc. (CDN and hosting for the public site), and the email provider that delivers your inquiry to us. These providers receive only the information they need to do their job and are bound by contractual confidentiality.
• Law-enforcement or government authorities when we are required to share information by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.
• Successors in interest if Willowcare is acquired, merged, or sells substantially all of its assets; information may transfer to the acquirer subject to this Privacy Policy.

6. Patients and protected health information (PHI)

6.1 What this means for you, the patient

• To request access to your records, ask your provider. Under 45 CFR § 164.524 you have the right to a copy of your records — but you exercise that right with the provider, not with us. Your provider can produce the records using WillowBridge's USCDI v3 FHIR Bundle export, C-CDA, or PDF tools.
• To correct an error, ask your provider. Amendments to your record are made by the provider; WillowBridge applies the changes the provider directs.
• To file a HIPAA complaint, you may contact your provider or the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/hipaa/filing-a-complaint.

6.2 What WillowBridge does with PHI

For each healthcare-provider customer, Willowcare processes the categories of PHI necessary to provide the WillowBridge platform: demographics, identifiers (MRN, Medicare beneficiary identifier, NPI of treating clinicians), clinical data captured during care management (problems, medications, vital signs, observations, care-plan content, time spent, interactive communications), billing data, and ancillary documents (consents, advance directives, signed billing notes). The full list and the safeguards we apply are described in our HIPAA Security Plan and summarized in Schedule B of our standard Business Associate Agreement.

6.3 Subprocessors that may process PHI

Willowcare engages a small set of subprocessors that may process PHI on our behalf. The current list is published in our standard Business Associate Agreement (Schedule A) and includes infrastructure providers (Aptible), email and SMS / voice / video transport (SendGrid, Twilio — the latter disabled by default until a customer opts in), DirectTrust clinical messaging (MaxMD or Updox), error monitoring (Sentry), and the X12 EDI clearinghouse (Availity). Each subprocessor has a written BAA with us. We give our healthcare-provider customers 30 days' advance notice before adding or replacing a subprocessor that materially handles PHI.

7. Security

Willowcare implements administrative, physical, and technical safeguards designed to protect personal information against loss, misuse, and unauthorized access, disclosure, alteration, and destruction. A summary of the safeguards applied to PHI is published as Schedule B of our standard Business Associate Agreement. Highlights include: AES-256 encryption at rest; TLS 1.3 in transit; Argon2id password hashing; mandatory TOTP multi-factor authentication for the workforce; Postgres row-level security and per-tenant data isolation; tamper-evident SHA-256 hash-chained audit logs with Ed25519-signed exports; 35-day Postgres point-in-time recovery; 30-day advance notice for new subprocessors.

No method of transmission or storage is one-hundred-percent secure. If we become aware of a Breach of Unsecured PHI, we will notify the affected healthcare-provider customer without unreasonable delay and in no case later than 30 days after discovery, in accordance with our BAA and 45 CFR §§ 164.400–414.

8. Data retention

We retain personal information for as long as it is needed for the purposes described in this policy and as required by law.

• Marketing inquiries are retained in our email for as long as the inquiry is active and for a reasonable period thereafter (typically 24 months) for follow-up.
• PHI processed under a BAA is retained for as long as the underlying provider–customer relationship is active. On termination of the customer's services agreement, the customer has a 90-day extraction window, after which we return or destroy the PHI and certify destruction. Immutable backups expire on the Aptible 35-day point-in-time recovery schedule. State-specific clinical-record retention requirements (for example, a state-mandated 7-year minimum) can be configured per customer.
• Audit logs are retained for at least 7 years from the date of the event, as required for HIPAA and Medicare audit defense.

9. Your rights and choices

9.1 Marketing data

You may ask us to access, correct, or delete the marketing-site information you have provided to us, or to stop sending you product updates. Email [email protected] and we will respond within 30 days.

9.2 PHI

As explained in Section 6, rights to access, amend, and account for disclosures of your PHI are exercised with your healthcare provider, not directly with Willowcare. Your provider can use the WillowBridge platform to fulfil those requests.

9.3 California, Virginia, and other U.S. state privacy laws

The California Consumer Privacy Act, as amended by the CPRA, and similar state laws give residents of certain states rights with respect to personal information that is not regulated by HIPAA. To the extent any information we hold about you is governed by those laws, you may request access, correction, or deletion by emailing [email protected]. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

10. Children

The Willowbridge marketing site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. The WillowBridge platform is a B2B platform used by healthcare providers; if a pediatric record is processed on a provider's behalf, the provider is responsible for the applicable legal posture (HIPAA, COPPA, FERPA where relevant).

11. International users

Willowcare is based in the United States, and the WillowBridge platform is hosted in the United States (Aptible — US East). The WillowBridge platform is intended for use by U.S. healthcare providers serving U.S. patients. If you access the marketing site from outside the United States, you understand that any information you provide will be transferred to and processed in the United States.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version at this URL and update the "Last updated" date. For material changes that affect how we handle personal information, we will provide additional notice (for example, by email to active customers, or by a banner on the marketing site) before the change takes effect.

13. How to contact us

For privacy questions or requests:

• Email — [email protected]
• Postal — Willowcare LLC, [LEGAL NOTICE ADDRESS]
• If you are a patient and your concern relates to your health record, please contact your healthcare provider; they are the legal custodian of your record under HIPAA and we will work with them to resolve your request.