Privacy Policy — TransitionCare

1. Who We Are

TransitionCare ("we," "us," or "our") operates a web-based patient placement marketplace that connects hospital case managers with licensed Adult Family Home (AFH) operators in Washington State. Our platform is accessible at transitioncare.app (the "Service").

2. Information We Collect

We collect the following categories of information:

Account information: Name, email address, username, password (hashed), phone number, organization name, and professional credentials.
Facility information: DSHS license number, facility address, bed count, care capabilities, and billing plan.
Usage data: Login activity, feature usage, and audit logs generated automatically as you use the Service.
Payment information: Billing details processed by Stripe. We do not store full credit card numbers.

Patient data: TransitionCare is designed to handle de-identified patient information only. Case managers must remove all HIPAA-defined direct identifiers (names, dates of birth, Social Security Numbers, Medical Record Numbers, etc.) before uploading any patient profile. We are not responsible for any identifiable health information uploaded in violation of this requirement.

3. How We Use Your Information

To provide, operate, and improve the Service.
To authenticate your identity and maintain account security.
To send transactional emails (account verification, password reset, match notifications).
To process subscription payments through Stripe.
To maintain audit logs for compliance purposes.
To contact you about service updates or important policy changes.

4. How We Share Your Information

We do not sell your personal information. We may share data with:

Other platform users: Facility names and care capabilities are visible to case managers. Case manager names and organizations are visible to facilities on matched patients.
Service providers: Stripe (payment processing), SendGrid (email delivery), Railway (hosting). Each is bound by their own privacy policies and data processing agreements.
Legal requirements: We may disclose information if required by law, subpoena, or to protect the safety of our users or the public.

5. Data Retention

We retain account information for as long as your account is active. Audit logs are retained for a minimum of 6 years to support healthcare compliance requirements. You may request deletion of your account by contacting us at nabjill01@gmail.com.

6. Security

We use industry-standard security measures including TLS encryption in transit, bcrypt password hashing, JWT-based session management, and HTTP security headers. We conduct regular security reviews. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. HIPAA & PHI Stance

TransitionCare is intentionally designed to operate without receiving Protected Health Information (PHI). The platform does not provide in-app messaging or free-text fields for patient communication. All patient data uploaded must be de-identified per 45 CFR §164.514(b), and any nuanced patient discussion must occur off-platform (phone, in-person, or via your organization's compliant communication channels).

Because the platform does not receive PHI by design, TransitionCare does not represent itself as a HIPAA "Business Associate" and does not enter into Business Associate Agreements. See our Terms of Use & De-Identification Acknowledgment for full details. Users remain solely responsible for compliance with HIPAA, the Washington My Health My Data Act (MHMDA), and other applicable laws.

8. Washington My Health My Data Act (MHMDA) Notice

This section is provided to comply with the Washington My Health My Data Act (RCW 19.373, "MHMDA"), which gives Washington State residents specific rights with respect to their consumer health data.

Categories of Consumer Health Data Collected. TransitionCare collects the following categories that may, in combination, qualify as consumer health data under MHMDA:

De-identified patient profile categories: age, gender, care-level need (Basic / Intermediate / Advanced / Hospice), insurance/payer category, geographic preference (city), and an anonymized codename.
Match outcome data: status of placements (interested, confirmed, admitted, withdrew) and timestamps.
For users (case managers, facility operators, administrators): account name, email, organization, role, and audit-log entries of platform actions.

Sources. All consumer health data is provided by case manager users acting on behalf of their employer hospital or healthcare entity. TransitionCare does not collect health data from any other source.

Purposes of Collection and Processing. We process this data exclusively to:

Match patients seeking placement with appropriately licensed Adult Family Home or Assisted Living Facility operators.
Notify Pro-tier facility users of new available patients matching their criteria.
Generate aggregate platform analytics (placement rate, time-to-placement, withdrawal rate) for operational and reporting purposes.
Maintain audit logs as required by reasonable security and compliance practices.

Third-Party Sharing. We do not sell consumer health data. We do not share consumer health data with advertising networks. We do share limited de-identified data with our Subprocessors as necessary to operate the Platform (hosting, email delivery, SMS alerts, payment processing).

Your Rights Under MHMDA. If you are a Washington State resident, you have the right to:

Confirm whether TransitionCare is processing your consumer health data and access that data;
Withdraw consent for further processing of your consumer health data;
Request deletion of your consumer health data, subject to limited exceptions for legal compliance, security, and audit-log retention;
Designate an authorized agent to exercise these rights on your behalf;
Appeal a denial of any of the above requests; and
Submit a complaint to the Washington State Attorney General if you believe your rights have been violated.

How to Exercise Your Rights. To exercise any MHMDA right, email nabjill01@gmail.com with the subject line "MHMDA Request" and include the nature of your request. We will respond within forty-five (45) days as required by MHMDA, with a possible 45-day extension where reasonably necessary.

Consent for Sharing or Sale. TransitionCare does not share or sell consumer health data outside the limited Subprocessor relationships described above. If we ever introduce new sharing or sale activities, we will obtain valid consent in advance.

Geofencing Restriction. Consistent with MHMDA, TransitionCare does not implement a geofence around any in-person healthcare service.

Other State Privacy Rights. Washington State residents may also have rights under the Washington Consumer Protection Act (RCW 19.86), which provides a private right of action for MHMDA violations.

9. Cookies

We use minimal browser storage (localStorage) for session management only. We do not use advertising trackers or third-party analytics cookies.

10. Children

The Service is intended for healthcare professionals and is not directed to children under 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes by email. Continued use of the Service after the effective date of any change constitutes acceptance of the updated policy.

12. Contact Us

Questions or concerns about this Privacy Policy:

Email: nabjill01@gmail.com
TransitionCare · Washington State