Privacy Policy
BridgeHealth ("we", "us", "our") operates bridgehealth.net. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. We keep this simple because we collect very little.
1. Data we collect
| Data | When collected | Why |
|---|---|---|
| Email address | Account registration | Account login, transactional emails (confirmations, password resets, billing) |
| Password (hashed) | Account registration | Authentication. We store only a bcrypt hash — never your plain password. |
| Billing information | Pro subscription signup | Payment processing via Stripe. We do not store card numbers — Stripe handles all payment data under their own privacy policy. |
| Search queries | When you search | Fulfilling your request. ZIP codes and addresses are used to geocode your search and are not stored beyond the duration of your session. |
| Saved commutes | Pro users only, when saved | Storing your named commute routes for the commute-check feature. |
| API usage logs | API key requests | Rate limiting and abuse prevention. Retained for 90 days then deleted. |
| Standard server logs | All visits | Security monitoring, error diagnosis. Contain IP addresses and user agent strings. Retained for 30 days. |
2. What we do not collect
- We do not use advertising trackers or third-party analytics
- We do not sell, rent, or share your personal data with third parties for marketing
- We do not use your location beyond what you explicitly enter in a search
- We do not build behavioural profiles or infer personal characteristics
3. Cookies
We use a single session cookie to keep you logged in. This cookie is essential for the Service to function and is deleted when you log out or your session expires. We do not use advertising cookies or third-party tracking cookies.
4. How we use your data
We use the data we collect only to:
- Provide and operate the Service
- Send transactional emails you have requested (account confirmation, password resets, annual bridge condition change alerts for Pro users)
- Process payments via Stripe
- Prevent abuse and ensure security
- Comply with legal obligations
5. Third-party services
We use the following third-party services, each with their own privacy policies:
- Stripe — payment processing. stripe.com/privacy
- Google Maps Platform (Routes API) — driving route calculation for the commute feature. Origin and destination locations are sent to their API. policies.google.com/privacy
- US Census Geocoding API — resolving city and address searches to coordinates. No account or API key is required; queries are anonymous. census.gov privacy policy
- OpenStreetMap — map tiles, and geocoding (via the Nominatim service) for city, landmark, and address searches the Census geocoder can't resolve. Tile and search requests include your IP address and the text you searched. osmfoundation.org/wiki/Privacy_Policy
6. Data retention
- Account data — retained while your account is active, deleted within 30 days of account deletion
- API usage logs — 90 days
- Server logs — 30 days
- Stripe payment records — retained as required by financial regulations
7. Your rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — update your email address from your account page
- Deletion — delete your account from your account page, which removes your personal data within 30 days
- Portability — request an export of your saved commutes and account data
- Objection — if you believe we are processing your data unlawfully, contact us
To exercise any of these rights, email hello@bridgehealth.net. We will respond within 30 days.
8. Children's privacy
The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently done so, contact us and we will delete it promptly.
9. Security
We use industry-standard security practices: HTTPS on all connections, bcrypt password hashing, and encrypted database connections. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take reasonable precautions.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The effective date at the top of this page will always reflect the current version.
11. Contact
Privacy questions or requests: hello@bridgehealth.net