Privacy Policy

1. Introduction

Brightview Group, Inc. ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your protected health information ("PHI") in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all applicable laws and regulations.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application, patient portal, and related communication services (collectively, the "Services").

2. Information We Collect

We may collect the following types of information when you use our Services:

a. Protected Health Information (PHI)

PHI includes any information that identifies you and relates to your past, present, or future physical or mental health or condition, healthcare services, or payment for such services. Examples include:

• Name, date of birth, address, phone number, and email address
• Medical history, treatment notes, prescriptions, or clinical data
• Insurance and billing information
• Appointment details and communication records with your healthcare provider

b. Non-Personal Information

We may also collect non-identifiable data for analytics and service improvement, such as:

• Device type and operating system
• Usage patterns and app performance data
• Log files and error reports

3. How We Use Your Information

We use your information only as permitted by law and for the following purposes:

• To provide, maintain, and improve our Services
• To facilitate secure messaging and communication between patients and healthcare providers
• To manage appointments, billing, and care coordination
• To comply with legal, regulatory, and audit requirements
• To ensure system security and prevent fraud or misuse
• To communicate with you about updates or system notices

We will not use or disclose your PHI for marketing or non-treatment purposes without your explicit authorization.

4. How We Share Your Information

We may share your information only as permitted under HIPAA and applicable law:

• With your healthcare provider(s) involved in your treatment
• With authorized third-party service providers (Business Associates) who perform services on our behalf under a Business Associate Agreement (BAA)
• As required by law (e.g., reporting to public health authorities, responding to subpoenas, or government audits)

We do not sell, rent, or share your PHI for commercial gain.

5. Data Security

We implement administrative, physical, and technical safeguards to protect your data, including:

• End-to-end encryption of all communications
• Secure cloud hosting in HIPAA-compliant environments
• Role-based access controls and multi-factor authentication
• Regular security audits, logging, and intrusion monitoring
• Data minimization and encrypted data backups

If a data breach occurs involving your PHI, we will notify you and relevant authorities in accordance with HIPAA's Breach Notification Rule.

6. Data Retention

We retain PHI only as long as necessary to provide our Services or as required by law and healthcare record-keeping standards. Once retention periods expire, PHI is securely deleted or de-identified.

7. Your Rights Under HIPAA

You have the following rights regarding your PHI:

• Right to Access: Request copies of your health information.
• Right to Amend: Request corrections to inaccurate or incomplete information.
• Right to an Accounting of Disclosures: Request a record of disclosures made of your PHI.
• Right to Restrict Use: Request restrictions on certain uses or disclosures.
• Right to Confidential Communications: Request alternative means of communication.
• Right to File a Complaint: You may file a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

Requests can be made by contacting us at info@brightview.group.

8. Children's Privacy

Our Services are not directed toward children under the age of 13. We do not knowingly collect or maintain PHI from children without parental or guardian consent.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When changes occur, we will post the revised version with an updated effective date. Continued use of the Services constitutes acceptance of the revised Policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your PHI, please contact us at: