Bridgette is built on a simple belief: your health data belongs to you. This policy explains exactly how we collect, use, protect, and never sell your personal and health information.
1. Who We Are
Bridgette is operated by Bridgette Health, currently in the process of incorporation as a One Person Corporation (OPC) with the Securities and Exchange Commission (SEC) of the Philippines. NPC registration and all required business registrations (BIR, LGU) are in progress. Bridgette is designed from the ground up to comply with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and all issuances by the National Privacy Commission (NPC).
For questions about this policy, contact us at hello@bridgette.com.ph.
2. What Data We Collect
Account Information
When you create an account, we collect your full name, email address, date of birth, biological sex, and role (patient or healthcare provider). For providers, we may also collect your PRC license number and clinic affiliation.
Health Data
When you use Bridgette, you may upload or enter laboratory results, medical records, medications, diagnoses, allergy information, and consultation notes. You control what data you add.
Lifestyle Data
If you choose to use our lifestyle logging features, we collect food logs, sleep logs, workout and activity logs, and data from connected wearable devices such as Apple Watch.
Consultation Recordings (Scribe Hub)
When healthcare providers use Scribe Hub, audio recordings of consultations are captured with patient consent, transcribed, and used to generate SOAP notes. Audio is processed and not permanently stored after transcription is complete.
Usage Data
We collect basic analytics about how you use the app to improve the service, including device type, app version, feature usage patterns, and crash logs. We do not track your browsing activity outside of Bridgette.
3. How We Use Your Data
We use your data to:
- Provide and maintain the Bridgette health wallet service
- Display your health trends, lab results, and lifestyle patterns
- Generate AI-powered health summaries and insights (Basic and Premium plans)
- Enable secure sharing of your health story with your chosen healthcare providers
- Transcribe consultations and generate SOAP notes via Scribe Hub
- Send you notifications you have opted into (appointment reminders, data access requests)
- Improve our product and fix issues
We never sell your personal or health data to anyone. We never use your health data for advertising. We never share your data without your explicit consent.
4. AI Processing and De-identification
When Bridgette generates AI-powered summaries, meal analyses, or longevity insights, your health and lifestyle data is de-identified before being sent to our AI processing partners. This means your name, date of birth, and any other personally identifiable information is stripped from the data before it leaves our servers.
Our AI processing partners include Anthropic (Claude API) for health insights and Groq for audio transcription and SOAP note generation. These partners process data according to their own privacy policies and do not retain your de-identified data for training purposes.
5. Data Sharing and Your Control
You are always in control of who sees your health data.
- Provider sharing: You choose which providers can access your data by generating a secure share link. You can revoke access at any time.
- Family plans: Each family member's data is completely private and separate. Billing is shared, but health data is never shared without each individual's explicit consent.
- OFW Observer access: If you grant an OFW family member observer access, they receive read-only activity indicators, not your raw health data. You control exactly what is visible.
- Dependent profiles: Parents or guardians manage dependent profiles for minors (under 18). When the dependent reaches 18, full ownership and control of their health data transfers to them.
6. Data Storage and Security
Your data is stored securely on Supabase infrastructure hosted in the Asia-Pacific region (ap-northeast-1, Tokyo). We implement the following security measures:
- Encryption in transit using TLS 1.2 or higher
- Encryption at rest for all stored data
- Row-level security ensuring users can only access their own data
- Secure authentication with email verification
- Regular security audits and monitoring
7. Data Retention
Your health data is retained for as long as your account is active. If you choose to delete your account, you will be required to provide an email address where a complete export of your health data will be sent before deletion. Your health story belongs to you, and we will always return it to you before removing it from our systems. After your export is delivered, all data associated with your account will be permanently deleted within 30 days, except where retention is required by Philippine law.
Scribe Hub audio recordings are processed in real-time and are not stored after transcription is complete. Generated SOAP notes are retained as part of the consultation record.
8. Your Rights Under the Data Privacy Act
Under the DPA, you have the following rights:
- Right to be informed about how your data is collected and processed
- Right to access your personal data in our possession
- Right to object to the processing of your data
- Right to erasure or blocking of your data
- Right to rectification of inaccurate or incomplete data
- Right to data portability to obtain your data in a structured format
- Right to file a complaint with the National Privacy Commission
- Right to damages for any violations of your privacy rights
To exercise any of these rights, contact us at hello@bridgette.com.ph. We will respond within 15 business days.
9. Cookies and Tracking
The Bridgette mobile app does not use cookies. Our website (bridgette.com.ph) uses only essential cookies required for basic functionality. We do not use third-party advertising cookies or tracking pixels.
10. Children's Privacy
Bridgette allows dependent profiles for minors managed by a parent or legal guardian. Minors under 18 cannot create their own accounts. When a dependent reaches 18, they gain full control of their own health data and can manage their account independently.
11. International Data Transfers
While your primary data is stored in the Asia-Pacific region, de-identified data may be processed by AI partners located in the United States. We ensure appropriate safeguards are in place, including data de-identification and contractual protections, to comply with the DPA's requirements for cross-border data transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will notify you through the app and update the effective date at the top of this page. Continued use of Bridgette after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding your privacy or this policy:
Bridgette Health
Email: hello@bridgette.com.ph
You may also file a complaint directly with the National Privacy Commission at privacy.gov.ph.