Privacy Policy & Notice of Privacy Practices

Bright Bay Care
Last Updated: 04/01/2026

Bright Bay Care (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and health information. This document describes how we collect, use, and disclose your information and your rights under applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) and California privacy laws (CCPA/CPRA).

1. Information We Collect

A. Personal Information

We may collect:

  • Name, phone number, email address

  • Mailing and billing address

  • Date of birth

  • Emergency contact details

B. Health Information (Protected Health Information – PHI)

As a provider of ABA therapy and/or home care services, we may collect:

  • Diagnosis and treatment information

  • Behavioral assessments and therapy notes

  • Medical history

  • Insurance and billing information

This information is considered Protected Health Information (PHI) under HIPAA.

C. Automatically Collected Information

When you use our website:

  • IP address

  • Browser/device data

  • Website usage activity

  • Approximate location data

2. How We Use Your Information

For Healthcare Services (HIPAA)

We use PHI for:

  • Treatment (providing ABA therapy, care coordination)

  • Payment (billing insurance, processing payments)

  • Healthcare Operations (quality improvement, staff training)

Other Uses

We may also use your information to:

  • Communicate with you regarding appointments and services

  • Improve our website and services

  • Ensure security and prevent fraud

  • Comply with legal obligations

We will obtain your authorization for uses not covered above when required.

3. How We Share Your Information

We do not sell your personal or health information. We also do not share mobile opt-in data or SMS consent with third parties for marketing or promotional purposes.

A. Under HIPAA

  • Healthcare providers involved in your care

  • Insurance companies for billing

  • Business associates (e.g., billing services, EHR systems) under signed agreements

B. Legal & Safety

  • When required by law (court orders, public health reporting)

  • To prevent serious threats to health or safety

C. Service Providers

  • Website hosting

  • Analytics providers (e.g., website usage tracking)

All applicable vendors handling PHI are required to comply with HIPAA safeguards.

D. Mobile Messaging & SMS Privacy

We respect your privacy when it comes to mobile communications. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4. Your Rights Under HIPAA

You have the right to:

  • Access and receive a copy of your PHI

  • Request corrections to your records

  • Request restrictions on certain uses/disclosures

  • Request confidential communications

  • Receive an accounting of disclosures

  • File a complaint without retaliation

To exercise these rights, contact us at info@brightbaycare.com

5. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it

  • Request access to your personal data

  • Request deletion of your personal data

  • Correct inaccurate personal information

  • Limit use of sensitive personal information

  • Opt out of “sharing” for cross-context behavioral advertising (if applicable)

Important:
 PHI collected under HIPAA is generally exempt from CCPA, but other personal data (like website tracking data) may still be covered.

To submit a request: info@brightbaycare.com

6. Data Security

We implement administrative, technical, and physical safeguards, including:

  • Access controls

  • Encryption where appropriate

  • Secure data storage systems

  • Staff training on privacy practices

However, no system can be guaranteed to be 100% secure.

7. Data Retention

We retain:

  • Health records as required by law (often 6–10 years, depending on regulations)

  • Other personal data only as long as necessary for business or legal purposes

After that, data is securely deleted or de-identified.

8. Cookies & Tracking Technologies

We may use cookies and similar technologies to:

  • Improve website functionality

  • Analyze usage trends

You can manage cookie preferences through your browser settings.

9. Do Not Track Signals

Our website may not respond to Do Not Track (DNT) signals due to lack of a consistent industry standard.

10. Changes to This Policy

We may update this policy periodically. Updates will be posted with a revised “Last Updated” date.

11. Contact Information

Bright Bay Care
 2603 Camino Ramon Rd
San Ramon, CA
📧 info@brightbaycare.com