Menu

Privacy Policy

Welcome to BedMatch. BedMatch.com is an Application (the “Application”) owned and operated by BedMatch Pro, LLC (the “Company” “us” and/or “we”), a limited liability company, in conjunction with the Company’s cloud-based matchmaking and information platform for residential care providers and families (“Application”). The Application, Features and any other services or products we may offer from time to time (as defined herein below) constitute the “BedMatch Services.”

Because the BedMatch platform assists with care evaluation and placement, BedMatch collects and processes certain health-related information and PHI that Clients or Providers submit, as described
throughout this Privacy Policy. The Company reserves the right to change this Privacy Policy in accordance with the terms herein and reflected in the Terms of Service.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account or profile created for You to access the BedMatch Services.
Affiliate means any entity that controls, is controlled by, or is under common control with a party, where “control” means the direct or indirect ownership of fifty percent (50%) or more of the voting interests or equivalent management authority.

Company (referred to as “the Company,” “we,” “us,” or “our”) means BedMatch Pro, LLC. For purposes of the GDPR, the Company is the Data Controller.

Country refers to the United States.

Device means any device capable of accessing the BedMatch Services, including computers, mobile phones, tablets, or similar hardware.

Sale means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to another business or third party for monetary or other valuable consideration, as defined under applicable privacy law.

Service refers to the BedMatch Services, including the Application, platform features, and related tools and support.

Service Provider means any natural or legal person who processes data on behalf of the Company. This includes third-party companies or individuals engaged to provide functionality, analytics, hosting, payment processing, communications, or other components of the BedMatch Services. For purposes of the GDPR, Service Providers are Data Processors.

Third-Party Social Media Service means any website, platform, or social network through which a User may log in to or create an Account for access to the BedMatch Services.

Usage Data refers to information automatically collected through the BedMatch Services, such as device identifiers, browsing behavior, feature usage, crash logs, or performance data.

You means the individual accessing or using the BedMatch Services, or the company, organization, facility, or other legal entity on behalf of which such individual is accessing or using the BedMatch Services, as applicable. Usage Data is distinct from PHI. BedMatch separately collects PHI as described in the Health Information and HIPAA section of this
Privacy Policy.

What information do we collect?

We collect information from You when You create an Account, complete a form, submit a Client Profile, use the search and matching tools, communicate with other Users, or otherwise interact with the BedMatch Services. In addition to the categories below, BedMatch also collects certain health- related information and PHI submitted by Clients or Providers, as described in the Health Information and HIPAA section. The categories of information we may collect include:

  1. Account and Contact Information
  • Legal name
  • Email address
  • Phone number
  • Account login credentials
  • Role classification (Client, Provider, Referral Agent)
  • Provider affiliation or Provider Location (for Provider Users)
  1. Client Profile Information (submitted by Clients or authorized representatives) We may collect information You voluntarily submit about a Resident for the purpose of care matching,
    including:
  • Basic demographic information
  • Daily care needs and service preferences
  • Cognitive or mobility information
  • Lifestyle preferences
  • Any other information You choose to include to assist with matching. You must only submit Client information that You are legally authorized to provide.
  • PHI. Information Clients or Providers submit about a Client’s care needs, diagnoses, mobility or cognitive status, behavioral considerations, ADL support levels, and other health-related
    details required to perform matching and facilitate communication with Providers. This information may constitute PHI and is handled in accordance with HIPAA.
  1. Provider Information (submitted by Providers)
    Providers may submit:
  • Provider descriptions
  • Licensing, certifications, and compliance information
  • Staff and credential information
  • Amenities, services, and pricing
  • Photos, media, policies, and availability
  • Tour scheduling information
  1. Payment Information
    If You purchase a subscription, pay a deposit, or conduct a transaction through the BedMatch Services,we may collect:
  • Billing name and address
  • Partial payment-card information
  • Transaction history
    Full payment-card data is processed by third-party payment processors (e.g., Stripe), not by
    BedMatch.
  1. Search, Matching, and Usage Data
    We may automatically collect information about Your interactions with the BedMatch Services,including:
  • Search history
  • Filters used
  • Interaction with Provider listings
  • Dates and times of access
  • Device identifiers, IP address, and browser type
  • Diagnostic data (crash logs, performance metrics)
  1. Communications and Messaging Data We may collect:
  • Messages sent through the Application
  • Tour requests and confirmations
  • Notifications, alerts, and other communications
    BedMatch may monitor communications where permitted by law to ensure compliance with our
    Terms.
  1. Contacts or Uploaded Information
    If You upload documents, photos, or other materials (including licensing documents for Providers), we
    collect the content You submit.
  2. Analytics and Technical Data
    We may collect non-identifying and aggregated analytics data through APIs and integrated services,
    including:
  • Google Analytics
  • Google Cloud logging
  • Other measurement tools

What we use information for

We may use the information we collect from You in the following ways:

  • To operate, maintain, and improve the BedMatch Services, including the matching algorithm,
    search tools, Provider listings, messaging, and tour scheduling.
  • To personalize Your experience and present content and Provider options that may be more
    relevant to Your needs or the needs of a Resident you are authorized to represent.
  • To provide customer support and respond to inquiries.
  • To create and manage Accounts for Clients, Providers, and Referral Agents.
  • To send transactional or administrative communications related to Your Account or activity on
    the BedMatch Services.
  • To generate analytics about how Users interact with the BedMatch Services, including search
    trends, Provider engagement, and usage patterns.
  • To maintain the security, integrity, and functionality of the BedMatch Services, including
    monitoring for misuse or unauthorized activity.
  • To communicate updates about the BedMatch Services. You may opt out of non-essential
    communications at any time.
  • PHI is not used for advertising, marketing, or promotional purposes and is never sold.

We do not sell Your personally identifiable information. We may disclose certain information as required to operate the BedMatch Services, including through integrated APIs or third-party Service
Providers who assist with hosting, analytics, communications, identity verification, or payment processing. These parties are permitted to use personal information only as necessary to perform their
functions.

We may also disclose information if we believe it is necessary to comply with law, enforce our Terms, or protect the rights, property, or safety of BedMatch, our Users, or others. If BedMatch undergoes a
merger, acquisition, or similar corporate transaction, personal information may be transferred to a successor entity.

Users are responsible for maintaining the confidentiality of their login credentials.

We may aggregate or de-identify information to create analytics, reports, or insights that do not identify any individual. PHI may be de-identified or aggregated in accordance with HIPAA’s de-identification standards. De-identified data is no longer considered PHI and may be used for operational or analytics purposes. We may use or share such aggregated or de-identified data for any lawful purpose. BedMatch uses certain PHI and other sensitive health-related data, such as care needs, diagnoses, mobility or cognitive status, behavioral or safety considerations, and activities-of-daily-living (ADL) support levels, to generate more accurate placement matches and to improve the performance and quality of the BedMatch matching algorithm. This processing is conducted solely for the purpose of operating, maintaining, and improving the BedMatch Services, and is not used for advertising,marketing, or profiling unrelated to placement functionality. Algorithm training and optimization involving PHI is performed in compliance with HIPAA, applicable privacy laws, and any Business Associate Agreement governing BedMatch’s processing of PHI. PHI used for algorithmic improvement is not sold, shared for cross-context behavioral advertising, or disclosed externally except as permitted by HIPAA and this Privacy Policy.

Third party links/transactions Occasionally, at our discretion, we may include or offer third party products or services on the
BedMatch Services, including through the implementation of advertisements, including “Vendors” as defined in the Terms of Service. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of the BedMatch Services and welcome any feedback about these sites.

When Users interact with one another through the BedMatch Services—including when Clients submit inquiries to Providers, when Providers respond to Clients, or when Referral Agents act on behalf of a Resident—certain information such as names, contact details, and the content of communications may be shared between the interacting Users. Any information a User chooses to disclose directly to another User is shared voluntarily and at the User’s own risk.

BedMatch does not control how other Users may use or disclose information that You choose to share with them, and we are not responsible for any actions taken by Clients, Providers, Referral Agents, or any other User with respect to such information. Users are responsible for exercising appropriate discretion when sharing personal information and for complying with all applicable privacy and healthinformation laws when handling information obtained through the BedMatch Services.

Authorization to Upload PHI

Clients and Providers may upload PHI to the BedMatch Services only where they have obtained all required authorizations, consents, or legal authority to do so under applicable law. By submitting PHI
through the BedMatch Services, each Client and Provider represents and warrants that:

  1. they are legally authorized to upload, transmit, or disclose the PHI;
  2. they have obtained any consent, permission, or HIPAA authorization required from the individual who is the subject of the PHI, or from that individual’s legally authorized representative; and
  3. the submission of PHI to BedMatch complies with all applicable federal and state privacy laws, including HIPAA.

BedMatch relies on these representations and does not independently verify whether a Client or Provider has obtained the necessary authorization to upload PHI. Clients and Providers remain solely responsible for ensuring that any PHI they submit has been lawfully collected and disclosed.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). BedMatch may process “Sensitive Personal Information” (“SPI”) as defined under the CCPA/CPRA, including health-related data and PHI submitted by Clients or Providers for matching, communication, and platform functionality. BedMatch collects and uses SPI only for these limited purposes and as permitted by HIPAA and applicable law. SPI is not sold, shared for cross-context behavioral advertising, or used for marketing. SPI is not disclosed to third parties except as necessary to operate the BedMatch Services or as required by law. CPRA rights include:

  1. Right to Know – You may request details about the personal information we collect, use, disclose, and share.
  2. Right to Delete – You may request that we delete personal information we have collected from you, subject to certain exceptions.
  3. Right to Correct – You may request correction of inaccurate personal information we maintain about you.
  4. Right to Opt-Out of Sale/Sharing – You may opt-out of the sale or sharing of your personal information for cross-context behavioral advertising at any time.
  5. Right to Limit Use of Sensitive Personal Information – You may request that we limit the use and disclosure of your sensitive personal information to only what is necessary to perform
    services or provide goods reasonably expected by an average consumer.
  6. Non-Discrimination – We will not discriminate against you for exercising your privacy rights.
  7. We collect personal information directly from Users, from authorized representatives, from Providers, and from the operation and analytics of the BedMatch Services.

We may collect and process the following categories of personal information under the CCPA/CPRA: identifiers (such as name, email address, or IP address), commercial information (purchase history), internet or network activity, geolocation data, health-related data (if voluntarily provided), and in some cases sensitive personal information. Because SPI is never sold or shared for advertising, no separate opt-out is required for SPI. Requests involving PHI must be directed to the Client’s Provider, who is the Covered Entity responsible for fulfilling HIPAA rights.

Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing at BedMatch Pro LLC, ATTN: LEGAL, _______ and admin@BedMatch.health.

To exercise your right to opt out of the sale or sharing of personal information (where applicable), please contact us at admin@bedmatch.health. BedMatch does not sell or share personal information for cross-context behavioral advertising.

Texas Data Privacy and Security Act (TDPSA) Disclosures

If you are a Texas resident, the TDPSA provides you with certain rights regarding your personal data.

Sensitive Data.

BedMatch may process “sensitive data,” including health information and PHI, only as necessary to provide the BedMatch Services and only with your consent or as otherwise permitted by law. Sensitive data is handled in accordance with HIPAA (where applicable) and any Business Associate Agreement. BedMatch does not sell sensitive data or use it for advertising.

Your Rights.

Texas residents may request to: (a) confirm whether BedMatch processes their personal data; (b) access that data; (c) correct inaccuracies; (d) delete personal data provided to BedMatch; and (e) obtain a portable copy of personal data. You may also opt out of targeted advertising, the sale of personal data, and certain types of profiling. Requests involving PHI must be directed to the Client’s Provider, who is the Covered Entity responsible for fulfilling HIPAA rights.

How to Submit a Request.

You may submit a TDPSA request to admin@bedmatch.health. We may ask for information to verify your identity and will respond within the timeframe required by law. You may appeal a denial by contacting us at the same address; further appeals may be directed to the Texas Attorney General.

Childrens Online Privacy Protection Act Compliance

The BedMatch Services are intended solely for individuals 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that personal information has been collected from a minor under 18, we will take steps to delete such information.

Online Privacy Policy Only

This online Privacy Policy applies only to information collected through the BedMatch Services and not to information collected offline.

Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on this page.

Public Forums

We may offer chat rooms, message boards, bulletin boards, or similar public forums, where you and other users of the BedMatch Services can communicate. The protections described in this Privacy Policy do not apply when you provide information (including personal information) in connection with your use of these public forums. We may use personally identifiable and non-personal information about you to identify you with a posting in a public forum. Any information you share in a public forum is public information and may be seen or collected by anyone, including third parties that do not adhere to our Privacy Policy. We are not responsible for events arising from the distribution of any information you choose to publicly post or share through the BedMatch Services. Anything you post in public forums can be seen by others. Do not share PII, PHI, health, medical, or other sensitive personal information in these areas. For clarity, PHI and other health-related data submitted for matching or communication purposes are not treated as User-Generated Content. PHI is never published, shared publicly, or used under any User-Generated Content license and is handled solely in accordance with HIPAA, this Privacy Policy, and any applicable BAA. Care plans, assessments, medical history, ADL needs, diagnoses, behavioral information, and other health-related inputs submitted to BedMatch for matching or communication purposes are not public content and are not visible to other Users except as permitted by HIPAA and by the Client’s authorized selections within the BedMatch Services.

Keeping Your Information Secure

We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the information under our control. Please be advised, however, that while we strive to protect your personally identifiable information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information. In the unfortunate event that your “personally identifiable information” (as the term or similar terms are defined by any Applicable law requiring notice upon a security breach) is compromised, we may notify you by email (at our sole and absolute discretion) to the last email address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would
impede a criminal investigation. From time to time we evaluate new technology for protecting information, and when Appropriate, we upgrade our information security systems.

Contact and Opt-Out Information

You may contact us as at admin@bedmatch.health if: (a) you have questions or comments about our Privacy Policy; (b) wish to make corrections to any personally identifiable information you have provided; (c) want to opt-out from receiving future commercial correspondence, including emails, from us or our affiliated companies; or (d) wish to withdraw your consent to sharing your personally identifiable information with others. We will respond to your request and, if Applicable and Appropriate, make the requested change in our active databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of the BedMatch Services.

Health Information and HIPAA

Some Users may submit personal or medical information about themselves or about a Client for the purpose of evaluating care options or using the BedMatch matching tools. In some circumstances, this information may constitute PHI under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In those cases:

    i. When You submit medical or health-related information through the BedMatch Services for the purpose of identifying appropriate Providers or evaluating care options, that information may be shared with Providers or other Users You select. Many Providers are HIPAA-covered entities and handle PHI in accordance with their own HIPAA privacy practices and internal policies. BedMatch does not control the privacy practices of any Provider.

    ii. BedMatch is not a healthcare provider, senior-living provider, or medical facility. However, when we perform services for Providers that involve access to PHI— such as secure transmission, storage, or processing of Resident data—we may act as a HIPAA business associate. In such cases, we are bound by written agreements with
    those Providers and are required to protect PHI in compliance with HIPAA.

    iii. Information submitted to BedMatch that does not relate to medical or care needs (for example, account profile information, contact information, or general preferences) is not considered PHI and is governed solely by this Privacy Policy, not HIPAA.

    If you have questions about how your health information is used, you should review the Provider’s HIPAA Notice of Privacy Practices or contact the Provider directly. Additionally, when You submit
    PHI through the BedMatch Services, BedMatch will access, use, disclose, and store such PHI only as necessary to operate the BedMatch Services and only as permitted by HIPAA and other applicable privacy laws. BedMatch does not use PHI for advertising, marketing, data-brokering, profiling, or any purpose unrelated to the BedMatch Services. BedMatch may use or disclose PHI for the following limited purposes:

    1. Matching and Care Evaluation. To generate match results, assist You in identifying potential Providers, and support placement-related decision-making.
    2. Communication. To facilitate secure communication between Clients, Referral Agents, and Providers, including responding to inquiries or transmitting Profile details to Providers You select.
    3. Service Operation. To maintain, support, troubleshoot, improve, and secure the BedMatch Services, including auditing, access control, data integrity checks, and internal systems operations.
    4. Business Associate Activities. When acting as a business associate to a Provider, BedMatch may use or disclose PHI only as permitted under its Business Associate Agreements and the HIPAA Privacy and Security Rules.
    5. Legal Compliance and Safety. To comply with applicable laws, regulatory obligations, court orders, or lawful requests from government entities; or when necessary to prevent or reduce a serious and imminent threat to health or safety.

    BedMatch does not sell PHI, does not share PHI for cross-context behavioral advertising, and does not use PHI to create publicly available content or promotional materials. PHI is not treated as UserGenerated Content and is never made publicly accessible through the BedMatch Services. BedMatch implements reasonable and appropriate administrative, physical, and technical safeguards designed to protect PHI in accordance with the HIPAA Security Rule. In the event of a breach of unsecured PHI, BedMatch will provide breach notifications as required by applicable law. These obligations do not expand BedMatch’s liability beyond what HIPAA or this Privacy Policy otherwise requires. PHI will only be retained for as long as necessary to deliver the BedMatch Services or as required by applicable law. When no longer needed, PHI will be securely deleted or de-identified in accordance with HIPAA standards.

    BedMatch disposes of PHI in accordance with HIPAA requirements. When PHI is no longer required to be retained under HIPAA, applicable law, or a BAA, BedMatch will securely dispose of or render the PHI unreadable and indecipherable. Secure destruction may include secure electronic deletion, cryptographic erasure, overwriting, or the destruction of physical or electronic media containing PHI. These methods are designed to ensure that PHI cannot be reconstructed or retrieved after disposal. BedMatch’s destruction practices do not expand its obligations or liability beyond what HIPAA or any applicable BAA requires.

    Breach Notification

    If BedMatch discovers a breach of unsecured PHI, BedMatch will provide the notifications required under HIPAA and other applicable privacy laws. As a business associate to certain Providers,BedMatch will notify the affected Provider(s) without unreasonable delay and in no event later than sixty (60) days after discovery of the breach, and will provide the information required for the Provider to meet its own breach-notification obligations under HIPAA. Where BedMatch is required by law to notify affected individuals directly, BedMatch will provide such notice without unreasonable delay and in no event later than sixty (60) days after discovery of the breach, unless a delay is permitted at the direction of law enforcement or as otherwise allowed by applicable law. BedMatch will cooperate with affected Providers in determining the scope of the breach, mitigating harm, and meeting any regulatory reporting obligations; however, no aspect of this cooperation expands BedMatch’s liability beyond the obligations imposed by HIPAA, applicable law, or any written agreement between BedMatch and the Provider. Nothing in this Privacy Policy creates any warranty or guarantee that BedMatch’s security measures will prevent all unauthorized access, use, or disclosure of PHI.

    Business Associate Agreement

    When BedMatch processes PHI on behalf of a Provider, such processing is governed by the terms of the applicable Business Associate Agreement (“BAA”) between BedMatch and that Provider. In the event of any conflict between this Privacy Policy and a BAA with respect to the handling, use, disclosure, security, or retention of PHI, the terms of the BAA and applicable HIPAA requirements shall control. PHI is not handled under the general personal-information practices described elsewhere in this Privacy Policy and is instead subject to HIPAA and the applicable BAA.

    BedMatch may use subcontractors and service providers to support hosting, storage, messaging, analytics, and other operational functions. Any subcontractor that creates, receives, maintains, or transmits PHI on BedMatch’s behalf must sign a BAA with BedMatch. Subcontractors that do not access PHI are contractually and technically restricted from doing so. All subcontractors are required to implement safeguards consistent with HIPAA. BedMatch’s use of subcontractors does not expand BedMatch’s obligations or liability beyond what HIPAA, applicable law, or any BAA requires.

    Security of PHI

    BedMatch implements reasonable and appropriate administrative, physical, and technical safeguards designed to protect PHI in accordance with the HIPAA Security Rule and other applicable privacy laws. These safeguards include:

    1. Encryption. PHI is encrypted in transit using industry-standard TLS protocols and encrypted at rest using commercially reasonable encryption technologies.
    2. Access Controls. Access to systems containing PHI is restricted to authorized personnel based on job role and necessity. User access is limited through unique credentials, multi-factor authentication, and least-privilege principles.
    3. Audit Controls and Logging. BedMatch maintains system logs and audit trails designed to record access to PHI, monitor for unauthorized access attempts, and support investigation and mitigation activities.
    4. Administrative Safeguards. BedMatch uses administrative measures such as workforce training, confidentiality obligations, periodic risk assessments, and internal policies governing the handling of PHI and PII.
    5. Physical Safeguards. PHI is stored on secure servers maintained in HIPAA-eligible cloud environments with appropriate data-center protections, access restrictions, and environmental controls.
    6. Integrity and Monitoring. BedMatch employs commercially reasonable security technologies and monitoring tools to detect, prevent, and mitigate unauthorized access, alteration, disclosure, or deletion of PHI.

    These safeguards are designed to meet the requirements of the HIPAA Security Rule; however, they do not guarantee that unauthorized access will never occur, and nothing in this Privacy Policy expands BedMatch’s liability beyond what HIPAA or applicable law requires.

    BedMatch retains PHI and PHI-related documentation only for as long as necessary to provide the BedMatch Services and to comply with HIPAA. To the extent BedMatch creates, receives, or maintains PHI on behalf of a Provider, BedMatch will retain such PHI-related records for at least six (6) years as required by the HIPAA Privacy and Security Rules, unless a longer period is required by applicable law or by the Provider. Providers remain the Covered Entities responsible for maintaining the designated record set for Clients, and BedMatch does not determine the Provider’s independent retention obligations. When BedMatch’s retention period expires, PHI will be deleted or de-identified
    in accordance with HIPAA requirements.

    Client Rights Under HIPAA

    Clients have certain rights under the HIPAA Privacy Rule with respect to their PHI, including the right to request access to their PHI, request an amendment to PHI, and request an accounting of certain disclosures of PHI. BedMatch processes PHI solely as a Business Associate to Providers and does not act as a Covered Entity. Because Providers, not BedMatch, are the Covered Entities responsible for maintaining the designated record set under HIPAA, all HIPAA rights requests must be submitted directly to the Client’s Provider. BedMatch does not independently fulfill HIPAA access, amendment, or accounting requests. If BedMatch receives a HIPAA-related request in error, BedMatch will forward the request to the appropriate Provider or notify the individual of the proper Covered Entity to contact. BedMatch will otherwise act in accordance with applicable regulations and the applicable Business Associate Agreement governing its relationship with the Provider.

    Sole Statement

    This Privacy Policy as posted on the BedMatch Services is the sole statement of our privacy policy with respect to the BedMatch Services, and no summary, modification, restatement or other version thereof, or other privacy statement or policy, in any form, is valid unless we post a new or revised policy to the BedMatch Services.

    GDPR PRIVACY POLICY

    Legal Basis for Processing Personal Data under GDPR

    If You are located in the European Economic Area (EEA) at the time Your personal data is collected, BedMatch Pro, LLC (“the Company,” “we,” “us,” “our”) may process Your personal data under one or more of the following legal bases:

    Consent: You have given Your clear, affirmative consent for one or more specific purposes, including where You submit Client Profile information or health-related data.

    • Performance of a Contract: Processing is necessary to provide the BedMatch Services You request or to take steps at Your request prior to entering into a contract.
    • Legal Obligations: Processing is necessary to comply with our legal obligations.
    • Vital Interests: Processing is necessary to protect the vital interests of You or another person.
    • Public Interest: Processing is related to a task carried out in the public interest or pursuant to official authority.
    • Legitimate Interests: Processing is necessary for our legitimate business interests, provided such interests are not overridden by Your fundamental rights and freedoms.

    We can provide clarification upon request of the specific legal basis applicable to any processing activity, including whether providing personal data is required by law, contract, or necessity to use certain BedMatch Services.

    If You are an EEA user, Your personal data may be shared with the following categories of recipients, only as necessary to provide the BedMatch Services:

    • Service Providers and Data Processors, including:
      o Stripe (payment processing)
      o Twilio (messaging and verification)
      o Google Cloud Platform (hosting and storage)
      o Google Analytics or similar analytics tools
    • Providers, when You choose to submit or share Client Profile information or inquiries with them
    • Referral Agents, where You authorize them to assist in evaluating or identifying care options
    • Professional advisors (legal, financial, technical) to the extent required for Company operations
    • Successor entities, in the event of a merger, acquisition, or similar corporate transaction We do not sell personal data.

    Your Rights under the GDPR

    These rights apply only to Users located in the EEA at the time their data is collected. The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. If You are located in the EEA, You have the following rights with respect to Your personal data:

    • Right of Access: You may request access to the personal data we hold about You.
    • Right to Correction: You may request the correction of inaccurate or incomplete data.
    • Right to Object: You may object to processing based on legitimate interests or for direct marketing.
    • Right to Erasure: You may request the deletion of personal data when there is no lawful reason for us to continue processing it.
    • Right to Restrict Processing: You may request limits on how Your data is processed.
    • Right to Data Portability: You may request a copy of Your data in a machine-readable format.
    • Right to Withdraw Consent: When processing is based on consent, You may withdraw Your consent at any time.

    Because BedMatch may transmit Resident information to Providers, information already shared with Providers or other Users may not always be retractable from their systems. Where such information constitutes protected health information (PHI), Providers may be required by law to retain certain records and may decline deletion requests.

    To exercise any GDPR rights, contact us at: admin@bedmatch.health.
    We may request additional information to verify Your identity before responding.

    You also have the right to lodge a complaint with Your local data protection authority within the EEA.

    Data Retention Policy

    We will retain personal information only as long as necessary to fulfill the purposes for which it was collected, including:

    1. Purpose Fulfillment: While You maintain an active Account or use the BedMatch Services.
    2. Legal and Regulatory Obligations: To comply with legal, tax, accounting, or healthcarerelated requirements.
    3. Business Needs: To address complaints, improve services, and maintain operational records.
    4. Security and Continuity: For a limited period in system backups, logs, and disaster-recovery files.

    When retention is no longer required, we will delete, anonymize, or securely dispose of personal data in accordance with applicable law. De-identified information may be retained and used indefinitely.

    Special Categories of Data

    If You submit health-related information or Client Profile details from within the EEA, this information constitutes “special categories of personal data.” We will process such information only with Your explicit consent, or where another legal basis under GDPR applies.

    If health-related information is shared with Providers, they will process it in accordance with their own legal obligations. BedMatch does not control Providers’ compliance practices.

    Exercising of Your GDPR Data Protection Rights

    You may exercise Your rights by contacting us at admin@bedmatch.health. We may request verification information before responding. We will respond as promptly as we reasonably can.

    If You believe Your rights have been violated, You may file a complaint with the competent Data Protection Authority in Your EEA member state

    This Privacy Policy was last revised on December 8, 2025.

    Senior Placement Simplified: End the Search. Start the Match.

    © 2026 BedMatch Pro. All rights reserved.