Privacy Policy
Effective June 14, 2026
About this policy
The Bridges Hospice Staff Resource App (the "App") is operated by Bensolutions LLC d/b/a Noise Meld ("Noise Meld", "we", "us") on behalf of Bridges Hospice, Inc. ("Bridges Hospice"). This policy explains what the App collects, how that information is used, and who it is shared with.
The App is provided to active Bridges Hospice staff. Bridges Hospice, Inc. is the controller of staff records and operational content. Noise Meld is the platform operator and processor.
Effective June 14, 2026.
What the App does
The App is a native iOS and Android client for the Bridges Hospice staff portal at app-bridges.noisemeld.com. It provides a native sign-in screen, a local biometric unlock gate, and a WebView that surfaces internal forms, policies, HR materials, and document search.
Information we collect
The App collects only the information needed to sign you in to your Bridges Hospice account and to operate the features described above.
Account and session data
- Email address and password — handled by the Bridges Hospice authentication backend. Passwords are stored only as one-way hashes; we never log or transmit plaintext passwords beyond the moment of sign-in.
- Session token — issued by the authentication backend and stored in the device's platform-native secure cookie store (iOS NSHTTPCookieStorage, Android WebView CookieManager). Sessions expire after eight hours of inactivity.
- Last sign-in timestamp and source device, recorded server-side for audit purposes.
Biometric unlock
- Face ID or Touch ID on iOS, fingerprint or face unlock on Android, is offered as a local unlock gate after the first sign-in.
- Biometric matching happens entirely on your device, inside the platform's secure enclave. The App never receives the biometric data itself — only a success or failure signal from the operating system.
Content you view and submit
- Internal Bridges Hospice documents, policies, and forms you open through the App are logged server-side by Bridges Hospice for audit and policy reasons.
- Forms you fill in are submitted through the WebView; submitted form data is processed server-side, rendered to PDF, and emailed to the responsible Bridges Hospice team. The App itself does not retain submitted form data.
Ask search queries
- Questions you type into the Ask tab are sent to Google's Gemini File Search service for matching against an indexed corpus of Bridges Hospice operational documents — policies, procedures, forms, employee handbook, training materials, and similar reference content.
- The indexed corpus does NOT contain patient records, medical charts, or other Protected Health Information. Only the operational documents Bridges Hospice's administrators have explicitly approved for the corpus are indexed.
- A server-side guardrail screens your typed queries before transmission and rejects entries that look like Protected Health Information (PHI). Rejected queries are recorded server-side, without their content, for guardrail tuning.
- Do not submit patient names, identifiers, or other PHI into Ask. The guardrail is a best-effort filter — your responsibility to protect patient information is the primary control.
What we do not collect
The App does not include advertising, analytics, or cross-app tracking SDKs.
- No advertising or marketing identifiers (no IDFA, no ATT prompts, no ad SDKs).
- No product analytics or telemetry SDKs.
- No crash-reporter SDKs.
- No location data.
- No access to your contacts, photos, microphone, or camera.
- No HealthKit or fitness data.
How we use your information
- Authenticate you to the Bridges Hospice staff portal and keep you signed in across launches.
- Provide local biometric unlock so you don't enter your password every time the App opens.
- Route Ask queries to Gemini File Search and return the matching documents.
- Surface internal forms, policies, and HR materials at the URLs you choose to open.
Who we share information with
We share information only with the parties needed to operate the App. We do not sell information, and we do not share it with advertisers or data brokers.
Bridges Hospice
- Your employer has access to your account, your usage history, and the content you submit through the App for legitimate business, HR, and compliance purposes.
Google (Gemini File Search)
- The Ask tab sends two things to Google's Gemini File Search: (a) the operational document corpus (policies, procedures, forms — never patient records or PHI), indexed once and stored by Google for subsequent searches; and (b) your query, sent at search time, after passing the PHI guardrail.
- We do not send patient names, medical record identifiers, your account identifier, or any other PHI to Google as part of the corpus or at query time. Google processes the requests under its own terms for the Gemini API.
Render (infrastructure host)
- The Bridges Hospice backend runs on Render. Render hosts the application server and the Postgres database that stores your account, your form drafts, the indexed document corpus, and your usage history.
Cloudflare (Render's CDN sub-processor)
- Render uses Cloudflare as its content delivery and DDoS protection layer. Cloudflare sits between your device and Render's application server.
- Cloudflare sees your IP address, the URL paths you request, request headers, and the decrypted-in-transit body of each request. It does not retain the content of your requests long-term and is bound by Render's processing agreement, not a separate agreement with us.
Resend (transactional email)
- Resend (resend.com) delivers transactional emails on the platform's behalf — password reset links, and PDF form submissions routed to Bridges Hospice's internal teams.
- Resend processes the recipient email address, sender display name, subject line, and email body. For form-submission emails, the body includes the data you typed into the form. For password resets, the body includes a one-time reset link.
Apple and Google (mobile platforms)
- Standard mobile platform interactions: app delivery, push-notification routing (once enabled), system-level crash reporting if you opt in at the OS level.
Data retention
- Sessions expire after eight hours of inactivity. You will be signed out and prompted to re-authenticate.
- Account lifetime is managed by Bridges Hospice administrators. When your employment with Bridges Hospice ends, your account is deactivated.
- Submitted form contents are retained per Bridges Hospice's internal records policy.
- Ask queries and citations are retained server-side per Bridges Hospice's audit retention policy.
Security
No system is perfectly secure. If you suspect your account has been compromised, contact Bridges Hospice immediately so your sessions can be revoked.
- All network traffic uses HTTPS with TLS.
- Passwords are hashed by the Bridges Hospice authentication backend using current best-practice hashing parameters.
- Session cookies are issued as HTTPS-only secure cookies scoped to app-bridges.noisemeld.com.
- The App's stored session cookies live in platform-native secure cookie storage, isolated from other apps.
- Biometric checks run inside Apple's Secure Enclave or Android's Strongbox; biometric templates never leave your device.
Children
The App is for adult Bridges Hospice staff only. It is not directed to, designed for, or intended to be used by anyone under 18. We do not knowingly collect information from minors.
HIPAA and Protected Health Information
Bridges Hospice is a HIPAA-covered entity. The Bridges Hospice platform that the App connects to is operated by Noise Meld as a Business Associate under a Business Associate Agreement (BAA) with Bridges Hospice. PHI processing happens server-side, under the BAA boundary.
The App itself is a UI shell. It does not store PHI locally and does not transmit PHI to any party outside the Bridges Hospice platform.
Staff are responsible for using the App in line with Bridges Hospice's PHI handling policies. In particular: do not submit PHI through the Ask tab. The server-side guardrail will refuse PHI-style queries, but you remain responsible for protecting patient information.
Your choices and rights
Because Bridges Hospice is the controller for your staff record, requests to access, correct, export, or delete your information should be directed to Bridges Hospice's HR or administrative team. Noise Meld will assist Bridges Hospice in fulfilling those requests when properly authorized.
How to request deletion of your data
You may ask us to delete the personal information associated with your App account. Bridges Hospice is the controller of staff records, so deletion requests are fulfilled by Bridges Hospice with the assistance of Noise Meld as the platform operator.
How to make a request
- Email Noise Meld at support@noisemeld.com, or contact your Bridges Hospice HR or administrative team, and state that you are requesting deletion of your App account data.
- Include the email address associated with your account so the request can be verified. We may ask you to confirm your identity before acting on the request.
- We acknowledge requests within a reasonable period and delete eligible data after verification, subject to the retention obligations described below.
What is deleted and what is retained
- Deleted on request: your account profile (name, email address, user ID, and phone number if provided) and your push-notification device tokens.
- Retained: submitted form contents and any files you attached to them (for example, expense receipts), together with related audit and access logs such as IP address and timestamps. These are part of Bridges Hospice records and are kept for the period described below, then deleted in the ordinary course of that policy.
Retention period
- Some information is retained after a deletion request where Bridges Hospice is required to keep it to meet employment, healthcare, tax, or other legal recordkeeping obligations.
- The retention period for those records is set by Bridges Hospice's records-retention policy and applicable law. Information that is no longer subject to a retention obligation is deleted.
Changes to this policy
If we make material changes to this policy, we will update the effective date and communicate the changes through the App and through Bridges Hospice's internal channels.
Contact
For questions about your account, your employment, or how Bridges Hospice handles your information, contact Bridges Hospice directly.
For questions about the App itself or about how Noise Meld processes information on the platform, contact support@noisemeld.com.