TeddyBridge

TeddyBridge Privacy Policy

Effective Date: February 25, 2025

1. Introduction

TeddyBridge ("we," "our," or "us") is a 501(c)(3) nonprofit organization. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS application, website, and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name and email address. If you sign in with Apple or Google, we receive your name and email (or a private relay email if you choose "Hide My Email" through Apple). We may also collect your profile photo and biographical information if you choose to provide them. We do not collect your phone number or physical address.

Health Information

To match you with appropriate peers, we collect information about your foot and ankle condition, surgery status, surgery timeline, surgeon name, recovery stage, and the types of support you are looking for. This information is provided voluntarily by you during onboarding and is used to personalize your peer matching experience.

Communications

We collect the messages you exchange with other users through our in-app messaging feature. We also facilitate video and voice calls between matched peers using a third-party provider (Daily.co). We do not record the audio or video content of these calls. Call metadata (scheduling, duration, and participant identifiers) is stored to support the call feature.

Usage and Security Data

We collect information about how you interact with our Service, including login events, feature usage, and API activity. This data is used for security monitoring, fraud prevention, and improving the Service. On iOS, we store authentication tokens securely in the device Keychain.

Device Information

We collect your device's push notification token to send you notifications about messages, call reminders, and account activity. We do not collect your device's advertising identifier or use any device-level tracking.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Match you with peers who share similar conditions and experiences
  • Facilitate secure messaging and video/voice calls between matched peers
  • Send push notifications about messages, calls, and account activity
  • Authenticate your identity and maintain session security
  • Monitor for unauthorized access and security threats
  • Respond to your inquiries and provide customer support
  • Comply with legal obligations

We do not use your information for advertising, ad targeting, or tracking across other apps and websites.

4. Data Security

We implement strong security measures to protect your information:

  • All data is encrypted in transit using TLS/HTTPS
  • Health information and sensitive data are encrypted at rest using AES-256 encryption
  • Authentication tokens are stored in the iOS Keychain with device-only access protection
  • The app supports biometric authentication (Face ID / Touch ID) for session unlock
  • Sessions automatically lock after 5 minutes of inactivity
  • A privacy screen obscures app content in the iOS app switcher
  • Third-party keyboard extensions are blocked on sensitive input fields
  • Security events are logged for audit purposes

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. How We Share Your Information

With Other Users

Your display name (or anonymous alias if you enable anonymous mode), profile photo, condition, surgery status, recovery stage, bio, and support goals may be visible to other matched users to facilitate peer connection. You control what you share through your profile settings.

With Service Providers

We share information with third-party service providers who perform services on our behalf: Supabase (authentication and database hosting) and Daily.co (video and voice call infrastructure). These providers process data only as necessary to perform their services and are bound by confidentiality obligations. We require Business Associate Agreements where applicable.

For Legal Purposes

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

For Research

With your consent, we may share de-identified, aggregated data for research purposes to advance the understanding and treatment of foot and ankle conditions. Individual-level data is never shared for research without your explicit consent.

We do not sell your personal information. We do not share your information with data brokers, advertising networks, or any third party for advertising purposes.

6. Your Rights and Choices

Access Your Data

You have the right to request access to the personal information we hold about you. You can view and update most of your information through your account settings in the app.

Export Your Data

You can request an export of your personal data through the Settings screen in the app.

Delete Your Data

You may request deletion of your account and personal information through the app or by emailing us. Upon receiving such a request, we will delete your data within 30 days, except where we are required to retain it by law.

Anonymous Mode

You can enable anonymous mode in your profile settings to connect with peers without revealing your full name.

Push Notifications

You can manage push notification preferences through your device's iOS Settings at any time.

Sign in with Apple Privacy

If you use Sign in with Apple with "Hide My Email," Apple provides a unique private relay email address. We communicate with you through this relay. You can manage or revoke this in your Apple ID settings.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. We may retain certain information after account deletion as required by law or for legitimate security and audit purposes (such as security logs). Audit logs are retained for a maximum of 12 months after account deletion.

8. Children's Privacy

Our Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from someone under 18, we will delete it promptly.

9. International Users

If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our Service, you consent to this transfer.

10. California Residents

If you are a California resident, you have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected it, and the purposes for which we use it. You also have the right to request deletion of your personal information. To exercise these rights, contact us at the email below. We do not sell personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and within the app. The "Effective Date" at the top will be updated accordingly. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@teddybridge.com

Website: https://www.teddybridge.com

501(c)(3) Nonprofit Organization