1. Information We Collect

1.1 Account Information

When you register, we collect your name, email address, and password. Providers may additionally supply clinic name, address, phone number, website, medical specialty, and National Provider Identifier (NPI) number.

1.2 Care Request Data (Patients)

When you submit a care request, we collect the medical service or procedure you are seeking, your ZIP code and travel radius, budget range, preferred timeline, funding type (self-pay, financing, or out-of-pocket), and your contact information (email and phone number). Contact information is stored securely and only revealed to providers who have unlocked your request.

1.3 Crowdfunding Campaign Data

When you create a fundraising campaign, we collect the campaign title, funding goal, medical cause, your personal story and recovery narrative, and any updates you post. Campaign content is visible to the public once approved.

1.4 Financial Information

All payment transactions (provider subscriptions, credit package purchases, and donor contributions) are processed by Stripe. We do not store full credit card numbers or bank account credentials on our servers. Stripe provides us with limited transaction metadata such as the last four digits of a card and payment status. For more information, see Stripe's Privacy Policy.

1.5 Bank Balance Verification

Patients may optionally connect a bank account through Stripe Financial Connections to verify available funds and earn a Gold Badge on their care request. We retrieve only a privacy-preserving balance summary (e.g., "$10,000+") and do not store your full account number, routing number, or login credentials. The balance summary is stored on your care request to signal financial readiness to providers.

1.6 Communications

When patients and providers communicate through our in-platform messaging system, those messages are stored in our database to support the conversation history. We may also send you transactional emails (via Resend) and SMS notifications (via Twilio) related to your account activity, new care requests, and platform updates.

1.7 Usage and Technical Data

We automatically collect certain technical information when you use our platform, including your IP address, browser type, device type, pages visited, and timestamps. This data is stored in Firebase (Google) and used to operate and improve the platform.

2. How We Use Your Information

• To operate and maintain the platform and connect patients with medical providers.
• To notify providers (via email and SMS) of new care requests matching their specialty and location.
• To process provider subscription and credit purchases via Stripe.
• To facilitate crowdfunding campaigns and disburse funds to campaign creators via Stripe Connect.
• To verify provider credentials (NPI lookup) and patient fund availability (Stripe Financial Connections).
• To send transactional communications such as account confirmation, lead alerts, and campaign updates.
• To detect fraud, enforce our Terms of Service, and comply with legal obligations.
• To improve our platform through aggregated, anonymized analytics.

3. How We Share Your Information

• Providers (Care Requests): A patient's general care request details (service type, location, budget range, verification badges) are visible to all approved providers. A patient's contact information is only revealed to a provider after that provider spends a credit or uses their subscription to unlock the request.
• Public Campaigns: Information you include in a crowdfunding campaign (story, goal, raised amount) is publicly visible once approved.
• Service Providers: We share data with trusted third-party vendors necessary to operate the platform, including Firebase/Google (database and authentication), Stripe (payments and payouts), Twilio (SMS), Resend (email), and Google (Places API for provider discovery). Each provider processes data only as needed to perform their services.
• Legal Requirements: We may disclose your information if required by law, subpoena, or court order, or to protect the rights, safety, or property of MedFund Circle or others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. HIPAA Disclaimer

MedFund Circle LLC is a technology platform and marketplace — we are not a healthcare provider, health plan, or healthcare clearinghouse, and are therefore not a "covered entity" as defined under the Health Insurance Portability and Accountability Act (HIPAA). Medical information you share on our platform (procedure descriptions, conditions, treatment needs) is not protected health information (PHI) under HIPAA.

We strongly advise you to be thoughtful about the medical details you share publicly in campaign stories or care request descriptions. We treat all medical information with care and implement appropriate security safeguards, but we cannot guarantee HIPAA-level protections.

5. SMS Communications

By providing your phone number and opting in to SMS notifications, you consent to receive text messages from MedFund Circle related to your care request activity, lead alerts, and platform updates. Message and data rates may apply. You may opt out at any time by replying STOP to any SMS message. SMS communications are sent via Twilio and comply with applicable TCPA regulations.

6. Data Security

We implement industry-standard security measures including SSL/TLS encryption for data in transit, Firebase security rules for Firestore access control, and role-based access within the platform. Payment data is handled exclusively by Stripe, which maintains PCI DSS compliance. Despite these measures, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active or as necessary to provide services. Care requests are automatically closed after 30 days of inactivity. You may request deletion of your account and associated data at any time by contacting us. Certain records (transaction logs, donation history) may be retained for up to 7 years for tax, legal, and audit purposes.

8. Your Privacy Rights

8.1 All Users

You may access, correct, or update your account information at any time through your account settings. You may also request deletion of your account by contacting us.

8.2 California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale of your personal information. We do not sell personal information to third parties. To exercise these rights, contact us at support@medfundcircle.com.

9. Children's Privacy

Our platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the platform after changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: