Tidal Care Network

Privacy Policy

How the Tidal Care Network collects, uses, and protects information

Effective: May 27, 2026

1. Overview

The Tidal Care Network ("Network", "we", "us") is committed to protecting the privacy of the providers who participate in the Network and the clients they serve. This Privacy Policy explains what information we collect, how we use it, who can access it, and how we protect it.

This policy applies to all information collected through the Network platform, including the provider directory, onboarding forms, referral system, and all associated email communications.

By participating in the Network, you agree to the collection and use of information as described in this policy.

2. Information we collect

2.1 Provider information

When a provider applies to and participates in the Network, we collect:

  • Name and professional credentials;
  • License or certification number and issuing body;
  • National Provider Identifier (NPI), where applicable;
  • Practice name and type;
  • Specialty areas and resource categories;
  • Insurance accepted and fee information;
  • Practice location (zip code and area — not street address);
  • Telehealth service information;
  • Contact email and phone number;
  • Professional biography and profile content;
  • Availability status and update history;
  • Peer attestation records (kept confidential — see Section 4);
  • Ethics attestation records;
  • Referral history (without client PHI);
  • Rating and review data;
  • Any communications submitted through the Network platform.

2.2 Peer attestor information

When a peer attestor completes an attestation form, we collect their name, professional credentials, relationship to the applicant, professional email address, and their responses to the attestation questions.

2.3 Client information

The Network is designed to avoid collecting client Protected Health Information (PHI). Referral links generated through the Network may include an optional non-clinical note, but the Network does not collect or transmit client names or identifying health information through the referral tool. The Network does not create client accounts or client health records.

If you are a client accessing the Network to submit a provider review, we collect only your review content and the referral token used to access the review form. We do not collect your name, contact information, or any identifying health information.

2.4 Automatically collected information

When you access the Network platform, we may automatically collect standard web server log information including IP address, browser type, and pages visited. This information is used solely for security and operational purposes.

3. How we use information

3.1 Provider directory and search

Provider profile information — including name, credentials, specialty, location area, insurance, and availability — is displayed publicly in the Network directory to facilitate provider discovery and referrals.

Exact street addresses are never displayed publicly. Only the neighborhood or area name associated with a provider's zip code is shown.

3.2 Vetting and compliance

License and credential information is used to verify provider eligibility. Attestation records are maintained to document compliance with Network requirements. This information is accessible only to the Network Administrator.

3.3 Referrals and communications

Referral data (the Provider who generated the link, the suggested providers, an optional non-clinical note, date, and status) is stored to support referral tracking, post-referral ratings, and network analytics. No client PHI is collected or stored as part of the referral record.

3.4 Availability and renewal reminders

Provider email addresses are used to send monthly availability reminders and annual renewal notifications. Providers may update their reminder preferences from their profile dashboard.

3.5 Network analytics

Aggregated, de-identified data about referral volume, provider categories, and geographic coverage may be used by the Administrator for network planning and reporting. This data will not be sold or shared with third parties in identifiable form.

4. Peer attestation confidentiality

Peer attestation responses are strictly confidential. The applicant provider will be informed only that an attestation was completed or declined — never the content of the attestor's responses.

Attestation records are accessible only to the Network Administrator and are retained for the duration of the provider's participation in the Network plus five years thereafter.

If a declined attestation is a factor in an administrative decision regarding a provider's application or membership, the provider will be informed of this fact but not of the specific content of the attestation.

5. Client review anonymity

Client reviews are submitted anonymously. The Network stores a referral token associated with each review submission for purposes of verifying that only referral-linked clients may submit reviews. This token does not contain client identifying information.

In the event of a provider dispute regarding a review, the Administrator may review the referral token metadata to verify the authenticity of the submission. The client's identity will not be disclosed to the provider in any circumstance.

6. Data sharing

We do not sell provider or client information to any third party.

We may share information in the following limited circumstances:

  • With service providers who assist in operating the Network platform (such as email delivery services), under contractual confidentiality obligations;
  • As required by law, court order, or regulatory requirement;
  • To protect the safety of clients, providers, or the public in cases of credible risk of harm;
  • With your explicit written consent.

7. Data security

We implement reasonable administrative, technical, and physical safeguards to protect the information we collect from unauthorized access, disclosure, alteration, or destruction. These include:

  • Encrypted data storage and transmission (TLS/HTTPS);
  • Access controls limiting data access to authorized personnel;
  • Secure, expiring tokens for one-click email links;
  • Regular review of access logs and security practices.

No system is perfectly secure. In the event of a data breach affecting provider information, we will notify affected parties as required by applicable law.

8. HIPAA considerations

The Network is designed to operate without handling Protected Health Information (PHI) in its core workflow. Providers are responsible for ensuring that any information they include in referral notes or other Network communications complies with HIPAA.

To the extent that the Network's operations qualify it as a Business Associate under HIPAA, the Administrator will enter into a Business Associate Agreement (BAA) with Covered Entity providers upon request. Please contact us at info@tidalcare.org to request a BAA.

9. Data retention

We retain provider profile and participation data for the duration of active Network participation. Following voluntary withdrawal or removal from the Network:

  • Public profile data is removed from the directory immediately;
  • Vetting, attestation, and audit records are retained for five years;
  • Referral records (without PHI) are retained for three years;
  • Review and rating data is retained for the duration of the rated provider's active participation.

10. Provider rights

Active providers may at any time:

  • Review and update their profile information through the Network dashboard;
  • Request a copy of the information we hold about them by contacting info@tidalcare.org;
  • Request correction of inaccurate information;
  • Withdraw from the Network, which will result in removal of their public profile.

Certain records (such as attestation and audit logs) may be retained after withdrawal as described in Section 9.

11. Updates to this policy

We may update this Privacy Policy from time to time. Providers will be notified of material changes by email at least 30 days before the change takes effect. Continued participation in the Network after a policy update constitutes acceptance of the updated policy.

12. Contact

For questions, requests, or concerns regarding this Privacy Policy, contact:

Gnosis Wellness Collective
Tidal Care Network
Email: info@tidalcare.org
Website: www.tidalcare.org

Tidal Care Network  |  tidalcare.org  |  info@tidalcare.org