Privacy Policy
The Care Ratings — A service of Watch Digital LLC
Introduction
Watch Digital LLC ("Company," "we," "us," or "our") operates The Care Ratings, accessible at thecareratings.com (the "Site"). We are committed to protecting the privacy of every person who visits, uses, or interacts with our Site. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your personal information.
Please read this Privacy Policy carefully. By accessing or using the Site, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, please discontinue use of the Site.
This Policy applies to:
- Visitors who browse the Site without creating an account
- Site users who create accounts, write reviews, and save facilities
- Facility owners and administrators who claim or add listings
- Business representatives who contact us regarding advertising or partnerships
1. Company Information
The data controller responsible for your personal information is:
Watch Digital LLC
8735 Dunwoody Place, Suite 460
Atlanta, Georgia 30350
United States
General Inquiries: info@watchdigital.agency
Legal & Privacy Requests: legal@watchdigital.agency
Sales & Customer Support: sales@thecareratings.com
We do not accept privacy requests submitted by physical mail. All privacy requests must be submitted via our contact form at thecareratings.com/contact or by email to legal@watchdigital.agency.
2. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically, and information obtained from third parties.
2.1 Information You Provide Directly
Account Registration (Site Users)
When you create an account, we collect your email address, display name, and password (stored as a cryptographic hash — we never store your plaintext password). You may optionally provide a profile photograph.
Account Registration (Facility Owners)
When you claim or add a facility listing, we collect your name, job title, work email address, work phone number, and the name of the facility you represent. For paid subscriptions, we collect billing information through our payment processor, Stripe. We do not store your full credit card number — Stripe handles all payment data under PCI-DSS compliance standards.
Reviews and Ratings
When you submit a review, we collect the review text, star rating, your relationship to the facility (e.g., family member, resident), and the date of submission. Reviews are associated with your account and displayed publicly under your chosen display name.
Dispute and Report Submissions
When you file a report against a listing, we collect your name, email address, your stated relationship to the facility, the nature of the report, a written description, and any supporting documents you upload.
Contact Form and Support Inquiries
When you contact us through our contact form or by email, we collect your name, email address, and the content of your message.
Add Listing Submissions
When you submit a new facility listing, we collect the facility name, address, phone number, facility type, services offered, pricing information, and your contact information as the submitting representative.
2.2 Information Collected Automatically
Usage Data
We use Umami Analytics, a privacy-focused, open-source analytics platform, to collect anonymized usage data including pages visited, time spent on pages, referral sources, and general geographic region (country and state level only — not precise location). Umami does not use cookies and does not collect personally identifiable information. No data is shared with third-party advertising networks through our analytics system.
IP Address and Geolocation
We use your IP address, provided through Cloudflare's infrastructure, to determine your approximate geographic location (state level) for the purpose of displaying relevant local content on the homepage. We do not store IP addresses in our database beyond the session. Cloudflare processes IP addresses in accordance with their own privacy policy.
Log Data
Our hosting infrastructure (Cloudflare Pages) automatically collects standard server log data including IP addresses, browser type, operating system, referring URLs, and timestamps. This data is used for security monitoring and is retained for 30 days.
Cookies and Local Storage
Please see our separate Cookie Policy for a complete description of the cookies and local storage technologies we use.
2.3 Information from Third Parties
Government Data Sources
The core facility data displayed on the Site is sourced from publicly available government datasets, including the Centers for Medicare & Medicaid Services (CMS) Provider Data Catalog, the U.S. Census Bureau American Community Survey, the CDC PLACES dataset, and the Agency for Healthcare Research and Quality (AHRQ) Social Determinants of Health database. This data is public information and is not subject to privacy restrictions.
Google Places API
We may use the Google Places API to retrieve publicly available information about facilities, including ratings, review counts, and geographic coordinates. This data is subject to Google's privacy policy.
Twilio
We use Twilio to send SMS verification codes and notifications. When you provide a phone number for verification, that number is transmitted to Twilio for the purpose of sending the verification code. Twilio's privacy policy governs their handling of this data.
Stripe
We use Stripe as our payment processor. When you make a payment, your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy. We receive only a tokenized reference and the last four digits of your payment card.
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) | Applies To |
|---|---|---|
| Creating and managing your account | Contract performance | All registered users |
| Verifying your identity and authorization | Contract performance | Facility owners |
| Displaying your reviews and ratings publicly | Contract performance / Legitimate interest | Site users |
| Sending transactional emails (verification, password reset, notifications) | Contract performance | All registered users |
| Processing subscription payments | Contract performance | Facility owners (paid) |
| Sending marketing emails (newsletter, upgrade prompts) | Consent | All registered users (opt-in) |
| Personalizing homepage content by geographic region | Legitimate interest | All visitors |
| Resolving disputes and reports | Legitimate interest / Legal obligation | Reporters and facility owners |
| Improving the Site and user experience | Legitimate interest | All visitors |
| Complying with legal obligations | Legal obligation | All users |
| Fraud prevention and security | Legitimate interest | All users |
| Operating the lead referral program | Contract performance | Facility owners (paid) |
We do not use your personal information for automated decision-making that produces legal or similarly significant effects without human oversight.
4. How We Share Your Information
We do not sell your personal information to third parties. We do not share your personal information with advertising networks for behavioral targeting. We share information only in the following limited circumstances:
Service Providers
We share information with trusted third-party service providers who assist us in operating the Site. These providers are contractually bound to use your information only for the purpose of providing services to us and in accordance with this Policy. Our key service providers include:
- Amazon Web Services (AWS SES): Email delivery
- Twilio: SMS delivery and phone verification
- Stripe: Payment processing
- Cloudflare: Hosting, CDN, and bot protection (Turnstile)
- Neon Technologies: Database hosting
- Railway: Hosting for Chatwoot (support) and Umami (analytics)
- Chatwoot: Customer support ticket management
Publicly Displayed Information
Reviews, ratings, display names, and facility responses are displayed publicly on the Site. By submitting a review, you consent to its public display. If you delete your account, your reviews will remain on the Site attributed to "Anonymous Reviewer" as described in Section 7 of this Policy.
Facility Owners (Referral Program)
If you use our AI Care Advisor and are matched with a facility through our lead referral program, we will share your stated care needs (care type, timeline, location preference, budget range, and special requirements) with the matched facility. We will not share your name, email address, or phone number with the facility without your explicit consent. Our referral coordinator will contact you first to facilitate the introduction.
Legal Requirements
We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Watch Digital LLC, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you via email and a prominent notice on the Site before your information is transferred and becomes subject to a different privacy policy.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account information (active account) | Duration of account plus 90 days after deletion |
| Account information (deleted account) | 90 days (for fraud prevention and legal compliance) |
| Review content | Indefinitely (anonymized upon account deletion) |
| Payment records | 7 years (required by US tax law) |
| Support and dispute correspondence | 3 years from resolution |
| Server log data | 30 days |
| Analytics data (Umami — anonymized) | 24 months |
| Email communication logs | 12 months |
6. Data Security
We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS 1.3
- Encryption of sensitive data at rest in our Neon Postgres database
- Passwords stored as cryptographic hashes using bcrypt (never in plaintext)
- Access controls limiting employee access to personal data on a need-to-know basis
- Bot protection on all forms using Cloudflare Turnstile
- Regular security reviews of our infrastructure
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and the appropriate authorities as required by applicable law.
7. Reviews and Account Deletion
When you delete your account, we will remove your personal information (name, email address, profile photograph, and account credentials) from our systems within 90 days. However, reviews you have submitted will remain on the Site attributed to "Anonymous Reviewer" rather than your display name.
This practice is disclosed at the time of account creation, on the account deletion confirmation screen, and in our Terms of Service. It is consistent with the FTC Consumer Review Fairness Act, which protects the right of consumers to publish honest reviews, and with the principle that community ratings data serves a public interest beyond any individual user's account.
If you are an EU resident and wish to exercise your right to erasure under GDPR Article 17, please contact legal@watchdigital.agency. We will anonymize all personal data associated with your account. The anonymized review content (text and rating, without any identifying information) may be retained under the legitimate interest exception in GDPR Article 17(3)(e) as it constitutes information necessary for the establishment, exercise, or defense of legal claims and serves a public interest in the accuracy of healthcare facility ratings.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
8.1 All Users
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate or incomplete personal information.
- Right to Deletion: You may request deletion of your account and associated personal information, subject to the exceptions described in Section 7.
- Right to Opt Out of Marketing: You may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email or by updating your notification preferences in your account settings.
8.2 California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA beyond what is necessary for account creation and payment processing.
To exercise your California privacy rights, submit a request through our contact form at thecareratings.com/contact or email legal@watchdigital.agency. We will respond within 45 days.
8.3 European Union and EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR) including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority.
To exercise your GDPR rights, contact legal@watchdigital.agency. We will respond within 30 days.
Note on International Transfers: The Site is operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Site, you consent to this transfer.
9. Children's Privacy
The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at legal@watchdigital.agency.
10. Third-Party Links
The Site may contain links to third-party websites, including facility websites, government data sources, and external resources. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email (if you have an account) and by posting a prominent notice on the Site at least 30 days before the changes take effect. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision.
Your continued use of the Site after the effective date of any changes constitutes your acceptance of the updated Policy.
12. Contact Us
For questions, concerns, or requests related to this Privacy Policy, please contact us:
By Email (preferred): legal@watchdigital.agency
By Contact Form: thecareratings.com/contact
We do not accept privacy requests submitted by physical mail.
Have questions about our privacy practices?
Contact Legal & Privacy →
