1. What we collect.
To deliver Equipment we collect your name, email, phone number, delivery address, and payment details. We also collect limited equipment-assignment information (which items are currently at your address and their delivery status).
2. What we do not collect.
We do not collect your diagnosis, insurance information, prescriptions, or medical history. Brothers DME is a supplier of equipment, not a healthcare provider — we don't need it, so we don't ask for it.
3. How we use it.
We use your information to fulfill rentals, bill you, dispatch drivers, and communicate about your account. We do not sell your data. We do not share it with advertisers.
4. HIPAA.
Because we limit collection to name, address, and equipment assignments, our obligations under HIPAA are narrow. We maintain a Business Associate Agreement with our infrastructure providers (Supabase for database, Stripe for payments) where applicable.
5. Data security.
We use industry-standard encryption in transit (TLS 1.3) and at rest (AES-256), audit logs, and role-based access for staff. Payment card data never touches our servers — Stripe handles all card information directly.
6. Retention.
We keep rental records for as long as required by contract and applicable law, then delete them. You can request deletion any time (see §7).
7. Your rights.
You may request a copy of your data, correction of inaccurate records, or deletion at any time by emailing support@brothersdme.com. We'll respond within 30 days.
8. Cookies & analytics.
We use strictly necessary cookies for login sessions and site function. We also use Vercel's first-party analytics to understand page views and performance — no third-party trackers, no cross-site cookies, no ad profiles.
9. Contact.
Brothers DME, LLC · support@brothersdme.com