Milton Nation App Privacy Policy

Effective: May 18, 2026 This privacy policy applies to the Milton Nation Alumni iOS app. For our general website privacy practices, see Website Privacy Policy

Who We Are

Milton Recovery Centers (“we,” “us,” “Milton”) operates the Milton Nation Alumni App. Milton Recovery Centers is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). Our facilities are located in Florida and Ohio.

Contact for privacy questions:

Privacy Officer: Ezra Barishansky
Email: media@miltonhealthgroup.com
Phone: (844) 406-4325
Mail: Milton Recovery Centers, 521 Northlake Blvd, North Palm Beach, FL 33408

What Data We Collect

Account Information

Full name, username, email address, phone number, profile photo (optional)

Recovery Context (Protected Health Information — PHI)

Sobriety date, discharge date, recovery program (IOP/PHP/Detox/Residential/OP/Other), facility (Florida or Ohio), milestone achievements

User-Generated Content

Community posts, comments, likes, direct chat messages with your care team, uploaded photos

Device & Usage Data

Apple Push Notification Service (APNS) device token, iOS version, in-app analytics events (which screens you visit, which features you use), audit logs of privileged actions

SMS Verification Data

The phone number you register and the timestamps of verification code requests (for rate limiting and fraud prevention). Verification codes themselves are stored only as one-way SHA-256 hashes and are deleted after 5 minutes or first use.

How We Use The Data

Authenticate you via email/password + SMS one-time code (two-factor authentication)
Deliver the community experience — show you posts, comments, meetings, and announcements relevant to your facility
Match you with your care team — assign case manager and therapist, enable secure 1:1 messaging
Detect crisis content — automated and human review of posts and messages flag indicators of self-harm, suicidal ideation, or substance use relapse, and escalate to your care team for outreach
Improve the service — aggregated analytics about feature usage and engagement (not tied to identifying information)
Comply with legal obligations — including HIPAA recordkeeping, breach notification, and lawful subpoenas

Third-Party Processors

Vendor	What they process	HIPAA BAA
Supabase (Postgres database, authentication, edge functions, file storage)	All app data including PHI	✅ Signed
Twilio (SMS one-time verification codes)	Your phone number + the OTP code body	🟡 Signed/In process (expected before public release)
Apple APNS (push notifications)	Push notification body (does NOT contain PHI)	Apple Developer Agreement covers
Resend (welcome email after signup)	Email address only; email body contains no PHI	Not required — no PHI flows

We do not sell your data. We do not share your data with advertising networks. We do not share your data with any third party for their independent marketing purposes.

Who Can See Your Data Within The App

You — full access to your own data
Other alumni — only your community-facing data (username, public posts, public comments) that you’ve chosen to share
Your care team — your sobriety status, content you’ve flagged, and 1:1 chat messages with them
Milton admins — facility-scoped data for moderation, content review, and account management
Super admins — cross-facility data for system administration
Crisis escalation — content flagged as crisis by automated detection is shared with admin team for safety response

SMS Messaging Program

Program Name: Milton Nation

Purpose: Two-factor authentication. When you sign in to the Milton Nation iOS app, we send a six-digit verification code by SMS to the phone number on your account. This code is required as the second factor of authentication.

Message Frequency: One SMS per login attempt. Typically 1–10 messages per month per user.

Message & Data Rates: Standard message and data rates may apply per your mobile carrier’s plan.

Opt-out: Reply STOP to any verification message to unsubscribe. Opting out disables your ability to log in until you re-enroll your phone number via in-app Settings → Phone Number.

Help: Reply HELP to any verification message, or contact media@miltonhealthgroup.com.

Mobile numbers and SMS opt-in consent data are never shared with third parties or affiliates for marketing purposes.

Push Notifications

The app may send push notifications for: application status updates (received, approved), comments on your posts, post moderation decisions, care-team messages, milestone celebrations, and crisis escalation alerts (admin only).

You can disable push notifications at any time in iOS Settings → Notifications → Milton Nation.

Eligibility & Children

The Milton Nation Alumni App is intended solely for verified alumni of Milton Recovery Centers who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn we have collected such information, we will delete it.

Data Retention

Active Accounts: We keep your data while your account is active
Deleted Accounts: When you delete your account in Settings → Delete Account, your data is marked for deletion and retained for a 30-day grace period during which you can restore. After 30 days, your account is permanently deleted.
Audit Logs: Retained for 7 years to comply with HIPAA recordkeeping requirements
Anonymized Analytics: Aggregated and de-identified after 90 days

Your HIPAA & State-Law Rights

Because Milton Recovery Centers is a HIPAA covered entity, you have the right to:

Access the PHI we hold about you
Amend PHI you believe is incorrect
Restrict certain uses or disclosures
Receive an accounting of disclosures we’ve made
Request confidential communications (e.g., through a different channel)
Delete your account and associated data (Settings → Delete Account)
Be notified of any breach affecting your PHI within 60 days of discovery
File a complaint with the U.S. Department of Health and Human Services Office for Civil Rights, or with the appropriate state agency, if you believe your privacy rights have been violated. Filing a complaint will not affect the treatment or services you receive.

To exercise any of these rights, email media@miltonhealthgroup.com.

Security

We protect your data with:

Encryption at rest — all data is encrypted using AES-256 by our database provider (Supabase)
Encryption in transit — all communication between the app and our servers uses TLS 1.2 or higher
Row-level security — database access controls enforce that you can only read your own data plus content you’ve been granted access to
Audit logging — every privileged action (logins, admin actions, content moderation, emergency access) is logged for HIPAA recordkeeping
Multi-factor authentication — email/password plus SMS one-time code on every login
Screenshot protection — sensitive screens are blurred when the app is backgrounded; screenshots are flagged for audit

Crisis Content Monitoring

The app uses automated content analysis to identify posts, comments, and messages that may indicate crisis (self-harm, suicidal ideation, relapse risk). Content flagged by this system is reviewed by Milton clinical staff and may trigger outreach from your assigned care team. By using the app, you consent to this monitoring as a condition of receiving support.

If you are in immediate crisis, please call or text 988 (Suicide & Crisis Lifeline) or call 911.

Cookies & Tracking

The mobile app does not use web cookies. The app stores a small set of authentication tokens locally on your device in the iOS Keychain (a hardware-encrypted store). These tokens are deleted when you log out or delete the app.

International Users

The Milton Nation Alumni App is intended for use within the United States. If you access the app from outside the US, your data may be transferred to and stored in the United States.

Changes to This Privacy Policy

We may update this Privacy Policy occasionally. Material changes will be communicated in-app and by email at least 30 days before they take effect. Continued use of the app after changes constitutes acceptance.

Breach Notification

If we discover a breach of unsecured PHI, we will notify affected individuals within 60 days as required by HIPAA. If the breach affects 500 or more individuals, we will also notify the U.S. Department of Health and Human Services and prominent media outlets in the affected state.

Contact

Milton Recovery Centers

Email: media@miltonhealthgroup.com

Phone: (844) 406-4325 (24/7)

Ohio: (740) 715-4673 (24/7)

Mail: 521 Northlake Blvd, North Palm Beach, FL 33408

For HIPAA complaints, you may also contact: U.S. Department of Health and Human Services Office for Civil Rights www.hhs.gov/ocr