[ Privacy ]

Privacy PolicyYour Data, Our Commitment

We are committed to protecting your privacy and ensuring the security of your personal information.

Last Updated: July 13, 2026

At CareCade, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

Information We Collect

We collect several types of information for various purposes:

  • Personal Information: Name, email address, phone number, and professional credentials
  • Client Service Data: Service records, progress notes, and care documentation
  • Communication Data: Messages, files, and media shared through our secure messaging system
  • Technical Data: IP address, browser type, device information, and cookies
  • Location Data: GPS data for service verification and route optimization
  • Trip Data: Travel routes, distance calculations, mileage records, and transportation details for NEMT services
  • Notification Tokens: Device tokens for push notification delivery
  • Mobile Device Data: Device permissions, app usage statistics, and mobile-specific identifiers
  • Calendar Data: Schedule and availability information for appointment coordination
  • Care Photos: Photos attached to visit documentation by care staff, stored encrypted with strict access controls; location metadata (EXIF/GPS) is removed automatically on upload
  • Voice Dictation Audio: Voice recordings used to dictate visit notes are processed for transcription on our own servers and deleted immediately — audio is never stored and never sent to third parties

How We Use Your Information

Your information helps us provide and improve our services:

  • Provide and maintain our platform services
  • Comply with HIPAA, state home care regulations, and applicable federal compliance requirements
  • Process and document service delivery
  • Generate reports and analytics
  • Improve our platform and user experience
  • Communicate important updates and information
  • Enable secure messaging between home care providers and clients
  • Coordinate and optimize transportation routes for NEMT services
  • Send push notifications for appointments, messages, and system alerts
  • Track service delivery and staff locations during working hours
  • Facilitate appointment scheduling and calendar management
  • Convert voice dictation to text for visit documentation (processed on our own infrastructure)
  • Attach photo documentation to visit records where care staff add it

HIPAA Compliance

We are fully committed to HIPAA compliance:

  • All data is encrypted in transit and at rest using AES-256 encryption
  • We sign Business Associate Agreements (BAA) with all covered entities
  • Access to PHI is strictly controlled and audited
  • Regular security assessments and penetration testing
  • Employee training on HIPAA requirements
  • Incident response procedures for potential breaches

Information Sharing

We may share your information only in these circumstances:

  • With your explicit consent
  • With service providers who assist in our operations (under strict confidentiality agreements)
  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With ProviderOne for billing purposes (with your authorization)

AI-Powered Features

We use artificial intelligence to enhance your experience:

  • Intake Chatbot: Our intake form uses AI (Claude models running on AWS Bedrock, inside our HIPAA-eligible AWS environment) to provide a conversational experience when you submit service inquiries
  • Data Processed by AI: When using the intake chatbot, your name, contact information, and care needs are processed by the AI to understand and respond to your requests
  • Purpose: AI processing enables natural conversation flow, reduces friction, and helps us better understand your needs
  • Data Retention: Conversation data is temporarily cached for up to 24 hours to maintain conversation context, then automatically deleted
  • Consent: Before starting an AI-powered conversation, you will be asked to acknowledge and consent to AI processing of your information
  • Your Rights: You may request deletion of your conversation data at any time by contacting privacy@carecade.org
  • Alternatives: If you prefer not to use AI features, you can contact the care agency directly by phone or email
  • Voice Transcription: Voice-dictated visit notes are transcribed by a speech-recognition model (OpenAI Whisper) that runs entirely on CareCade's own servers — audio never leaves our infrastructure and is deleted immediately after transcription
  • AI Note Drafting: Care staff may use AI (Claude via AWS Bedrock, within our HIPAA-eligible AWS environment) to improve the structure of visit notes; every AI draft requires human review before it is saved, and nothing is submitted automatically

Data Security

We implement robust security measures:

  • 256-bit SSL/TLS encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication support
  • Regular security audits and updates
  • SOC 2 Type II certified infrastructure
  • AWS data centers with physical security
  • Regular backup and disaster recovery procedures

Data Retention

We retain your data according to these policies:

  • Active account data is retained while your account is active
  • Client service records are retained per state and federal requirements (typically 7 years)
  • Communication logs are retained for 3 years
  • Technical logs are retained for 90 days
  • You may request data deletion (subject to legal retention requirements)

Your Rights

You have the following rights regarding your data:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data (subject to legal requirements)
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Withdraw consent where applicable

Cookies and Tracking

We use cookies and similar technologies:

  • Essential cookies for platform functionality
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings
  • You can control cookies through your browser settings
  • We do not sell your personal information to third parties

Privacy Concerns?

If you have any questions about this Privacy Policy or our data practices, please contact our Privacy Officer.

privacy@carecade.org

Send Feedback

How's your experience?