Privacy PolicyYour Data, Our Commitment

We are committed to protecting your privacy and ensuring the security of your personal information.

Last Updated: January 4, 2026

At CareCade, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

Information We Collect

We collect several types of information for various purposes:

  • Personal Information: Name, email address, phone number, and professional credentials
  • Client Service Data: Service records, progress notes, and care documentation
  • Communication Data: Messages, files, and media shared through our secure messaging system
  • Technical Data: IP address, browser type, device information, and cookies
  • Location Data: GPS data for service verification and route optimization
  • Trip Data: Travel routes, distance calculations, mileage records, and transportation details for NEMT services
  • Notification Tokens: Device tokens for push notification delivery
  • Mobile Device Data: Device permissions, app usage statistics, and mobile-specific identifiers
  • Calendar Data: Schedule and availability information for appointment coordination

How We Use Your Information

Your information helps us provide and improve our services:

  • Provide and maintain our platform services
  • Comply with HIPAA, state home care regulations, and applicable federal compliance requirements
  • Process and document service delivery
  • Generate reports and analytics
  • Improve our platform and user experience
  • Communicate important updates and information
  • Enable secure messaging between home care providers and clients
  • Coordinate and optimize transportation routes for NEMT services
  • Send push notifications for appointments, messages, and system alerts
  • Track service delivery and staff locations during working hours
  • Facilitate appointment scheduling and calendar management

HIPAA Compliance

We are fully committed to HIPAA compliance:

  • All data is encrypted in transit and at rest using AES-256 encryption
  • We sign Business Associate Agreements (BAA) with all covered entities
  • Access to PHI is strictly controlled and audited
  • Regular security assessments and penetration testing
  • Employee training on HIPAA requirements
  • Incident response procedures for potential breaches

Information Sharing

We may share your information only in these circumstances:

  • With your explicit consent
  • With service providers who assist in our operations (under strict confidentiality agreements)
  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With ProviderOne for billing purposes (with your authorization)

AI-Powered Features

We use artificial intelligence to enhance your experience:

  • Intake Chatbot: Our intake form uses AI (powered by Anthropic Claude) to provide a conversational experience when you submit service inquiries
  • Data Processed by AI: When using the intake chatbot, your name, contact information, and care needs are processed by the AI to understand and respond to your requests
  • Purpose: AI processing enables natural conversation flow, reduces friction, and helps us better understand your needs
  • Data Retention: Conversation data is temporarily cached for up to 24 hours to maintain conversation context, then automatically deleted
  • Consent: Before starting an AI-powered conversation, you will be asked to acknowledge and consent to AI processing of your information
  • Your Rights: You may request deletion of your conversation data at any time by contacting privacy@carecade.org
  • Alternatives: If you prefer not to use AI features, you can contact the care agency directly by phone or email

Data Security

We implement robust security measures:

  • 256-bit SSL/TLS encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication support
  • Regular security audits and updates
  • SOC 2 Type II certified infrastructure
  • AWS data centers with physical security
  • Regular backup and disaster recovery procedures

Data Retention

We retain your data according to these policies:

  • Active account data is retained while your account is active
  • Client service records are retained per state and federal requirements (typically 7 years)
  • Communication logs are retained for 3 years
  • Technical logs are retained for 90 days
  • You may request data deletion (subject to legal retention requirements)

Your Rights

You have the following rights regarding your data:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data (subject to legal requirements)
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Withdraw consent where applicable

Cookies and Tracking

We use cookies and similar technologies:

  • Essential cookies for platform functionality
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings
  • You can control cookies through your browser settings
  • We do not sell your personal information to third parties

Privacy Concerns?

If you have any questions about this Privacy Policy or our data practices, please contact our Privacy Officer.

privacy@carecade.org
Terms of Service|Support|About Us