Privacy Policy

1. Introduction

Care Nearby, Inc. ("Care Nearby," "we," "us," or "our") provides elder care coordination services, including daily companion calls, medication management, care coordination, and safety monitoring for aging loved ones. We are committed to protecting the privacy and security of the personal information and protected health information (PHI) you entrust to us.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website at getcarenearby.com and our services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

• Your name, email address, and phone number
• Account credentials (stored securely via Supabase authentication)
• Your relationship to the care recipient (e.g., son, daughter, guardian)

Health Information About Your Loved Ones

To provide our care coordination services, we collect health-related information about care recipients, including:

• Current medications, dosages, and schedules
• Medical conditions and diagnoses
• Known allergies
• Doctor and healthcare provider information
• Daily health status and well-being observations gathered during calls
• Care preferences and routines

Emergency Contact Information

We collect names, phone numbers, and relationships of designated emergency contacts for each care recipient to ensure rapid communication when needed.

Call Recordings and Transcripts

Our Services involve AI-powered phone calls to care recipients. We may record and transcribe these calls for the following purposes:

• Providing care summaries and updates to authorized family members
• Improving the quality and accuracy of our care coordination
• Maintaining records of medication adherence and health observations
• Quality assurance and service improvement

Payment Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe collects and processes your payment information in accordance with their own privacy policy. We receive and store only a transaction identifier, the last four digits of your card, card brand, and billing address for record-keeping purposes.

Usage Data

We automatically collect certain information when you interact with our Services, including:

• Browser type and version
• Pages visited and time spent on pages
• Device type and operating system
• IP address and approximate location
• Referring website or source
• Dates and times of access

3. How We Use Your Information

We use the information we collect to:

• Provide care services: Conduct daily companion calls, manage medication reminders, coordinate care activities, and perform safety monitoring for care recipients.
• Communicate with you: Send care updates, health summaries, alerts, and notifications to authorized family members and caregivers.
• Process payments: Manage your subscription billing and payment transactions through Stripe.
• Respond to emergencies: Contact designated emergency contacts or emergency services when a safety concern is identified during a call.
• Improve our Services: Analyze usage patterns and call quality to enhance our care coordination, AI call technology, and user experience.
• Maintain security: Detect and prevent fraud, unauthorized access, and other harmful activities.
• Comply with legal obligations: Meet applicable legal, regulatory, and compliance requirements, including HIPAA.

4. HIPAA Compliance and Protected Health Information

Care Nearby is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. Health information about care recipients that we collect and maintain constitutes Protected Health Information (PHI) and is handled in accordance with the following principles:

• Minimum necessary standard: We limit the collection, use, and disclosure of PHI to the minimum amount necessary to accomplish the intended purpose.
• Administrative safeguards: We maintain policies and procedures governing access to PHI, workforce training on privacy practices, and designated privacy and security officers.
• Physical safeguards: Access to systems containing PHI is restricted through appropriate physical and environmental controls.
• Technical safeguards: PHI is encrypted in transit and at rest. Access controls, audit logging, and integrity controls are in place to protect electronic PHI (ePHI).
• Business Associate Agreements: We maintain Business Associate Agreements (BAAs) with all third-party service providers who have access to PHI, including our infrastructure and data processing partners.
• Breach notification: In the event of a breach of unsecured PHI, we will notify affected individuals, the U.S. Department of Health and Human Services, and, where required, the media, in accordance with the HIPAA Breach Notification Rule.

You may have additional rights under HIPAA with respect to the PHI of your loved ones. Please contact us at privacy@getcarenearby.com for more information or to exercise those rights.

5. How We Share Your Information

We do not sell your personal information or PHI. We share information only in the following limited circumstances:

Authorized Caregivers and Family Members

We share care updates, health observations, call summaries, and medication adherence information with family members and caregivers whom you have explicitly authorized to receive such information through your account settings.

Service Providers

We engage trusted third-party service providers who assist us in operating our Services, subject to confidentiality obligations and, where applicable, Business Associate Agreements. These include:

• Supabase: Authentication and secure data storage
• Stripe: Payment processing
• Telephony and AI providers: Facilitating and powering care phone calls
• Cloud infrastructure providers: Hosting and data storage

Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including to:

• Comply with a subpoena, court order, or similar legal process
• Respond to a request from law enforcement or other government agency
• Protect the rights, property, or safety of Care Nearby, our users, or the public
• Report suspected abuse, neglect, or exploitation of a vulnerable adult, as required by applicable state and federal law

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

6. Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information and PHI against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Role-based access controls limiting data access to authorized personnel
• Regular security assessments and vulnerability testing
• Audit logging of access to sensitive data
• Secure authentication through Supabase with support for multi-factor authentication
• Employee and contractor training on data privacy and security

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incident.

7. Data Retention

We retain your personal information and PHI for as long as your account is active or as needed to provide you with our Services. Specifically:

• Account information: Retained for the duration of your account and for a reasonable period afterward to allow for account reactivation or to address disputes.
• Health information and call records: Retained for a minimum of six (6) years from the date of creation or the date when it was last in effect, as required by HIPAA, or longer if required by applicable state law.
• Payment records: Retained as required by applicable tax and financial regulations.
• Usage data: Retained in aggregated or anonymized form for analytics and service improvement.

When information is no longer required, we securely delete or anonymize it in accordance with our data retention policies.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information and PHI we hold about you or your care recipient.
• Correction: You may request that we correct inaccurate or incomplete personal information or PHI.
• Deletion: You may request that we delete your personal information, subject to certain exceptions (such as information we are required to retain by law or for HIPAA compliance).
• Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Restriction: You may request that we restrict the processing of your personal information under certain circumstances.
• Withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@getcarenearby.com. We will respond to your request within 30 days, or within the timeframe required by applicable law.

9. Children's Privacy

Our Services are designed for adults and are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. Our care coordination services are provided to elderly adults, and accounts are created by adult family members or authorized caregivers. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These include:

• Essential cookies: Required for the website to function properly, including authentication and session management.
• Analytics cookies: Help us understand how visitors interact with our website so we can improve our Services. These collect aggregated, anonymous data.
• Functional cookies: Remember your preferences and settings to provide a personalized experience.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. We do not use cookies to track you across third-party websites, and we do not sell cookie data to third parties.

We honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we disable non-essential tracking on our website.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is no need to opt out, as we do not engage in these practices.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, contact us at privacy@getcarenearby.com or submit a request through your account dashboard. We will verify your identity before processing your request.

Note: To the extent that health information qualifies as PHI under HIPAA, it is exempt from the CCPA/CPRA. Such information is governed by HIPAA as described in Section 4 of this policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you by email or through a prominent notice on our website
• Where required by law, obtain your consent before applying material changes to previously collected information

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Care Nearby, Inc.
Email: privacy@getcarenearby.com
Website: getcarenearby.com

If you believe we have not adequately addressed your privacy concern, you may have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights or your state attorney general's office.