Privacy Policy

Last updated: January 25, 2024

1. Introduction

CareTracker ("we", "our", or "us") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinic management platform ("Service"). We are dedicated to maintaining the confidentiality of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

2. Information We Collect

2.1 Account Information

When you register for an account, we collect business contact information such as name, email address, phone number, job title, and organization details.

2.2 Patient Data (PHI)

In the course of providing our Service, we may process Patient Data, including PHI, on your behalf. We process such data strictly in accordance with our Business Associate Agreement (BAA) with you.

2.3 Usage Data

We automatically collect information about how you interact with our Service, including log files, device information, and performance metrics, to improve our platform.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service.
  • To process transactions and manage your account.
  • To communicate with you about updates, security alerts, and support messages.
  • To comply with legal obligations and enforce our Terms of Service.
  • To ensure the security and integrity of our platform.

4. Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., hosting, analytics), subject to strict confidentiality obligations and BAAs where applicable.
  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities.
  • Business Transfers: In connection with a merger, sale of assets, or acquisition of all or a portion of our business.

5. HIPAA and Data Security

5.1 Security Measures: We implement industry-standard administrative, physical, and technical safeguards. This includes AES-256 encryption for data at rest and TLS 1.2+ for data in transit.

5.2 Access Controls: We enforce strict role-based access controls (RBAC) and multi-factor authentication (MFA) for internal access to production systems.

5.3 Incident Response: We maintain a comprehensive incident response plan to promptly detect, analyze, and respond to security incidents.

6. Data Retention

We retain your information only for as long as is necessary for the purposes set out in this Privacy Policy, or as needed to provide you with the Service, and to comply with our legal obligations.

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, or delete your personal information. Please contact us to exercise these rights.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at:
privacy@caretracker.com