Privacy Policy
Effective January 2026 • CareCircle Trust Framework
Privacy by Design
CareCircle is built on the principle of Data Minimization. We collect the absolute minimum data necessary to protect your family and provide coordination features. We do not sell your data, and we do not use it for advertising.
1. Information We Collect
- Identity Data: Name, verified email address, and encrypted phone number.
- Care Data: Tasks, appointments, and medication schedules (MTR) you explicitly log.
- Vitals & Health: Health metrics shared within your Circle (protected under our HIPAA Safe Harbor protocol).
- Safety Data: Temporary geofencing and SOS location data, stored only during active incidents.
2. Regulatory Compliance (2026 Standards)
HIPAA Safe Harbor (US)
While CareCircle is a consumer platform, we treat all health data with HIPAA-level technical safeguards. All health info is encrypted at rest (AES-256) and in transit (TLS 1.3).
CCPA/CPRA Rights (California)
California residents have the right to Know, Access, Correct, and Delete their personal information. We honor Global Privacy Control (GPC) signals automatically.
GDPR (EU/UK)
We process data under the legal basis of Contractual Necessity and Explicit Consent. International transfers are protected by Standard Contractual Clauses (SCCs).
3. Data Retention & Deletion
You own your data. We retain information only as long as your account is active.Right to Deletion: Upon account closure, all personal data is purged from our production databases within 30 days and backups within 90 days.
4. Third-Party Processors
We use a limited number of "Sub-processors" to run CareCircle:
- Vercel / AWSSecure Hosting & Edge
- StripePCI-Compliant Billing
Contact Our Privacy Officer
For data export requests, deletion, or privacy inquiries: