Privacy Policy
Last updated: July 1, 2026
1. Overview
CareAdvanta (“we,” “our,” or “us”) operates a healthcare onboarding and document workflow platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our services. By accessing or using CareAdvanta, you agree to the terms described here.
2. Information We Collect
Account and Organization Data
When you register, we collect your name, email address, and organization details. We use this information to authenticate you, provision your account, and provide customer support.
Onboarding and Workflow Data
Organizations upload and manage documents, intake forms, and participant information as part of the workflow process. This data is stored on your behalf and is accessible only to authorized members of your organization.
Usage and Technical Data
We automatically collect IP addresses, browser type, pages visited, and timestamps for security auditing and service improvement. We do not use this data for advertising.
3. How We Use Your Information
- To provide, operate, and improve the CareAdvanta platform
- To authenticate users and maintain account security
- To send transactional emails (account verification, password reset, workflow notifications)
- To generate AI-assisted review summaries at your organization's request
- To comply with applicable laws and respond to lawful requests
- To detect and prevent fraud or unauthorized access
4. Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
- Infrastructure providers — Amazon Web Services (SES for email, SQS, S3 for document storage) and Supabase (PostgreSQL database), each operating under their own security certifications.
- AI providers — When your organization enables AI review summaries, document content may be sent to Anthropic or OpenAI APIs. This is opt-in and clearly disclosed.
- Law enforcement — When required by a valid legal order or to protect the safety of users or the public.
5. Health Information (PHI Notice)
CareAdvanta is a workflow tool, not a covered entity or business associate under HIPAA by default. If your organization uses CareAdvanta to process Protected Health Information (PHI), you are responsible for ensuring appropriate data handling agreements are in place. We do not include PHI in outbound emails; all sensitive communications direct recipients to log into the secure portal. AI-generated summaries require human review and are not intended to substitute for clinical judgment.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your organization's data at any time by contacting us. Certain records may be retained to comply with legal obligations or resolve disputes.
7. Security
We implement industry-standard security practices including TLS encryption in transit, encrypted storage, access controls, and audit logging. Despite these measures, no system is completely secure. You are responsible for maintaining the confidentiality of your credentials.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or delete personal information we hold about you. To exercise these rights, email us at privacy@careadvanta.com. California residents may also submit requests under the CCPA via our contact page.
9. Cookies
We use session cookies necessary for authentication. We do not use advertising cookies or third-party tracking scripts.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date. Continued use of the service after changes constitutes acceptance.
11. Contact Us
Questions about this policy? Contact us at privacy@careadvanta.com or visit our contact page.