Privacy Policy

This policy applies to:

• Agency Administrators and Coordinators — staff who manage the dashboard.
• Caregivers / Employees — field staff who use the CareGeo mobile app to clock in and out.
• Clients / Care Recipients — individuals whose care visits are recorded in the platform.
• Visitors — anyone who browses caregeo.app without an account.

A. Account and Agency Information

• Agency name, address, NPI number, phone number, and billing contact.
• Administrator and coordinator names, email addresses, and roles.
• Subscription and billing information (processed by Stripe; we do not store full card numbers).
• IP address and browser/device information at login.

B. Employee / Caregiver Information

• Name, email address, phone number, and role.
• GPS coordinates at clock-in and clock-out events.
• Photographs taken at clock-in (if the agency enables the photo requirement).
• Work schedules, hours worked, and payroll data.
• Device type, OS version, and app version (for diagnostic purposes).

C. Client / Care Recipient Information (PHI)

When agencies use CareGeo to manage care visits, they may enter information that constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA), including:

• Client name, date of birth, address, and contact information.
• Diagnosis codes, care plan details, and service types.
• Visit records, EVV data (clock-in/out times and GPS coordinates), and incident notes.
• Medicaid/payer IDs and billing procedure codes.

CareGeo acts as a Business Associate under HIPAA with respect to PHI. We handle PHI only as directed by the Covered Entity (the agency) and as permitted by our Business Associate Agreement (BAA).

D. Usage and Technical Data

• Pages and features accessed, time spent, and actions taken in the dashboard or mobile app.
• Error logs, crash reports, and performance metrics.
• Cookies and similar technologies (see Section 7).

• To provide the Service — scheduling, EVV recording, payroll reporting, billing, and compliance exports.
• To verify visits — GPS geofencing, timestamp validation, and fraud-flag detection required by state EVV mandates (21st Century Cures Act).
• To process payments — subscription billing via Stripe.
• To send notifications — shift reminders, clock-in confirmations, account invitations, and system alerts.
• To improve the Service — analytics on aggregate, de-identified usage patterns.
• To comply with legal obligations — responding to lawful requests, Medicaid EVV reporting, and HIPAA requirements.

We do not sell personal information or PHI to third parties. We do not use PHI to train AI models or for any purpose outside the scope of providing the Service to the agency that controls the data.

CareGeo is designed for use by HIPAA Covered Entities (home care agencies). As a Business Associate we:

• Execute a Business Associate Agreement (BAA) with each agency before they may store PHI in the platform.
• Implement administrative, physical, and technical safeguards required by the HIPAA Security Rule (45 CFR Part 164, Subpart C).
• Encrypt PHI at rest (AES-256) and in transit (TLS 1.2+).
• Restrict access to PHI to authorized personnel only, using role-based access controls.
• Maintain audit logs of access to PHI.
• Report breaches of unsecured PHI to the affected agency within 60 days of discovery.
• Return or destroy PHI upon termination of the BAA, where feasible.

Agencies remain responsible for their own HIPAA compliance obligations as Covered Entities, including training their workforce and obtaining necessary authorizations from care recipients.

We share information only in the following circumstances:

• Within your agency — administrators, coordinators, and caregivers see only the data their role permits.
• Service providers (sub-processors) — we use third-party vendors to operate the Service, including cloud hosting (Railway / Heroku), database services (PostgreSQL), email delivery (Resend), payment processing (Stripe), authentication (Firebase), and analytics. Each sub-processor is bound by data processing agreements and, where PHI is involved, a BAA.
• State Medicaid EVV systems — when an agency generates an EVV export, that file is provided to the agency for submission to their state's EVV aggregator. CareGeo does not transmit data directly to state systems.
• Legal requirements — we may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of CareGeo, our users, or the public.
• Business transfers — if CareGeo is acquired or merges with another company, your information may be transferred. We will notify you before PHI is transferred and subject to a different privacy policy.

We implement the following security measures:

• TLS encryption for all data in transit.
• AES-256 encryption for data at rest.
• Role-based access controls limiting data access to authorized users.
• Multi-factor authentication available for agency admin accounts (via Firebase).
• Automated audit logs of logins, role changes, and PHI access.
• Regular security reviews and vulnerability assessments.
• Incident response procedures aligned with HIPAA Breach Notification Rule.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

CareGeo uses essential cookies and local storage tokens to maintain your login session. We do not use third-party advertising cookies or sell data to ad networks. We may use analytics tools (e.g., aggregate page-view counts) that process de-identified data only.

You can disable cookies in your browser, but doing so will prevent you from logging into the dashboard.

• Account data — retained for the duration of the subscription plus 90 days after cancellation, then deleted upon written request.
• EVV records — retained for a minimum of 6 years to satisfy Medicaid audit requirements, unless the agency requests earlier deletion and applicable law permits it.
• Payroll and timesheet data — retained for 3 years (FLSA requirement) unless state law requires longer.
• Audit logs — retained for 6 years (HIPAA Security Rule § 164.530(j)).
• Backup data — encrypted backups are retained for 30 days on a rolling basis.

Agencies may request deletion of their data at any time after cancellation by contacting privacy@caregeo.app. PHI deletion requests are honored subject to applicable legal retention requirements.

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your personal data (subject to legal retention obligations).
• Portability — request your data in a machine-readable format.
• Objection — object to processing in certain circumstances.

Caregivers and clients should direct requests to their agency administrator, who controls the data as the Covered Entity. Agencies may direct requests to privacy@caregeo.app.

HIPAA provides care recipients (clients) with the right to access and amend their PHI. Agencies are responsible for fulfilling these requests; CareGeo will assist upon written request from the agency.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@caregeo.app and we will delete it.

The Service may contain links to third-party websites (e.g., App Store, Google Play). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. We will notify agency administrators by email and post the updated policy at caregeo.app/privacy with a new effective date. Continued use of the Service after the effective date constitutes acceptance of the updated policy. Material changes affecting PHI handling will be communicated at least 30 days in advance.

For privacy questions, data requests, or to report a concern: