Legal

Privacy Policy

Your privacy is fundamental to us. This policy explains how we protect your data.

In this policy

IntroductionInformation We CollectHow We Use ItSharing & DisclosureData SecurityYour RightsData RetentionContact
Effective: March 2026|Last updated: March 2026

1. Introduction

Our commitment to your privacy and security.

Cari Finance, Inc. ("Cari," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy ("Policy") describes how we collect, use, disclose, and safeguard your information when you use our healthcare software platform, including our website, mobile applications, and related services (collectively, the "Platform").

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to this Policy, please do not use our Platform.

2. Information We Collect

Personal information you provide, data we collect automatically, and third-party sources.

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

Account Information

Name, email address, phone number, password, and profile information

Professional Information

Medical license number, professional credentials, specialty, practice name and address

Patient Information

When you use our Platform to manage patient care, we process patient data including medical history, treatment records, prescriptions, and billing information

Payment Information

Billing address, payment card details (processed securely through our payment processors)

Communications

Customer support inquiries, feedback, and survey responses

2.2 Information Automatically Collected

When you access our Platform, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, features used)
  • Location data (general location based on IP address)
  • Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information from:

  • Healthcare providers and institutions
  • Insurance companies and payers
  • Authentication partners (e.g., Google, LinkedIn)
  • Public databases and health information exchanges

3. How We Use Your Information

Purposes for processing your personal information.

We use your information for the following purposes:

Providing Services

To deliver our healthcare software platform and fulfill your requests

Healthcare Operations

To support treatment, payment, and healthcare operations as permitted by law

Account Management

To create and maintain your account, verify your identity

Communications

To send you technical updates, security alerts, and support messages

Improvement

To analyze usage patterns and improve our Platform

Marketing

To send promotional content (you may opt out at any time)

Legal Compliance

To comply with applicable laws, regulations, and legal requests

4. Information Sharing & Disclosure

Categories of recipients, HIPAA compliance, and data transfers.

4.1 Categories of Recipients

We may share your information with:

Healthcare Providers

Other healthcare professionals involved in patient care

Service Providers

Third parties who perform services on our behalf (hosting, payment processing, analytics)

Business Partners

With your consent, partners who offer complementary services

Legal Authorities

When required by law, court order, or governmental regulation

4.2 HIPAA Compliance

When we process protected health information (PHI) on behalf of covered entities, we do so in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). We enter into Business Associate Agreements (BAAs) with healthcare providers and other covered entities.

We enter into Business Associate Agreements (BAAs) with all covered entities before processing PHI on their behalf.

4.3 Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses and adequacy decisions where applicable.

5. Data Security

Technical and organizational measures to protect your information.

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit and at rest
Multi-factor authentication
Regular security assessments and penetration testing
Employee training on data protection
Incident response procedures
Access controls and audit logging

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights

GDPR, CCPA, and HIPAA data subject rights.

6.1 General Data Protection Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access:Request copies of your personal data
  • Rectification:Request correction of inaccurate data
  • Erasure:Request deletion of your data ("right to be forgotten")
  • Restriction:Request restriction on processing
  • Portability:Request transfer of your data
  • Objection:Object to processing based on legitimate interests
  • Withdrawal:Withdraw consent at any time

6.2 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of your personal information
  • Non-discrimination for exercising your privacy rights

6.3 Health Information Rights (HIPAA)

Under HIPAA, you have the right to:

  • Access and obtain a copy of your health records
  • Request correction of your health records
  • Request restrictions on certain uses and disclosures
  • Request an accounting of disclosures
  • File a complaint if you believe your privacy rights are violated

7. Data Retention

How long we keep your data and why.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

Account data

Retained while your account is active and for 3 years after closure

Healthcare records

Retained in accordance with applicable medical record retention laws (typically 7-10 years)

Transaction data

Retained for 7 years for tax and legal compliance

Marketing data

Retained until you withdraw consent

8. Children's Privacy

Our Platform is not intended for children under 13.

Our Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

9. Third-Party Links

We are not responsible for the privacy practices of linked third-party sites.

Our Platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Policy

How we will notify you of material changes.

We may update this Policy from time to time. We will notify you of any material changes by posting the new Policy on this page and updating the "Last updated" date. You are advised to review this Policy periodically for any changes.

11. Contact Us

Questions about this policy or our data practices.

If you have questions or concerns about this Policy or our data practices, please contact us:

Cari Finance, Inc.

Email: privacy@cari.care

Address: Wilmington, Delaware, USA

For HIPAA-related inquiries, please contact our Privacy Officer at hipaa@cari.care.