Privacy Policy

Version 1.1.0 · Effective May 29, 2026 · Last updated May 29, 2026

Carebeacon, LLC (“CareBeacon,” “we,” “our,” or “us”) is committed to protecting the privacy and security of your personal information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

1. Information We Collect

Personal Information

We collect information you provide directly to us, including:

• Name and contact information (email, phone number)
• Professional credentials and role
• Profile photograph (optional)
• Address information
• Account credentials

Protected Health Information (PHI)

In the course of providing care coordination services, we may collect and process PHI including:

• Patient names and identifiers
• Care schedules and visit information
• Location data related to care visits
• Communications between caregivers, patients, and authorized family members
• Care-related notes and observations

Automatically Collected Information

When you use our application, we automatically collect:

• Device information and identifiers
• Location data (with your permission) for care coordination and turn-by-turn navigation
• Usage data and app interaction logs
• Push notification tokens

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the CareBeacon service
• Facilitate communication between care team members, patients, and authorized family members
• Coordinate and track care visits, including in-app navigation to patient locations
• Send notifications about schedules, messages, and care updates
• Ensure the security and integrity of our service
• Comply with legal and regulatory requirements
• Improve and optimize our application

3. HIPAA Compliance

CareBeacon operates as a Business Associate under HIPAA regulations. We implement appropriate administrative, technical, and physical safeguards to protect PHI, including:

• Encryption of data in transit and at rest
• Role-based access controls
• Audit logging of access to PHI
• Secure authentication mechanisms
• Regular security assessments

We enter into Business Associate Agreements (BAAs) with healthcare organizations that use our service to ensure proper handling of PHI.

4. Information Sharing

We do not sell, rent, or trade your personal information or PHI. We may share information only in the following circumstances:

• With your care team as necessary for care coordination
• With service providers who assist in operating our application, under appropriate agreements (including Business Associate Agreements where required)
• When required by law or to respond to legal process
• To protect the rights, safety, or property of CareBeacon or others
• With your explicit consent

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. PHI is retained in accordance with applicable healthcare regulations and the requirements of your healthcare organization. Upon account deletion, we will remove or anonymize your data within a reasonable timeframe, subject to legal retention requirements.

6. Your Rights

You have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your data (subject to legal requirements)
• Receive a copy of your PHI (as required by HIPAA)
• Opt-out of non-essential communications
• Disable location tracking (may limit app functionality)

7. Data Security

We implement industry-standard security measures to protect your information, including:

• TLS/SSL encryption for all data transmission
• Encrypted data storage
• Multi-factor authentication options
• Regular security audits and monitoring
• Employee training on data protection

8. Third-Party Services

Our application uses the following third-party services that may process your data:

• Google Firebase — authentication, database, cloud functions, hosting
• Google Maps Platform — location and mapping services
• Mapbox — turn-by-turn navigation and routing
• SendGrid — email delivery
• Twilio — SMS delivery and phone-based authentication
• Expo — push notifications

These services operate under their own privacy policies and we have agreements in place — including Business Associate Agreements where PHI may be processed — to ensure appropriate data handling.

9. SMS & Phone Communications

CareBeacon may use SMS (text messaging) for account authentication, password recovery, and operational notices relating to your care or your account. Standard message and data rates may apply. You may opt out of non-essential SMS communications at any time by replying STOP; authentication and security-related messages may continue as part of providing the service. Your mobile phone number is treated as personal information and, where it is used in the course of care coordination, as PHI subject to the same protections as the rest of your data.

10. Children’s Privacy

CareBeacon is not intended for use by individuals under the age of 18 except as patients receiving care services, in which case parental or guardian consent is required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the application and require re-acceptance of the updated policy. The “Effective Date” at the top of this policy indicates when it was last revised.

12. State-Specific Rights

Depending on your state of residence, you may have additional rights under state privacy laws such as the California Consumer Privacy Act (CCPA) or other state regulations. Please contact us for more information about exercising these rights.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: