Privacy Policy

Your privacy is fundamental to us. This policy explains how we protect your data.

Last updated: March 2026

1. Introduction

Cari Finance, Inc. ("Cari," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy ("Policy") describes how we collect, use, disclose, and safeguard your information when you use our healthcare software platform, including our website, mobile applications, and related services (collectively, the "Platform").

Please read this Policy carefully. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to this Policy, please do not use our Platform.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

  • Account Information: Name, email address, phone number, password, and profile information
  • Professional Information: Medical license number, professional credentials, specialty, practice name and address
  • Patient Information: When you use our Platform to manage patient care, we process patient data including medical history, treatment records, prescriptions, and billing information
  • Payment Information: Billing address, payment card details (processed securely through our payment processors)
  • Communications: Customer support inquiries, feedback, and survey responses

2.2 Information Automatically Collected

When you access our Platform, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, features used)
  • Location data (general location based on IP address)
  • Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information from:

  • Healthcare providers and institutions
  • Insurance companies and payers
  • Authentication partners (e.g., Google, LinkedIn)
  • Public databases and health information exchanges

3. How We Use Your Information

We use your information for the following purposes:

  • Providing Services: To deliver our healthcare software platform and fulfill your requests
  • Healthcare Operations: To support treatment, payment, and healthcare operations as permitted by law
  • Account Management: To create and maintain your account, verify your identity
  • Communications: To send you technical updates, security alerts, and support messages
  • Improvement: To analyze usage patterns and improve our Platform
  • Marketing: To send promotional content (you may opt out at any time)
  • Legal Compliance: To comply with applicable laws, regulations, and legal requests

4. Information Sharing & Disclosure

4.1 Categories of Recipients

We may share your information with:

  • Healthcare Providers: Other healthcare professionals involved in patient care
  • Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
  • Business Partners: With your consent, partners who offer complementary services
  • Legal Authorities: When required by law, court order, or governmental regulation

4.2 HIPAA Compliance

When we process protected health information (PHI) on behalf of covered entities, we do so in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). We enter into Business Associate Agreements (BAAs) with healthcare providers and other covered entities.

4.3 Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses and adequacy decisions where applicable.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Multi-factor authentication
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures
  • Access controls and audit logging

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights

6.1 General Data Protection Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction on processing
  • Portability: Request transfer of your data
  • Objection: Object to processing based on legitimate interests
  • Withdrawal: Withdraw consent at any time

6.2 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of your personal information
  • Non-discrimination for exercising your privacy rights

6.3 Health Information Rights (HIPAA)

Under HIPAA, you have the right to:

  • Access and obtain a copy of your health records
  • Request correction of your health records
  • Request restrictions on certain uses and disclosures
  • Request an accounting of disclosures
  • File a complaint if you believe your privacy rights are violated

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account data: Retained while your account is active and for 3 years after closure
  • Healthcare records: Retained in accordance with applicable medical record retention laws (typically 7-10 years)
  • Transaction data: Retained for 7 years for tax and legal compliance
  • Marketing data: Retained until you withdraw consent

8. Children's Privacy

Our Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

9. Third-Party Links

Our Platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Policy

We may update this Policy from time to time. We will notify you of any material changes by posting the new Policy on this page and updating the "Last updated" date. You are advised to review this Policy periodically for any changes.

11. Contact Us

If you have questions or concerns about this Policy or our data practices, please contact us:

Cari Finance, Inc.

Email: privacy@cari.care

Address: [Company Address]

Phone: [Phone Number]

For HIPAA-related inquiries, please contact our Privacy Officer at hipaa@cari.care