Privacy Policy - CareKonnect

1. Introduction and Scope

CareKonnect ("CareKonnect," "we," "us," or "our") connects patients and families with qualified caregivers and care agencies. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use:

Our website at care-konnect.com, and
The CareKonnect mobile apps for iOS (Apple App Store) and Android (Google Play).

Together we call these the "Services." By using the Services, you agree to the practices described in this policy.

A note about health information and HIPAA

CareKonnect is a care-matching marketplace. We are not a healthcare provider, health plan, or healthcare clearinghouse, and we are not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act (HIPAA). The care-related details you share with us are therefore not "Protected Health Information" under HIPAA. Even so, we treat health- and care-related information as sensitive personal information and protect it accordingly, as described below.

2. Information We Collect

We collect the information necessary to operate the Services and match patients with caregivers. The categories below describe what we collect and why.

Account and identity information: your name, email address, phone number, password (stored only in hashed form by our authentication provider), and account type (individual caregiver or agency member). Caregivers may provide a professional license number.
Caregiver and agency profile information: care specialties, service-area ZIP codes, experience, and — for agencies — business name, legal name, EIN/tax ID, NPI number, and registration details.
Care-request information: the care recipient's name, phone number, ZIP code, type of care needed, timing, and other care details. This may include sensitive health-related information, which we use solely to facilitate matching.
Identity and background verification information (via Didit): verification session identifiers, verification and background-check status, identity-verified timestamps, and identity documents you upload — including images captured with your device camera during ID verification.
Payment and billing information (via Stripe): a Stripe customer identifier, payment method identifiers, payment intent identifiers, transaction records, and lead-access purchase history. Card details are collected and stored directly by Stripe under PCI-DSS standards. We do not store full payment card numbers on our systems.
Mobile app and device information: push notification (device) tokens, device platform (iOS/Android), app version, mobile device identifiers, and the time your device was last active. The apps may request permissions such as notifications and camera access (for identity verification); you control these in your device settings.
Usage and technical information: IP address, browser and device type, and analytics events about how you interact with the Services, used for security, troubleshooting, and improvement.

3. How We Use Your Information

We use the information we collect to:

Match patients and families with suitable caregivers based on needs, location, and preferences;
Facilitate communication and care arrangements between matched parties;
Verify caregiver identity and qualifications and conduct background checks;
Process payments and manage lead-access purchases;
Send push and email notifications you have enabled (for example, new leads, payments, and verification updates);
Maintain platform security and detect and prevent fraud and abuse;
Operate, analyze, and improve the Services; and
Comply with our legal obligations and enforce our terms.

4. Mobile App Specifics

The CareKonnect mobile apps are available on the Apple App Store and Google Play. When you use the apps:

Notifications: with your permission, we register a push notification token to send alerts. You can disable notifications at any time in your device settings or in your in-app notification preferences.
Camera: we request camera access only for identity and document verification. We do not access your camera for any other purpose.
App store data practices: Apple and Google may collect their own data when you download or use the apps, governed by their respective privacy policies. Our app store listings include data-practice disclosures (such as Apple's Privacy "Nutrition Label" and Google Play's Data Safety section) consistent with this policy.

5. Push Notifications and Communications

Push notifications: delivered using device tokens via Firebase Cloud Messaging. Turn them off in your device settings or your in-app notification preferences.
SMS and phone calls: where you provide a phone number and consent, we may contact you about your account and matches. Standard message and data rates may apply, and you can opt out as permitted by applicable law, including the Telephone Consumer Protection Act (TCPA).
Email: we send service and, where permitted, informational emails. You can unsubscribe from non-essential emails using the link in each message, consistent with the CAN-SPAM Act.

6. How We Share Information

We share information only in the limited circumstances below, and our service providers are bound by contract to protect it and use it only for the purposes we specify:

Between matched parties: to facilitate care arrangements, we share relevant contact and care details between matched patients and caregivers.
With service providers who help us operate the Services, including: Stripe (payment processing), Didit (identity and background verification), Supabase (hosting, database, and authentication), Firebase Cloud Messaging (push notifications), and Google Analytics and Microsoft Clarity (analytics).
For legal and safety reasons: when required by law, legal process, or to protect the rights, safety, and security of our users, the public, or CareKonnect.
With your consent: for any other purpose you direct or approve.
Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.

7. We Do Not Sell or "Share" Your Personal Information

CareKonnect is committed to protecting your privacy:

We do not "sell" your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).
We do not disclose your health or care details to marketing companies.
We do not use your information for targeted advertising.
We do not sell or rent our user database to any third party.

8. Your US Privacy Rights

Depending on where you live, US state privacy laws give you rights over your personal information. We honor these rights for all US users regardless of state of residence.

8.1 California Residents (CCPA/CPRA)

In the 12 months before this policy's effective date, we collected the categories of personal information described in Section 2 (identifiers; contact and account data; commercial/transaction data; internet and device activity; geolocation by ZIP code; professional and licensing information; and sensitive personal information such as government ID and health-related care details). We collect this information from you directly and from your use of the Services, and we disclose it to the service providers listed in Section 6 for the business purposes described in Section 3. As a California resident, you have the right to:

Know and access the personal information we have collected about you;
Delete personal information we have collected, subject to legal exceptions;
Correct inaccurate personal information;
Opt out of the sale or sharing of personal information (note: we do not sell or share it);
Limit the use and disclosure of your sensitive personal information to what is necessary to provide the Services;
Not be discriminated against for exercising your rights;
Use an authorized agent to submit requests on your behalf.

8.2 Residents of Other States

If you live in a state with a comprehensive privacy law — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with similar laws — you have the right to:

Access and confirm whether we process your personal information;
Correct inaccuracies in your personal information;
Delete your personal information;
Obtain a portable copy of your personal information;
Opt out of targeted advertising, the sale of personal information, and certain profiling;
Appeal a decision if we decline your request. If we deny your appeal, you may contact your state Attorney General.

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@care-konnect.com or +1 (302) 496-4979. We will verify your identity before responding and will reply within the timeframes required by applicable law. We will not discriminate against you for exercising your rights.

9. Data Security and Protection

Your privacy and data security are our top priorities:

Encryption: sensitive data is encrypted using industry-standard protocols (AES-256) in transit and at rest;
Secure storage: information is stored on secure, SOC 2 compliant infrastructure with multiple layers of protection;
Access controls: strict controls ensure only authorized personnel can access your information;
Regular audits: we perform regular security audits and vulnerability assessments;
Data minimization: we collect and retain only what is necessary to provide the Services.

No method of transmission or storage is completely secure, but we work continuously to protect your information.

10. Data Retention

We retain your information only as long as necessary:

Active accounts: information is retained while your account is active;
Legal requirements: some data may be retained to comply with legal obligations;
Deletion requests: data is permanently deleted within 30 days of your verified request;
Backup systems: deleted data may remain in backups for up to 90 days before final removal.

11. Cookies and Tracking

On our website we use cookies and similar technologies to improve your experience:

Essential cookies for core platform functionality;
Analytics cookies (via Google Analytics and Microsoft Clarity) to understand usage and improve the Services;
Preference cookies to remember your settings.

You can control cookies through your browser settings. Some browser and device privacy controls (such as Global Privacy Control signals) are honored where required by law.

12. Children's Privacy

CareKonnect is intended for adults aged 18 and over. We do not knowingly collect personal information from children, and we do not knowingly collect information from anyone under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected information from a child under 18, we will take steps to delete it promptly.

13. Data Deletion Requests

You can request deletion of your account and associated information at any time.

Request Data Deletion

To delete your account and all associated information, please contact us:

Email: privacy@care-konnect.com

Phone: +1 (302) 496-4979

Response Time: we process verified deletion requests within 30 days

Confirmation: we confirm deletion and provide a reference number

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website and in the apps;
Sending email notifications for significant changes; and
Updating the "Last updated" date at the top of this policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: team@care-konnect.com

Privacy requests: privacy@care-konnect.com

Phone: +1 (302) 496-4979

Address: CareKonnect Team, 131 Continental Dr, Suite 305, Newark, DE 19713 US

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM EST

Response Time: we respond to privacy inquiries within 48 hours

1. Introduction and Scope

Our website at care-konnect.com, and
The CareKonnect mobile apps for iOS (Apple App Store) and Android (Google Play).

Together we call these the "Services." By using the Services, you agree to the practices described in this policy.

A note about health information and HIPAA

2. Information We Collect

We collect the information necessary to operate the Services and match patients with caregivers. The categories below describe what we collect and why.

Account and identity information: your name, email address, phone number, password (stored only in hashed form by our authentication provider), and account type (individual caregiver or agency member). Caregivers may provide a professional license number.
Caregiver and agency profile information: care specialties, service-area ZIP codes, experience, and — for agencies — business name, legal name, EIN/tax ID, NPI number, and registration details.
Care-request information: the care recipient's name, phone number, ZIP code, type of care needed, timing, and other care details. This may include sensitive health-related information, which we use solely to facilitate matching.
Identity and background verification information (via Didit): verification session identifiers, verification and background-check status, identity-verified timestamps, and identity documents you upload — including images captured with your device camera during ID verification.
Payment and billing information (via Stripe): a Stripe customer identifier, payment method identifiers, payment intent identifiers, transaction records, and lead-access purchase history. Card details are collected and stored directly by Stripe under PCI-DSS standards. We do not store full payment card numbers on our systems.
Mobile app and device information: push notification (device) tokens, device platform (iOS/Android), app version, mobile device identifiers, and the time your device was last active. The apps may request permissions such as notifications and camera access (for identity verification); you control these in your device settings.
Usage and technical information: IP address, browser and device type, and analytics events about how you interact with the Services, used for security, troubleshooting, and improvement.

3. How We Use Your Information

We use the information we collect to:

Match patients and families with suitable caregivers based on needs, location, and preferences;
Facilitate communication and care arrangements between matched parties;
Verify caregiver identity and qualifications and conduct background checks;
Process payments and manage lead-access purchases;
Send push and email notifications you have enabled (for example, new leads, payments, and verification updates);
Maintain platform security and detect and prevent fraud and abuse;
Operate, analyze, and improve the Services; and
Comply with our legal obligations and enforce our terms.

4. Mobile App Specifics

The CareKonnect mobile apps are available on the Apple App Store and Google Play. When you use the apps:

Notifications: with your permission, we register a push notification token to send alerts. You can disable notifications at any time in your device settings or in your in-app notification preferences.
Camera: we request camera access only for identity and document verification. We do not access your camera for any other purpose.
App store data practices: Apple and Google may collect their own data when you download or use the apps, governed by their respective privacy policies. Our app store listings include data-practice disclosures (such as Apple's Privacy "Nutrition Label" and Google Play's Data Safety section) consistent with this policy.

5. Push Notifications and Communications

Push notifications: delivered using device tokens via Firebase Cloud Messaging. Turn them off in your device settings or your in-app notification preferences.
SMS and phone calls: where you provide a phone number and consent, we may contact you about your account and matches. Standard message and data rates may apply, and you can opt out as permitted by applicable law, including the Telephone Consumer Protection Act (TCPA).
Email: we send service and, where permitted, informational emails. You can unsubscribe from non-essential emails using the link in each message, consistent with the CAN-SPAM Act.

6. How We Share Information

We share information only in the limited circumstances below, and our service providers are bound by contract to protect it and use it only for the purposes we specify:

Between matched parties: to facilitate care arrangements, we share relevant contact and care details between matched patients and caregivers.
With service providers who help us operate the Services, including: Stripe (payment processing), Didit (identity and background verification), Supabase (hosting, database, and authentication), Firebase Cloud Messaging (push notifications), and Google Analytics and Microsoft Clarity (analytics).
For legal and safety reasons: when required by law, legal process, or to protect the rights, safety, and security of our users, the public, or CareKonnect.
With your consent: for any other purpose you direct or approve.
Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.

7. We Do Not Sell or "Share" Your Personal Information

CareKonnect is committed to protecting your privacy:

We do not "sell" your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).
We do not disclose your health or care details to marketing companies.
We do not use your information for targeted advertising.
We do not sell or rent our user database to any third party.

8. Your US Privacy Rights

Depending on where you live, US state privacy laws give you rights over your personal information. We honor these rights for all US users regardless of state of residence.

8.1 California Residents (CCPA/CPRA)

Know and access the personal information we have collected about you;
Delete personal information we have collected, subject to legal exceptions;
Correct inaccurate personal information;
Opt out of the sale or sharing of personal information (note: we do not sell or share it);
Limit the use and disclosure of your sensitive personal information to what is necessary to provide the Services;
Not be discriminated against for exercising your rights;
Use an authorized agent to submit requests on your behalf.

8.2 Residents of Other States

Access and confirm whether we process your personal information;
Correct inaccuracies in your personal information;
Delete your personal information;
Obtain a portable copy of your personal information;
Opt out of targeted advertising, the sale of personal information, and certain profiling;
Appeal a decision if we decline your request. If we deny your appeal, you may contact your state Attorney General.

8.3 How to Exercise Your Rights

9. Data Security and Protection

Your privacy and data security are our top priorities:

Encryption: sensitive data is encrypted using industry-standard protocols (AES-256) in transit and at rest;
Secure storage: information is stored on secure, SOC 2 compliant infrastructure with multiple layers of protection;
Access controls: strict controls ensure only authorized personnel can access your information;
Regular audits: we perform regular security audits and vulnerability assessments;
Data minimization: we collect and retain only what is necessary to provide the Services.

No method of transmission or storage is completely secure, but we work continuously to protect your information.

10. Data Retention

We retain your information only as long as necessary:

Active accounts: information is retained while your account is active;
Legal requirements: some data may be retained to comply with legal obligations;
Deletion requests: data is permanently deleted within 30 days of your verified request;
Backup systems: deleted data may remain in backups for up to 90 days before final removal.

11. Cookies and Tracking

On our website we use cookies and similar technologies to improve your experience:

Essential cookies for core platform functionality;
Analytics cookies (via Google Analytics and Microsoft Clarity) to understand usage and improve the Services;
Preference cookies to remember your settings.

You can control cookies through your browser settings. Some browser and device privacy controls (such as Global Privacy Control signals) are honored where required by law.

12. Children's Privacy

13. Data Deletion Requests

You can request deletion of your account and associated information at any time.

Request Data Deletion

To delete your account and all associated information, please contact us:

Email: privacy@care-konnect.com

Phone: +1 (302) 496-4979

Response Time: we process verified deletion requests within 30 days

Confirmation: we confirm deletion and provide a reference number

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website and in the apps;
Sending email notifications for significant changes; and
Updating the "Last updated" date at the top of this policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: team@care-konnect.com

Privacy requests: privacy@care-konnect.com

Phone: +1 (302) 496-4979

Address: CareKonnect Team, 131 Continental Dr, Suite 305, Newark, DE 19713 US

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM EST

Response Time: we respond to privacy inquiries within 48 hours