Privacy Policy

Account Information. When you register, we collect your name, email address, phone number, facility name and address, and payment information (processed securely by Stripe).

Resident Health Information. As part of providing the service, your facility enters protected health information (PHI) including resident names, dates of birth, medication records, physician information, diagnoses, and related clinical notes. We handle this information as a HIPAA Business Associate.

Uploaded Files. You may upload documents, photographs (including resident photos, prescription labels, and incoming fax images), and other files as part of your care records. These files are stored encrypted and associated with your facility's account.

Caregiver Portal Access. Your facility may share a read-only Caregiver Portal link with care staff. Caregivers access this portal using your facility license number and a PIN you set and control. We log session timestamps for audit purposes but do not collect individual caregiver personal information through this method.

Fax Communications. Inbound faxes received on your facility's assigned fax number are stored in your account inbox. Outbound faxes sent through the platform are logged with timestamps, recipient numbers, and delivery status.

Usage Data. We automatically collect log data such as IP addresses, browser type, pages visited, and timestamps to operate and improve the service.

Support Communications. If you contact us for support, we retain records of that correspondence.

We use the information we collect to:

• Provide, operate, and maintain the CareMAR platform
• Process payments and manage your subscription
• Send and receive faxes on your facility's behalf using your assigned fax number
• Import medication and resident data via AI photo scan, email, or Excel/CSV upload at your direction
• Generate printable MAR reports and California compliance documents (e.g., LIC 622, LIC 603A, LIC 602A)
• Respond to your support requests
• Send service-related notices (e.g., subscription renewals, security alerts, CDSS regulatory updates)
• Comply with applicable laws and regulatory obligations

We do not sell, rent, or trade your personal information or resident PHI to third parties for marketing purposes.

CareMAR acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) with respect to PHI you enter into the platform. We implement administrative, physical, and technical safeguards designed to protect PHI as required by HIPAA's Security Rule.

We enter into Business Associate Agreements (BAAs) with covered entities upon request. To request a BAA, contact us at support@caremar.org.

We share information with trusted service providers who assist us in operating the platform, under strict confidentiality obligations:

• Clerk — user authentication and identity management
• Stripe — payment processing and subscription billing
• Sinch — fax transmission and receipt for your facility's assigned fax number
• Cloudflare R2 — encrypted file storage for uploaded documents, photos, and fax attachments
• OpenAI — AI-assisted extraction of medication and form data from uploaded images, PDFs, and faxes (data is not used to train AI models)
• Google Analytics — anonymized, aggregated usage analytics on the caremar.org marketing site only (not within the facility dashboard)

We use industry-standard measures to protect your information, including encryption in transit (TLS 1.2+) and at rest, access controls, audit logging, and regular security reviews. All uploaded files and resident data are stored in encrypted cloud storage with access restricted to your account.

If you believe your account has been compromised, contact us immediately at support@caremar.org.

We retain your account information and facility data for as long as your account is active. Resident records are retained as needed to provide the service and to comply with California's healthcare record-keeping requirements for licensed residential care facilities (typically a minimum of three years post-discharge under Title 22).

The platform maintains 30-day rolling daily snapshots of your facility data for backup and restore purposes. Upon account termination, you may export a full ZIP archive of all records before deletion. We will delete or anonymize your data within 90 days of account closure, unless retention is required by law.

Depending on your location, you may have rights including:

• Access to the personal information we hold about you
• Correction of inaccurate information
• Deletion of your personal information (subject to legal obligations)
• Portability of your data in a machine-readable format
• Objection to certain processing activities

To exercise these rights, contact us at support@caremar.org.

We use essential cookies to maintain your session and authentication state within the platform. The marketing site (caremar.org) uses Google Analytics cookies to collect anonymized, aggregated traffic data. We do not use third-party advertising or retargeting cookies. You may disable cookies in your browser settings, but this may affect your ability to use the platform.

CareMAR is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. The platform is intended solely for use by licensed care facility operators and their authorized staff.

California residents have the right under the California Consumer Privacy Act (CCPA) to request disclosure of the categories and specific pieces of personal information we have collected, the purposes for which it is used, and the categories of third parties with whom it is shared. California residents may also request deletion of their personal information, subject to certain exceptions.

To submit a CCPA data deletion request, use our online request form. You may also contact us at support@caremar.org. We will respond within 45 days.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use of CareMAR after changes take effect constitutes your acceptance of the revised policy. The "Last Updated" date at the top of this page reflects the most recent revision.

If you have questions about this Privacy Policy or our data practices, please contact us:

CareMAR
Email: support@caremar.org
Website: caremar.org