Back to home

Your privacy matters

Privacy Policy

Last updated: April 1, 2026 | Version 2.0

At Our Caring Circle, we understand that your family's privacy is important. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our caregiving coordination platform ("Service"). By using our Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Password (stored only in hashed form — we never store or have access to your plaintext password)
  • Profile photo (optional)
  • Timezone preference

1.2 Caring Circle Information

When you create or join a caring circle, we collect:

  • Circle name and settings
  • Member list, roles (admin, member, guest), and permissions
  • Notification preferences

1.3 Care Recipient Information

Information about the people being cared for may include:

  • Full name, date of birth, and relationship to caregivers
  • Contact information (phone number, address)
  • Emergency contact details (name, phone, relationship)
  • Photo (optional)
  • Care preferences (e.g., dietary restrictions)

1.4 Task and Appointment Data

  • Task titles, descriptions, categories, and priority levels
  • Due dates, times, and recurrence patterns
  • Task status, assignment, and volunteer information
  • Completion notes and photos
  • Appointment logistics notes (transportation, parking, check-in procedures, accessibility needs). These notes support three visibility levels: private (author only), admin-visible, or circle-wide

1.5 Invitation Data

When you invite someone to your caring circle, we collect:

  • The invitee's email address
  • Invitation tokens (included in invitation links and transferred into HTTP-only cookies during the acceptance flow)
  • Invitation timestamps for expiry tracking

Invitation links expire after 7 days. Unaccepted invitation records are automatically expired after 30 days to minimize data retention.

1.6 Billing Information

Payment processing is handled entirely by a PCI DSS-compliant third-party payment processor. We do not store credit card numbers or full payment details. We retain:

  • Payment processor customer ID and subscription status
  • Subscription tier and billing cycle
  • Payment history (dates and amounts, via our payment processor)

1.7 Automatically Collected Information

When you use our Service, we automatically collect:

  • IP address and approximate location (country/region level only)
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used within the Service
  • Timestamps of actions for activity logging

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send service-related communications (account verification, password resets, circle invitations, task notifications)
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Generate anonymized, aggregated analytics to improve the Service

We do not sell your personal information. We do not use your data for advertising. We do not share your information with third parties for their marketing purposes.

3. How We Share Your Information

3.1 Within Your Caring Circle

Information you add to a caring circle (tasks, appointments, notes) is visible to other members of that circle based on the visibility settings you choose. You control what information is shared within your circle.

3.2 Service Providers

We share limited information with trusted third-party service providers who help us operate the Service:

  • Database and authentication provider: Stores account data, circle data, and tasks
  • Payment processor: Processes billing information only (PCI DSS-compliant)
  • Email delivery provider: Receives email addresses for sending notifications and invitations
  • Security infrastructure provider: Processes IP addresses temporarily for rate limiting
  • Application hosting provider: Standard web server logs

These providers are contractually required to protect your data and may only use it to provide services to us.

3.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Our Caring Circle, our users, or the public.

4. Health Information Disclaimer

Our Caring Circle is NOT HIPAA compliant and is not designed to store Protected Health Information (PHI).

Our platform is designed for caregiving logistics coordination only. Users must not enter medical diagnoses, treatment details, lab results, prescription information, health insurance information, or other PHI into the platform. See our Terms of Service for the full HIPAA disclaimer.

5. Data Retention

We retain your data according to the following schedule:

Data TypeRetention Period
Active account dataDuration of service + 30 days after account deletion
Pending invitationsAutomatically deleted after 30 days if unaccepted
Calendar feed tokensUntil expiry or user revocation
Activity logsAnonymized and retained indefinitely for circle transparency
Server and error logs30–90 days
Billing recordsAs required by tax and financial regulations

6. Cookies and Tracking Technologies

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. You can control cookie preferences through your browser settings, though disabling essential cookies may affect the functionality of our Service.

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/SSL)
  • Secure authentication with hashed passwords
  • Row-level security policies ensuring users can only access their own circle's data
  • HTTP-only cookies for sensitive tokens (not stored in URLs or localStorage)
  • Regular security reviews

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to processing of your data for certain purposes

To exercise any of these rights, please contact us at privacy@ourcaringcircle.com. We will respond to verified requests within 30 days (or 45 days for CCPA requests).

9. Account Deletion

You may delete your account at any time through your account settings or by contacting us. Upon account deletion:

  • Your personal data will be deleted or anonymized within 30 days
  • Active subscriptions will be cancelled
  • Shared data (completed tasks, activity history) will be anonymized to preserve circle continuity for other members
  • Billing records will be retained for 7 years for tax compliance

You may request a data export before deletion.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

  • Right to Know: You can request details about the personal information we collect, use, disclose, and sell
  • Right to Delete: You can request deletion of your personal information
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To submit a CCPA/CPRA request, email privacy@ourcaringcircle.com with "CCPA Request" in the subject line. We will verify your identity before processing your request and respond within 45 days.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, IP address, account identifiers
  • Commercial information: Subscription tier, purchase and billing history
  • Internet or network activity: Pages visited, features used, browser type, interaction data
  • Geolocation data: Timezone preference (approximate location only)

We have not sold or shared (for cross-context behavioral advertising) any personal information in the preceding 12 months.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) provides you with additional protections. Our legal bases for processing your data are:

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the Service you signed up for
  • Legitimate interests (Article 6(1)(f)): Security, fraud prevention, and service improvement
  • Legal obligation (Article 6(1)(c)): Compliance with applicable laws

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

12. Children's Privacy (COPPA)

Our Caring Circle is not intended for use by children under the age of 13. In compliance with the Children's Online Privacy Protection Act (COPPA):

  • We require users to confirm they are at least 13 years of age during account registration
  • We do not knowingly collect personal information from children under 13
  • If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete that information and terminate the associated account
  • We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@ourcaringcircle.com so we can take appropriate action.

Note: While care recipients (people being cared for) may be under 13, the platform accounts used to coordinate care must belong to individuals aged 13 or older. Care recipient profiles are created and managed by adult circle members, not by the care recipients themselves.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this policy periodically.

15. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:

privacy@ourcaringcircle.com