CaringIQ Inc. Privacy Policy

Effective Date: May 6, 2026

Last Updated: June 12, 2026

CaringIQ respects the privacy of families, caregivers, and Care Recipients. This Privacy Policy explains how CaringIQ Inc. collects, uses, discloses, retains, and protects information in connection with our website, applications, AI assistant Cari, Life Ledger, family dashboard, document features, task features, reminders, transcription features, and related services.

CaringIQ is designed for personal and family caregiving coordination. We do not sell your personal information. We do not use identifiable Customer Content to train, fine-tune, or improve CaringIQ AI models or third-party AI models without your express permission. We do not share your family's Customer Content with insurers or advertisers for their own advertising, underwriting, or marketing purposes.

1. Scope

This Privacy Policy applies to personal information we collect through the Services, including information collected from:

1. Account Owners;

2. Invited Users;

3. Care Circle participants;

4. Care Recipients whose information is provided through the Services;

5. Website visitors;

6. People who contact CaringIQ; and

7. People who interact with Cari or other AI features.

This Privacy Policy does not apply to third-party websites, products, services, or providers that CaringIQ does not control.

2. Key Definitions

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a person or household.

"Customer Content" means information you or your Care Circle upload, enter, forward, dictate, store, share, or generate through the Services.

"Consumer Health Data" means Personal Information that is linked or reasonably linkable to a person and identifies, relates to, or can be used to infer a person's past, present, or future physical or mental health status, where applicable law uses or recognizes that concept.

3. Information We Collect

We may collect the following categories of information.

3.1 Account Information

We may collect your name, email address, login credentials, account settings, profile information, communication preferences, and authentication information.

3.2 Care Circle and Permission Information

We may collect information about Care Circles, Invited Users, roles, permissions, invitations, invitation status, shared workspaces, task assignments, activity history, and collaboration settings.

3.3 Caregiving Content

We may collect Customer Content, including:

1. Care notes;

2. Appointment information;

3. Medication information;

4. Prescription lists;

5. Provider names and contact details;

6. Facility information;

7. Care instructions;

8. Documents;

9. Uploaded files;

10. Emails forwarded to CaringIQ;

11. Voicemails and audio files;

12. Transcripts;

13. Summaries;

14. Billing notes;

15. Insurance-related notes you provide;

16. Transportation details;

17. Meal, home repair, and vendor information;

18. Family discussions;

19. Tasks, reminders, and follow-ups;

20. Care Recipient preferences; and

21. Other information you choose to provide.

3.4 AI Interactions and Outputs

We may collect prompts, questions, instructions, conversations with Cari, AI Outputs, summaries, classifications, extracted information, and related metadata.

3.5 Audio, Voicemail, and Transcription Information

If you upload, dictate, or forward audio or voicemail, we may collect the audio file, transcript, summary, extracted information, related metadata, and processing results.

We do not use voice notes to identify you biometrically or create biometric templates.

3.6 Payment and Subscription Information

If you purchase a paid plan, we or our payment processors may collect billing information, payment method information, transaction information, subscription status, invoice information, billing address, and related records.

CaringIQ does not intend to store full payment card numbers. Payment information is processed by third-party payment processors.

3.7 Support and Communications

We may collect messages, emails, support requests, feedback, survey responses, call notes, troubleshooting information, and related communications.

3.8 Usage, Device, and Technical Information

We may collect device type, browser type, operating system, IP address, approximate location derived from IP address, app version, pages viewed, features used, dates and times of activity, crash logs, error logs, diagnostic data, security logs, and similar technical information.

3.9 Website, Cookie, and Analytics Information

We may use cookies, pixels, local storage, analytics tools, and similar technologies on our website and Services.

We use these technologies to operate the Services, remember preferences, analyze usage, improve performance, detect security issues, and understand website traffic.

We do not use Customer Content for targeted advertising.

We do not place advertising pixels in areas of the Services where Customer Content is displayed unless we provide additional notice and obtain consent where required.

3.10 Information from Third Parties

We may receive information from:

1. Users who invite you to a Care Circle;

2. Users who upload or share information about a Care Recipient;

3. Payment processors;

4. Cloud hosting providers;

5. AI providers;

6. Transcription providers;

7. Analytics providers;

8. Security providers;

9. Support tools;

10. Email and communication providers;

11. Third-party integrations you authorize; and

12. Publicly available sources if used to provide requested features, such as researching non-clinical local service providers.

13. How We Use Information

We use information to:

1. Provide, operate, and maintain the Services;

2. Create and manage accounts;

3. Authenticate Users;

4. Manage Care Circles, invitations, roles, and permissions;

5. Store, organize, search, and retrieve Customer Content;

6. Generate summaries, reminders, task lists, transcriptions, classifications, and AI Outputs;

7. Provide Cari and other AI features;

8. Personalize your experience within the Services;

9. Send reminders, notifications, and service communications;

10. Process payments and manage subscriptions;

11. Provide customer support;

12. Troubleshoot bugs and technical issues;

13. Monitor, secure, and protect the Services;

14. Prevent fraud, misuse, unauthorized access, and security incidents;

15. Improve reliability, usability, safety, and performance;

16. Develop new features;

17. Analyze aggregated or de-identified usage trends;

18. Comply with legal obligations;

19. Enforce our Terms of Service;

20. Protect the rights, safety, and security of CaringIQ, Users, Care Recipients, and others; and

21. Carry out other purposes disclosed to you with your consent.

22. AI Use and Customer Content

CaringIQ uses AI systems and third-party AI providers to provide features such as Cari, summaries, reminders, transcriptions, task extraction, document organization, search, and suggestions.

We do not use identifiable Customer Content to train, fine-tune, or improve CaringIQ AI models or third-party AI models, unless you give us express permission.

We require our AI providers, through contract terms, account settings, or other controls, not to use identifiable Customer Content to train their AI models for their own purposes or for the benefit of other customers.

AI providers may process Customer Content only as needed to provide the Services, maintain security, prevent abuse, comply with law, and fulfill contractual obligations to CaringIQ.

Some AI providers may retain limited logs for abuse monitoring, debugging, or legal compliance as described in our Subprocessors page or applicable service documentation.

We may use aggregated or de-identified information to improve the Services, including AI features, provided that such information does not identify you, a Care Recipient, your household, or your Care Circle.

With your permission, we may review specific Customer Content to troubleshoot a support request, investigate a technical issue, or improve feature quality.

1. De-identified and Aggregated Information

We may create and use aggregated or de-identified information for analytics, product improvement, research, security, performance monitoring, and business purposes.

We will not attempt to re-identify information that we maintain as de-identified, except as permitted by law to test or validate de-identification.

We will not describe information as de-identified unless we have applied measures designed to prevent the information from reasonably identifying a person or household.

1. How We Disclose Information

We may disclose information in the following ways.

7.1 To Your Care Circle

We disclose Customer Content to Account Owners, Invited Users, and Care Circle participants according to account settings, permissions, roles, and product features.

By inviting someone to a Care Circle or sharing Customer Content, you authorize us to disclose that information to the invited person.

7.2 To Service Providers and Subprocessors

We disclose information to service providers and subprocessors that help us operate the Services, including providers of:

1. Cloud hosting;

2. Data storage;

3. AI processing;

4. Transcription;

5. Search;

6. Email delivery;

7. Notifications;

8. Customer support;

9. Analytics;

10. Security monitoring;

11. Error logging;

12. Payment processing;

13. Product infrastructure;

14. Data backup; and

15. Other operational services.

These providers may access information only as needed to provide services to CaringIQ and are subject to contractual confidentiality, security, and data-use restrictions.

Our Subprocessors page identifies key subprocessors. We will provide notice through the Services or by another reasonable method when we add a new subprocessor that materially changes how Customer Content is processed.

7.3 At Your Direction

We may disclose information when you direct us to do so, such as when you share information with a family member, invite a User, forward information, use an integration, export Customer Content, or ask us to help communicate with a third party.

7.4 For Legal, Safety, and Security Reasons

We may disclose information if we reasonably believe disclosure is necessary to:

1. Comply with law, regulation, legal process, subpoena, court order, or government request;

2. Enforce our Terms of Service;

3. Detect, prevent, or address fraud, security issues, or misuse;

4. Protect the rights, safety, property, or security of CaringIQ, Users, Care Recipients, or others;

5. Investigate potential violations;

6. Respond to emergencies or imminent harm; or

7. Exercise or defend legal claims.

7.5 Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

If Customer Content is transferred as part of such a transaction, we will take reasonable steps designed to ensure that the recipient honors this Privacy Policy or provides notice before materially different practices apply.

7.6 With Consent

We may disclose information for other purposes with your consent.

1. What We Do Not Do

CaringIQ does not:

1. Sell your personal information;

2. Sell Consumer Health Data;

3. Use identifiable Customer Content to train, fine-tune, or improve CaringIQ AI models without your express permission;

4. Use identifiable Customer Content to train, fine-tune, or improve third-party AI models without your express permission;

5. Share Customer Content with advertisers for their own advertising purposes;

6. Share Customer Content with insurers for their own underwriting or marketing purposes, unless you direct us to or the disclosure is required by law;

7. Use Customer Content for targeted advertising;

8. Create biometric templates from voice notes;

9. Use geofencing around healthcare facilities to identify or track consumers seeking healthcare services or to advertise based on health status; or

10. Provide medical, legal, financial, fiduciary, emergency, or professional advice.

11. Consumer Health Data Notice

Because CaringIQ may process health-related information provided by Users, this section provides additional information about Consumer Health Data where applicable law requires or recognizes such disclosures.

9.1 Categories of Consumer Health Data We May Collect

Depending on what you provide, we may collect Consumer Health Data such as:

1. Medical conditions, diagnoses, symptoms, or treatment information included in Customer Content;

2. Medication and prescription information;

3. Provider names, appointment information, and facility information;

4. Care needs, mobility needs, accessibility needs, dietary needs, and daily living notes;

5. Mental health, behavioral health, or cognitive information included in Customer Content;

6. Health-related documents, visit summaries, discharge papers, care instructions, and notes;

7. Communications about health-related matters;

8. Information inferred from Customer Content to provide requested features, such as reminders or task lists; and

9. Other health-related information you choose to provide.

9.2 Purposes for Collecting Consumer Health Data

We collect Consumer Health Data to:

1. Store, organize, and retrieve caregiving records;

2. Help coordinate family caregiving tasks;

3. Generate summaries, reminders, transcriptions, and AI Outputs;

4. Manage Care Circle access and collaboration;

5. Provide support and troubleshoot issues;

6. Secure and maintain the Services;

7. Comply with law;

8. Protect rights and safety; and

9. Use aggregated or de-identified information as described in this Privacy Policy.

9.3 Sources of Consumer Health Data

We may collect Consumer Health Data from:

1. You;

2. Account Owners;

3. Invited Users;

4. Care Circle participants;

5. Documents, emails, voicemails, audio files, and other materials uploaded or forwarded to CaringIQ;

6. Third-party services you authorize; and

7. Service providers that process information for CaringIQ.

9.4 Sharing Consumer Health Data

We may share Consumer Health Data:

1. With your Care Circle according to your settings and permissions;

2. With service providers and subprocessors that help us provide the Services;

3. At your direction;

4. As required by law;

5. To protect rights, safety, and security;

6. In connection with a business transfer; and

7. With your consent.

We do not sell Consumer Health Data.

We do not share Consumer Health Data for targeted advertising.

9.5 Consumer Health Data Rights

Depending on where you live and applicable law, you may have rights to:

1. Confirm whether we collect, share, or sell Consumer Health Data;

2. Access Consumer Health Data;

3. Receive a list of categories of Consumer Health Data collected;

4. Receive information about third parties or affiliates with whom Consumer Health Data has been shared;

5. Withdraw consent for certain collection or sharing;

6. Request deletion of Consumer Health Data;

7. Appeal a denied request; and

8. Exercise rights without discrimination.

To submit a request, email privacy@caringiq.com.

We may need to verify your identity and authority before responding. If a request relates to a Care Recipient or information controlled by another Account Owner, we may need to evaluate authority, account permissions, legal obligations, and the rights of other Users.

1. HIPAA

CaringIQ is designed for personal and family caregiving coordination.

Unless CaringIQ enters into a separate written agreement expressly stating otherwise, CaringIQ is not intended to be used by healthcare providers, health plans, healthcare clearinghouses, or other HIPAA covered entities to provide services to patients, members, or clients.

Unless CaringIQ enters into a separate written business associate agreement, CaringIQ is not acting as a HIPAA business associate.

Even when HIPAA does not apply, we use safeguards designed to protect health-related information as described in this Privacy Policy.

1. Your Choices and Rights

Depending on where you live and applicable law, you may have rights to:

1. Access your personal information;

2. Receive a copy of your personal information;

3. Correct inaccurate information;

4. Delete personal information;

5. Restrict or object to certain processing;

6. Withdraw consent where processing is based on consent;

7. Opt out of certain uses or disclosures;

8. Appeal a denied privacy request; and

9. Not be discriminated against for exercising privacy rights.

To exercise privacy rights, email privacy@caringiq.com.

We may verify your identity before fulfilling a request. We may decline, limit, or delay a request where permitted by law, such as when we cannot verify your identity, must retain information for legal or security reasons, need information to provide the Services, or must protect the rights of others.

If we deny your request, you may appeal by replying to our decision or emailing privacy@caringiq.com with the subject line "Privacy Appeal."

You may request an export of your Customer Content in a structured, commonly used, machine-readable format by using account settings (where available) or by emailing privacy@caringiq.com. We will respond to verified export requests within 45 days.

11A. Rights of Care Recipients

A Care Recipient whose information is stored in the Services may request access to, correction of, or deletion of their own personal information by contacting privacy@caringiq.com, even if the Care Recipient does not have a CaringIQ account.

Because Customer Content is controlled by Account Owners and shared within Care Circles, we may need to verify the requester's identity, evaluate legal authority (including any power of attorney, guardianship, or healthcare proxy), and consider the rights of other Users before fulfilling a request. Where we cannot fully honor a request, we will explain why and identify any appeal options available under applicable law.

1. Account Deletion

You may request account deletion through account settings or by contacting privacy@caringiq.com.

Deleting an account may delete or disable access to Customer Content associated with that account, subject to account roles, Care Circle structure, legal requirements, backups, security logs, billing records, audit records, and other retention described in this Privacy Policy.

If you are an Invited User, deleting your account may not delete Customer Content controlled by the Account Owner or other Care Circle participants.

If you are an Account Owner, deleting your account may affect access for your Care Circle.

We may retain information as needed to comply with law, prevent fraud, resolve disputes, enforce agreements, protect security, maintain records, complete transactions, or as otherwise permitted by law.

1. Retention

We retain personal information and Customer Content for as long as reasonably necessary to provide the Services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, protect security, and fulfill the purposes described in this Privacy Policy.

Retention periods depend on the type of information, account status, legal obligations, security needs, and operational requirements.

When information is deleted from active systems, copies may remain in backups, archives, logs, or legal records for a limited period before being deleted or overwritten in the ordinary course.

Aggregated or de-identified information may be retained indefinitely.

1. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information and Customer Content.

Our safeguards may include:

1. Encryption in transit;

2. Encryption at rest;

3. Secure cloud hosting;

4. Access controls;

5. Role-based permissions;

6. Logging and monitoring;

7. Vulnerability scanning;

8. Dependency and code scanning;

9. Restricted human access to Customer Content;

10. Security reviews; and

11. Incident response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

If we determine that a security incident has resulted in the unauthorized acquisition or disclosure of unsecured PHR identifiable health information or other personal information requiring notice, we will notify affected individuals, including affected Users and Care Recipients where applicable, without unreasonable delay and within the time required by law, including, where the FTC Health Breach Notification Rule applies, no later than 60 calendar days after discovery. We will also notify regulators, service providers, media outlets, or others where required by the FTC Health Breach Notification Rule and applicable state breach notification laws.

1. Human Access to Customer Content

CaringIQ limits human access to Customer Content. Authorized personnel and service providers may access Customer Content only as needed to:

1. Provide support requested by you;

2. Troubleshoot technical issues;

3. Investigate security incidents;

4. Debug or improve Services with your permission where appropriate;

5. Enforce our Terms of Service;

6. Comply with law;

7. Protect rights, safety, and security; or

8. Maintain the Services.

We limit personnel access to authorized personnel with a need to know.

Service providers may access Customer Content only as needed to provide services to CaringIQ and subject to contractual confidentiality, security, and data-use obligations.

1. Cookies and Tracking

We may use cookies and similar technologies to operate the Services, authenticate Users, remember preferences, analyze website and product usage, improve performance, and protect security.

Our marketing website may use analytics tools to understand website traffic.

We do not use Customer Content for targeted advertising.

We do not sell personal information.

If we use cookies or similar technologies that require consent or opt-out rights under applicable law, we will provide appropriate controls.

1. Payment Processing

Payments are processed by third-party payment processors. We may receive limited payment-related information, such as subscription status, invoices, billing address, payment method type, last four digits of a card, and transaction history.

Payment processors process payment information according to their own terms and privacy policies.

1. Children

The Services are intended for Users who are at least 18 years old.

We do not knowingly allow children under 18 to create accounts.

If Customer Content includes information about a minor Care Recipient, you represent that you have authority to provide and manage that information.

If you believe a child has created an account without authorization, contact privacy@caringiq.com.

1. State Privacy Rights

Some U.S. state privacy laws provide residents with additional rights. Depending on where you live, you may have rights to access, correct, delete, obtain a copy of, or opt out of certain processing of personal information.

CaringIQ does not sell personal information.

CaringIQ does not use Customer Content for targeted advertising.

To exercise state privacy rights, email privacy@caringiq.com.

If we deny your request, you may appeal by replying to our decision or emailing privacy@caringiq.com with the subject line "Privacy Appeal."

1. International Use

The Services are intended for use only in the United States.

If you access the Services from outside the United States, you do so at your own risk and acknowledge that your information may be processed in the United States.

1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice through the Services, by email, or by another reasonable method.

The updated Privacy Policy will become effective on the date stated in the updated policy or notice.

Your continued use of the Services after the updated Privacy Policy becomes effective means that your information will be handled according to the updated Privacy Policy.

1. Contact

For privacy questions, requests, or concerns, contact us at:

privacy@caringiq.com

For general support, contact:

support@caringiq.com

By mail:

CaringIQ, Inc., 300 Connemara Drive, Cary, NC 27519