CareAI

Data Processing Policy

Download PDF Version

CareAI Data Processing and Retention (English)

Effective date: 2026-01-22
Version: 1.1
Last Updated: January 22, 2026

Governing Language: In case of discrepancy between translations, the English version prevails.

This document summarizes how CareAI processes and retains data for operational, security, and support purposes.

1. Processing activities

CareAI processes data to:

  • Authenticate users and manage role-based access
  • Store user-entered reminders, medications, and care notes
  • Enable care team relationships where supported
  • Operate notifications and delivery tracking
  • Maintain security, audit logs, and crash diagnostics
  • Process chat content and medication inquiries: When you use CareAI's chat features to ask questions about medications or health topics, we process your messages to provide informational responses
  • Process distress signals and escalation events: If you express distress or safety concerns in chat, we may process and log escalation events to facilitate appropriate care team notifications
  • Enable "Ask My Doctor" functionality: Process medication inquiries submitted through the "Ask My Doctor" feature to facilitate communication with linked doctors

2. Health-related data processing

2.1 Chat Content

  • Chat messages are processed to provide informational responses and to detect potential distress signals
  • Chat content is stored according to your account settings and retention policies
  • Chat history may be shared with linked care team members (doctors, guardians) when explicitly authorized

2.2 Medication Inquiries

  • Medication inquiries submitted through "Ask My Doctor" are processed to facilitate communication with linked doctors
  • Inquiry content and metadata (e.g., timestamp, medication query reference) may be shared with linked doctors
  • Inquiries are retained for as long as necessary to facilitate communication or until you delete your account or request deletion

2.3 Escalation Events

  • Distress signals and escalation events are processed to facilitate care team notifications
  • Event data includes: event type, distress level, triggers, message references, and notification status
  • Escalation events are retained for safety audit and care coordination purposes

3. Data minimization

We aim to collect and process only what is needed for the Service and configured features. We do not process health-related data beyond what is necessary to provide the requested functionality.

4. Data sharing

4.1 With Care Team Members

  • Linked Doctors: Medication inquiries may be shared with linked doctors to facilitate communication
  • Linked Guardians: Escalation events and distress signals may be shared with linked guardians to facilitate appropriate care coordination
  • All data sharing with care team members is for informational and safety facilitation purposes only
  • Data sharing is limited to what is necessary for the specific purpose

4.2 With Service Providers

  • We may share data with service providers that help us operate the app (e.g., hosting, authentication, database, crash reporting)
  • Service providers are contractually obligated to protect data and use it only for specified purposes

4.3 No Sale or Public Disclosure

  • We do not sell personal data, including health-related data
  • We do not publicly disclose your health information
  • We do not use health-related data for advertising or marketing purposes

5. Retention approach

We retain:

  • Account data while your account is active
  • Operational logs for a limited period for security and reliability
  • Backups for continuity and disaster recovery

5.1 Health-Related Data Retention

  • Doctor Inquiries: Retained for as long as necessary to facilitate communication between you and your linked doctor, or until you delete your account or request deletion of specific inquiries
  • Escalation Events: Retained for safety audit and care coordination purposes. Retention periods may vary based on the severity and resolution status of the event
  • Chat History: Retained according to your account settings and may be deleted upon account deletion or upon your request

When data is no longer needed, we delete or anonymize it where feasible, subject to legal and security requirements.

6. Security

We apply access controls and safeguards intended to protect data during processing, storage, and transmission where supported, including:

  • Encryption in transit where supported
  • Access controls and role-based permissions
  • Audit logging for security and compliance
  • Regular security assessments

7. Your rights

Depending on applicable law, you may have rights to:

  • Access your personal data, including health-related data
  • Correct or update inaccurate data
  • Request deletion of specific data (subject to legal/security retention obligations)
  • Withdraw consent for data processing where applicable

8. Requests

Data-related requests: support@careai.app

Change Log:

  • v1.1 (January 22, 2026): Added explicit coverage for CHAT-11 data processing including chat content, medication inquiries, escalation events, and health-related data retention categories. Clarified data sharing with care team members and retention policies.
  • v1.0 (December 17, 2025): Initial version.

Important Medical Disclaimer:

CareAI provides general information only and does NOT replace medical advice. Always consult your doctor or pharmacist.