Privacy Policy

We value your trust and are committed to protecting your personal data. Transparency is at the core of our mission.

1. Information We Collect

We collect the following categories of personal information when you use our services:

  • Account Information: name, email address, profile photo, and authentication credentials provided during registration
  • Health & Wellness Data: steps, heart rate, sleep patterns, exercise sessions, active calories, resting heart rate, blood oxygen levels, and other biometric data read from Apple HealthKit (iOS) or Health Connect (Android)
  • Device Information: device model, operating system version, app version, unique device identifiers, and crash/diagnostic logs
  • Location Data: precise location only during active live workout tracking sessions, with your explicit permission
  • Usage Analytics: anonymized interaction data including screens visited, features used, and session duration to improve the app experience

2. How We Use Your Information

Your personal information is used for the following purposes:

  • Deliver personalized wellness insights, health trends, and activity recommendations
  • Display your progress in challenges, leaderboards, and community features
  • Enable appointment scheduling, care team communication, and telehealth services
  • Send push notifications for reminders, challenge updates, and health alerts (with your consent)
  • Improve app performance, fix bugs, and develop new features using aggregated analytics
  • Comply with legal obligations, including healthcare regulations such as HIPAA

3. Data Security & Compliance

We implement industry-standard safeguards to protect your personal and health information:

  • All health data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Our infrastructure is HIPAA-compliant with signed Business Associate Agreements (BAAs) where applicable
  • Access to personal health information is restricted on a need-to-know basis with audit logging
  • We conduct regular third-party security assessments and penetration testing
  • Biometric authentication (Face ID, Touch ID, fingerprint) is available for additional app-level security
  • We maintain incident response procedures and will notify affected users within 72 hours of any confirmed data breach

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • With your explicit consent, such as sharing wellness progress in community challenges
  • With healthcare providers you designate for care coordination purposes
  • With service providers (cloud hosting, analytics) who are contractually bound to protect your data
  • When required by law, regulation, court order, or governmental authority
  • In aggregated, de-identified form that cannot reasonably identify you, for research or statistical purposes
  • In connection with a merger, acquisition, or sale of assets, subject to continued privacy protections

5. Data Retention

We retain your data only as long as necessary to provide our services:

  • Active account data is retained for the duration of your account
  • Health data is retained for up to 7 years to comply with healthcare recordkeeping requirements
  • Upon account deletion, personal data is permanently removed within 30 days, except where retention is required by law
  • Anonymized analytics data may be retained indefinitely as it cannot identify you

6. Your Rights & Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request permanent deletion of your account and associated data
  • Portability: Export your health data in a machine-readable format
  • Opt-Out: Disable push notifications, analytics, or marketing communications at any time in Settings
  • Revoke Consent: Withdraw previously granted consents (e.g., health data access) through the app's Consent Management screen
  • To exercise these rights, contact us at privacy@caredevi.com or use the in-app Data & Privacy settings

7. Children's Privacy

CareDevi is not intended for use by individuals under the age of 18:

  • We do not knowingly collect personal information from children under 18
  • If we discover that a child under 18 has provided personal information, we will delete it promptly
  • If you believe a child has provided us with personal data, please contact privacy@caredevi.com

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us and by our service providers
  • Right to opt out of the sale or sharing of personal information — we do not sell your data
  • Right to non-discrimination for exercising your privacy rights
  • To submit a verifiable consumer request, email privacy@caredevi.com

9. Contact & Updates

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notification.

  • Privacy inquiries: privacy@caredevi.com
  • Data Protection Officer: dpo@caredevi.com
  • Mailing address: CareDevi Inc, 5 Cowboys Way Ste 300, Frisco, TX 75034, USA
  • Continued use of the app after changes constitutes acceptance of the updated policy
Last updated: February 21, 2026