ClientCare
TermsPrivacyBAA

Privacy Policy

Last Updated: February 15, 2026

Client Care LLC ("Client Care," "we," "us," or "our") respects your privacy and is committed to protecting the personal information and Protected Health Information ("PHI") you entrust to us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the ClientCare.pro platform (the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign in via Google, we receive your name and email from Google's OAuth service.

1.2 Customer Data (Including PHI)

You may upload or input data about patients and staff, which may include Protected Health Information as defined by HIPAA. This may include names, dates of birth, Medicaid/Medicare IDs, addresses, diagnoses, and other health-related information. The handling of PHI is governed by our Business Associate Agreement.

1.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, IP addresses, browser type, and device information. We use Google Analytics 4 for aggregated usage analytics. No PHI is transmitted to Google Analytics.

1.4 Payment Information

Payment processing is handled by Stripe, Inc. We do not store credit card numbers or bank account details on our servers. Stripe's privacy policy governs the handling of your payment information.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Process exclusion screening and eligibility verification requests;
  • Generate compliance reports and risk assessments;
  • Send you alerts about screening results and compliance issues;
  • Process billing and manage your subscription;
  • Respond to your inquiries and provide customer support;
  • Monitor and analyze usage patterns to improve the Service;
  • Comply with legal obligations and enforce our Terms of Service;
  • Protect against fraud, unauthorized access, and other security threats.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information with:

  • Service Providers. We use third-party vendors to operate the Service, including Google Cloud Platform (infrastructure), Stedi (eligibility verification), Checkr (background screening), Firebase (authentication), and Stripe (payments). Each vendor processes data only as necessary to provide their service and is bound by appropriate data protection agreements. Where a vendor processes PHI, a Business Associate Agreement is in place.
  • Legal Requirements. We may disclose information if required by law, regulation, legal process, or government request, or to protect our rights, safety, or property.
  • Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. HIPAA and PHI

Client Care LLC operates as a Business Associate under HIPAA. We are committed to compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

4.1 Safeguards

  • Encryption. All PHI is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Controls. Role-based access with mandatory multi-factor authentication (MFA).
  • Row-Level Security. Database-level tenant isolation ensures agencies can only access their own data.
  • Audit Logging. All access to PHI is logged in an immutable audit trail.
  • Minimum Necessary. We access only the minimum PHI necessary to provide the Service.

4.2 Breach Notification

In the event of a breach of unsecured PHI, we will notify affected Covered Entities without unreasonable delay and no later than 60 days after discovery, as required by 45 CFR 164.410.

5. Data Retention

We retain Customer Data for the duration of your subscription plus 30 days. After account termination, we will delete or de-identify your data within 30 days upon written request, unless retention is required by law or for legitimate business purposes (e.g., audit logs required by HIPAA). Audit logs are retained for a minimum of 6 years as required by HIPAA.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Request deletion of your personal information (subject to legal retention requirements);
  • Export your data in a machine-readable format;
  • Withdraw consent for optional data processing;
  • Lodge a complaint with a data protection authority.

To exercise any of these rights, contact us at privacy@clientcare.pro.

7. Cookies and Tracking

We use essential cookies for authentication and session management. We use Google Analytics 4 for aggregated usage analytics with IP anonymization enabled. We do not use advertising cookies or cross-site tracking. No PHI is ever included in cookies or analytics data.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. Patient data uploaded by healthcare providers may include minors' information, which is handled as PHI under our BAA.

9. Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after changes are posted constitutes acceptance.

11. Contact Information

For questions about this Privacy Policy or our data practices, contact us at:

Client Care LLC
Privacy Officer
Email: privacy@clientcare.pro
Website: https://clientcare.pro