Effective Date: February 25, 2026 · Last Updated: February 25, 2026
CaregiverIQ (“Company,” “we,” “us,” or “our”) is a New Mexico-based company that provides a performance intelligence platform for home health care agencies. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use our website at www.caregiveriq.co, our mobile-optimized portal, and any related services (collectively, the “Service”).
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Service immediately.
1. Information We Collect
1.1 Information You Provide Directly
Account Information: Name, email address, phone number, and organizational role when you register for an account or are invited by your agency.
Agency Information: Legal business name, address, phone number, agency type, and size information provided during onboarding.
Caregiver Identity Data: Full name, email address, phone number, date of birth, last four digits of Social Security Number (SSN4), mailing address, and profile photographs.
Performance Data: Performance review scores, review comments, attendance records, certifications, training completion records, and related professional data.
Personality Assessment Data: Results from personality and professional development assessments administered through the Service.
Client Satisfaction Data: Survey responses and satisfaction scores submitted by clients of your agency.
Payment Information: Billing details processed through our third-party payment processor. We do not store complete credit card numbers on our servers.
Communications: Messages, feedback, and correspondence you send to us.
1.2 Information Collected Automatically
Usage Data: Pages visited, features used, timestamps, and interaction patterns within the Service.
Device & Browser Information: IP address, browser type, operating system, device identifiers, and screen resolution.
Cookies & Similar Technologies: We use essential cookies for authentication, session management, and security purposes. We do not use third-party advertising cookies or tracking pixels.
1.3 Information from Third Parties
Electronic Visit Verification (EVV) Systems: Attendance and scheduling data imported from integrated EVV platforms (e.g., AxisCare) at the direction of your agency.
Google Business Profile: Public business reviews and review metadata accessed through the Google Business Profile API for reputation management features.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: To provide, operate, and maintain the CaregiverIQ platform, including caregiver profiles, performance tracking, and agency dashboards.
Performance Analytics: To calculate CareScores, identify performance trends, generate benchmarking comparisons, and produce reports for agencies.
AI-Powered Insights: To generate automated performance insights, coaching recommendations, and retention risk assessments. All personally identifiable information is anonymized before being processed by artificial intelligence systems.
Notifications: To send transactional notifications via email, SMS text messages, and push notifications related to your account, performance updates, and agency communications.
Billing & Payments: To process subscription payments, manage billing cycles, and send invoices.
Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, and fraudulent activity.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Product Improvement: To analyze aggregated, de-identified usage patterns to improve the Service.
3. HIPAA & Protected Health Information
CaregiverIQ may process Protected Health Information (“PHI”) on behalf of home health care agencies that are Covered Entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In such circumstances, CaregiverIQ acts as a Business Associate.
Business Associate Agreement (BAA): We will execute a BAA with any Covered Entity before processing PHI through the Service. The BAA governs our obligations with respect to PHI and supplements this Privacy Policy.
PHI Safeguards: We implement administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements, including encryption of PHI at rest and in transit, access controls, and audit logging.
Breach Notification: In the event of a breach of unsecured PHI, we will notify affected Covered Entities in accordance with HIPAA breach notification requirements without unreasonable delay and in no event later than sixty (60) calendar days from discovery of the breach.
Minimum Necessary Standard: We limit our use, disclosure, and request of PHI to the minimum necessary to accomplish the intended purpose.
4. SMS / Text Messaging
CaregiverIQ offers SMS text messaging as a communication channel for agency-to-caregiver notifications, performance updates, shift reminders, and other service-related messages.
By opting in to SMS notifications, you consent to receive automated text messages from CaregiverIQ at the phone number you provide. Consent is not a condition of purchasing any goods or services.
Message frequency varies based on your agency’s configuration and notification preferences. Message and data rates may apply depending on your mobile carrier and plan.
To opt out of SMS messages at any time, reply STOP to any message. You will receive a confirmation message and no further texts will be sent. To resume messages, reply START.
For help with SMS messaging, reply HELP to any message or contact us at the information provided below.
SMS messages are delivered through a third-party messaging service provider. Neither the messaging service provider nor mobile carriers are liable for delayed or undelivered messages.
Supported carriers include but are not limited to: AT&T, T-Mobile, Verizon, Sprint, U.S. Cellular, and most other major U.S. carriers.
We do not share your phone number or SMS opt-in data with third parties for their marketing purposes.
5. Third-Party Service Providers
We engage trusted third-party service providers to help operate and improve the Service. These providers process data on our behalf and are bound by contractual obligations to protect your information:
Payment Processing (Stripe): Subscription billing, payment collection, and invoice management. Stripe is PCI-DSS Level 1 compliant. For details, see Stripe’s Privacy Policy.
Error Monitoring (Sentry): Application error detection and performance monitoring to ensure service reliability.
Email Delivery (Resend): Transactional email delivery for invitations, notifications, and account communications.
SMS Messaging Provider: Delivery of SMS text messages for agency-to-caregiver communications and service notifications.
Personality Assessments (Deeper Signals): Professional personality assessments for caregiver development. Assessment data is processed in accordance with Deeper Signals’ privacy policy.
AI Analysis (Anthropic): Generation of performance insights and coaching recommendations. All data sent to AI systems is anonymized and stripped of personally identifiable information before processing.
Cloud Hosting (Vercel): Application hosting and content delivery.
Database (Neon): PostgreSQL database hosting with encryption at rest.
Google Business Profile: Integration for managing and responding to business reviews.
6. Data Security
We implement industry-standard security measures to protect your personal information:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest: Sensitive personal information stored in our database is encrypted using AES-256 field-level encryption.
SSN4 Protection: Last-four Social Security Number digits are cryptographically hashed using HMAC-SHA256 and bcrypt. The original values are not stored in plaintext.
Access Controls: Role-based access controls ensure that users can only access data appropriate to their organizational role (Administrator, Supervisor, or Caregiver).
Multi-Tenant Isolation: Each agency’s data is logically isolated. Agencies cannot access data belonging to other agencies.
Audit Logging: Access to sensitive data (PII) is logged for security monitoring and compliance purposes.
Rate Limiting: API and authentication endpoints are rate-limited to prevent abuse and brute-force attacks.
While we use commercially reasonable efforts to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention & Deletion
Active Accounts: We retain your personal information for as long as your account or your agency’s account is active and as needed to provide the Service.
Post-Termination: Upon account termination, we will retain data for a period necessary to comply with legal obligations, resolve disputes, and enforce our agreements, typically no longer than three (3) years.
Deletion Requests: You may request deletion of your personal information by contacting us. We will process deletion requests within thirty (30) days, subject to legal retention requirements.
Aggregated Data: De-identified and aggregated data that cannot reasonably be used to identify you may be retained indefinitely for benchmarking and product improvement purposes.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right to Access: Request a copy of the personal information we hold about you.
Right to Correction: Request that we correct inaccurate or incomplete personal information.
Right to Deletion: Request that we delete your personal information, subject to legal exceptions.
Right to Portability: Request your data in a structured, commonly used, machine-readable format.
Right to Opt Out: Opt out of non-essential communications, including SMS messages and marketing emails.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, please contact us using the information in the Contact section below. We will respond to verifiable requests within thirty (30) days.
9. State Privacy Rights
9.1 New Mexico
CaregiverIQ is based in New Mexico and complies with applicable New Mexico data protection laws, including the New Mexico Data Breach Notification Act. In the event of a data breach affecting New Mexico residents, we will provide notification as required by law.
9.2 California (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to limit use of sensitive personal information. We do not sell personal information. To exercise your California privacy rights, contact us at the information below.
9.3 Other States
Residents of other states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights. We will honor valid requests in accordance with applicable state law.
10. Children’s Privacy
The Service is not directed to individuals under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised “Last Updated” date. For material changes that significantly affect your rights, we will provide additional notice via email or through the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
12. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us:
CaregiverIQ Email: [Contact email to be provided] Address: [Mailing address to be provided] New Mexico, United States