Skip to main content
Carevazo

Carevazo Privacy Policy

Last updated: May 23, 2026 Operator: No Doubles Golf Co., LLC ("Carevazo," "we," "us," "our") Contact: privacy@carevazo.com | support@carevazo.com

1. Overview

Carevazo helps families coordinate care for loved ones with complex needs. Because you may store sensitive health and personal information, we designed the Service with access controls, audit logging, and clear limits on how we use data.

This Privacy Policy explains what we collect, how we use it, who we share it with, and your choices.

2. Information we collect

Account and profile information

  • Name, email address, authentication identifiers
  • Relationship to care recipients, display preferences, notification settings
  • Profile and care recipient information you enter (communication needs, safety information, medications, journal entries, documents, and similar content)

This information may include health-related information you choose to store in Carevazo.

Usage and device information

  • App feature usage, crash diagnostics, performance logs (without journal text or care content in logs)
  • Device type, operating system, app version
  • Push notification tokens (we send deep links only — not care content in notification payloads)

Payment information

  • For mobile subscriptions: purchase status and receipts processed by Apple or Google (and subscription management partners such as RevenueCat when enabled)
  • Carevazo does not receive or store full payment card numbers for mobile in-app purchases

Website (carevazo.com)

  • Our marketing website may use analytics (for example, Google Analytics) subject to cookie/consent controls described on the site
  • The mobile app care content is not sent to website analytics

3. How we use information

We use information to:

  • Provide, maintain, and secure the Service
  • Authenticate users and enforce role-based access (family admin, self-advocate, provider, teacher, respite, viewer)
  • Generate AI summaries when enabled (see Section 6)
  • Send notifications you opt into (deep links only)
  • Process subscriptions and trials
  • Comply with law and protect against abuse
  • Create aggregated or de-identified statistics that do not reasonably identify you (see Section 5)

We do not use your care records or journal content for third-party advertising.

4. How we share information

We do not sell personal information

We do not sell your personal information. We do not share your care records, journal entries, or profile health information with advertisers, data brokers, or for third-party marketing.

We do not sell aggregated or de-identified information to data brokers or advertising networks.

User-directed sharing (care team)

You control sharing by inviting care team members and creating handoff links. Authorized members see information according to their role and your visibility settings.

Service providers (subprocessors)

We use trusted providers to operate the Service. They process data on our instructions and under contractual safeguards:

ProviderRoleTypical data
SupabaseDatabase, authentication, hostingAccount and care content you store
AnthropicAI summary generationJournal text in prompts (zero-retention configuration)
Apple / GoogleApp distribution, push delivery, in-app purchasesDevice tokens, purchase receipts
ExpoPush notification infrastructureDevice tokens
RevenueCat (when enabled)Subscription managementApp user ID, purchase entitlements
Google Analytics (website only)Marketing site analyticsPage views, referrer (not mobile care content)

We may update this list; material changes will be reflected in this Policy.

Legal and safety

We may disclose information if required by law, valid legal process, or to protect rights, safety, and security.

5. Aggregated and de-identified data

Tier 1 — Product operations (default)

We may create aggregated statistics from usage and metadata — for example, feature adoption, total entries logged, or crash rates — that do not identify you or your care recipient. We use these to operate and improve Carevazo and may publish high-level marketing statistics (such as total entries logged in a month).

Tier 2 — Optional health-related programs (consent required)

If we offer research, institutional partnerships, or public reporting that uses de-identified health-related content (beyond usage counts), we will ask for your separate, explicit opt-in before including your information. You may withdraw consent at any time in settings or by contacting us.

We do not use your care content to train third-party AI models for general-purpose advertising or unrelated products.

6. AI summaries

  • Before any journal or care-note text is sent to a third-party AI provider, the family account holder must explicitly allow sharing in an in-app consent sheet that names Anthropic, PBC and describes the data types shared (journal entries and related care notes used in the summary prompt; profile photos are not included).
  • AI summaries can be turned off in Settings → Privacy; turning them off does not delete a prior consent record.
  • Summaries are generated server-side; journal content used in summarization is sent to Anthropic under zero-retention configuration.
  • Summaries include attribution that they were generated by Carevazo AI.
  • AI output may be inaccurate — verify important information with qualified professionals.

7. Security

We use technical and organizational measures including:

  • Row-level access controls at the database layer
  • Encryption in transit (TLS)
  • PHI-aware design: no care content in push payloads, URLs, or client error logs
  • Audit logging for sensitive access (where implemented)

We describe our posture as HIPAA-designed security architecture. Carevazo is not a healthcare provider. Formal HIPAA Business Associate agreements with infrastructure vendors are executed according to our scale and institutional requirements — not claimed in this Policy unless explicitly stated when in effect.

No system is perfectly secure. Report concerns to privacy@carevazo.com.

8. Children and teens

  • Under 13: Care recipients under 13 do not create their own accounts. A parent or guardian manages their information.
  • 13 and older: Self-advocate accounts may be invited with additional in-app controls over their information.

We do not knowingly collect personal information from children under 13 through self-registration. Contact us if you believe we have done so inadvertently.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to certain processing.

In-app controls:

  • Manage care team membership and handoff links
  • AI summary opt-out (Settings → Privacy)
  • Notification preferences
  • Theme and accessibility settings

Account deletion: You may request deletion of your account as provided in-app (Settings) or by emailing privacy@carevazo.com. Deletion handling:

  • We delete or anonymize personal account data subject to technical and legal limits
  • Some security, audit, or backup records may be retained for a limited period where required for security, fraud prevention, or legal compliance
  • Information already shared with your care team may remain visible to them according to their access until removed by authorized users

We will confirm deletion requests within a reasonable timeframe.

10. Retention

We retain information while your account is active and as needed to provide the Service. We may retain certain records after deletion as described in Section 9 or as required by law.

Journal history visibility for free tiers may be limited by product features (for example, 90-day window) without deleting underlying records until you delete them or your account.

11. International users

Carevazo is operated from the United States. If you access the Service from other regions, you consent to processing in the U.S. subject to this Policy and applicable law.

12. Changes

We may update this Privacy Policy. We will post the revised Policy with a new "Last updated" date and provide additional notice where required.

13. Contact

Privacy: privacy@carevazo.com Support: support@carevazo.com Mail: No Doubles Golf Co., LLC — contact via email for mailing address

Summary (not a substitute for the full Policy)

  • We do not sell your personal information or care content.
  • Care team sharing is controlled by you — not sold for ads.
  • Subprocessors (Supabase, Anthropic, Apple/Google, etc.) help us run the Service under safeguards.
  • Usage aggregates help us improve Carevazo; health-content research needs separate opt-in.
  • AI summaries use Anthropic with zero-retention; you can opt out in Settings.
  • Under-13 users don't self-register; 13+ may have self-advocate accounts.
  • Delete your account in Settings or email privacy@carevazo.com.