Skilled Nursing
CarePlan Pro
Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how CarePlan Pro (“we,” “us,” “our”) collects, uses, and protects information when you use the Service.

The headline: CarePlan Pro does not store patient health information. Care plan content entered into the tool is processed through the Anthropic API and is not retained by CarePlan Pro.

1. What We Collect

We collect the following categories of information:

  • Account information: your name, email address, and (if applicable) facility name, which you provide at signup.
  • Authentication and session information: your password (stored only as a one-way bcrypt hash, never in plain text), session tokens, and basic device fingerprints (browser and operating system, used to enforce the 2-device limit).
  • Billing information: your payment method is collected and stored by our payment processor, Stripe. We never see or store your full card number.
  • Care plan inputs: the clinical data you enter into the tool is sent to the Anthropic API for processing. It is not stored in our database after the response is returned.

2. What We Do NOT Collect

  • We do not collect or store patient health information (PHI) in our database.
  • We do not retain the resident-specific data you enter into the care plan tool after the API response is returned to you.
  • We do not sell, rent, or share your data with marketers or advertisers.
  • We do not track your activity outside the Service.

3. Third-Party Service Providers

We use the following service providers to operate the Service. Each is bound by their own privacy policy and contractual obligations:

  • Anthropic — processes care plan generation requests via the Claude API. Anthropic does not retain or train on data sent through their API. See Anthropic Privacy Policy.
  • Stripe — handles all payment processing. We share your name, email, and plan with Stripe for billing. See Stripe Privacy Policy.
  • Resend — sends transactional emails (password reset, billing notifications). We share only your email address and the email content. See Resend Privacy Policy.
  • Neon — hosts our PostgreSQL database (account, session, billing reference data only). See Neon Privacy Policy.
  • Vercel — hosts the application and runs serverless functions. See Vercel Privacy Policy.

4. HIPAA and Patient Health Information

CarePlan Pro is a documentation drafting tool, not an electronic health record. By using the Service in compliance with these terms, you agree:

  • You are responsible for any patient health information you choose to enter as a clinical input. The Service does not retain this information after the response is returned.
  • You should follow your facility’s policies and HIPAA Minimum Necessary standards when deciding what to enter.
  • We do not currently sign Business Associate Agreements (BAAs). The Service is designed so that direct PHI inputs are not required to generate useful care plans (residents can be referenced by initials or room number).

5. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process payments and manage your subscription.
  • To send you transactional emails (password reset, billing notifications, account-related notices).
  • To enforce account security policies (single active session, 2-device limit, inactivity timeout).
  • To respond to your support inquiries.

6. Data Retention

Account information is retained for the duration of your subscription and for a reasonable period afterward to comply with legal and accounting obligations. You may request deletion of your account at any time by contacting us.

7. Your Rights

You may at any time:

  • Access and update your account information from your account settings.
  • Cancel your subscription from your account settings.
  • Request deletion of your account by contacting us at the email below.

8. Cookies

The Service uses a single HTTP-only session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children

The Service is not intended for use by anyone under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the email associated with your account.

11. Contact

Questions about this Privacy Policy? Contact zach@careplanpro.care.

Note: This document was drafted as a starting point and should be reviewed by an attorney before use in production with paying customers.