Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes how CarePlan Pro (“we,” “us,” “our”) collects, uses, and protects information when you use the Service.

1. What We Collect

We collect the following categories of information:

• Account information: your name, email address, and (if applicable) facility name, which you provide at signup.
• Authentication and session information: your password (stored only as a one-way bcrypt hash, never in plain text), session tokens, and basic device fingerprints (browser and operating system, used to enforce the 2-device limit).
• Billing information: your payment method is collected and stored by our payment processor, Stripe. We never see or store your full card number.
• Care plan inputs (de-identified): the clinical context you enter — diagnoses, GG functional scores, medications, free-text clinical notes — is sent to the Anthropic API for processing. Resident identifiers (the last name field, any honorific the system would otherwise compose) are stripped from the request and replaced with a generic placeholder “[RESIDENT]” before transmission; they are handled entirely in your browser and never reach our servers. Free-text fields are additionally scrubbed for the resident’s name as a defensive measure before any request is sent. Care plan inputs are not stored in our database after the response is returned.
• Usage metadata: timestamps, the workflow you selected (New Admission, Quarterly Review, or Add/Update), and the character length of your inputs and outputs. We use this to monitor service health and decide which features to build. The clinical content you enter is never logged.

2. What We Do NOT Collect

• We do not receive or transmit resident identifiers. The resident’s last name — and any other identifier listed in HIPAA’s Safe Harbor de-identification standard at 45 CFR §164.514(b)(2) — is captured in your browser only and is substituted with a generic placeholder before any request leaves your device.
• We do not collect or store patient health information (PHI) in our database.
• We do not retain the de-identified clinical context you enter after the API response is returned to you.
• We do not sell, rent, or share your data with marketers or advertisers.
• We do not track your activity outside the Service.

3. Third-Party Service Providers

We use the following service providers to operate the Service. Each is bound by their own privacy policy and contractual obligations:

• Anthropic — processes care plan generation requests via the Claude API. Anthropic does not retain or train on data sent through their API. See Anthropic Privacy Policy.
• Stripe — handles all payment processing. We share your name, email, and plan with Stripe for billing. See Stripe Privacy Policy.
• Resend — sends transactional emails (password reset, billing notifications). We share only your email address and the email content. See Resend Privacy Policy.
• Neon — hosts our PostgreSQL database (account, session, billing reference data only). See Neon Privacy Policy.
• Vercel — hosts the application and runs serverless functions. See Vercel Privacy Policy.

4. HIPAA and Patient Health Information

CarePlan Pro is a documentation drafting tool, not an electronic health record. The Service is architected so that no individually identifying information ever reaches our servers or the AI API:

• No identifiers transmitted. The resident’s last name is captured in your browser only and substituted with a generic placeholder (“[RESIDENT]”) before any request is sent. The clinical context that is transmitted (diagnoses, GG functional scores, medications, free-text clinical notes scrubbed for the resident’s name) is not individually identifying under HIPAA’s Safe Harbor de-identification standard at 45 CFR §164.514(b)(2).
• Verifiable from your browser. Open your browser’s developer tools (F12 in Chrome, Edge, or Firefox), select the Network tab, generate a care plan, and inspect any request to /api/generate. You will see the placeholder “[RESIDENT]” everywhere the name would otherwise appear. The architecture is observable in real time, not just claimed.
• Operates outside HIPAA’s Business Associate scope by design. Because no PHI is received or transmitted, the Service does not function as a Business Associate under HIPAA. Standard accounts do not include a Business Associate Agreement (BAA). For enterprise customers whose compliance teams require contractual coverage as a procurement requirement, please contact us — we can discuss a BAA arrangement.
• Your responsibilities remain. You should continue to follow your facility’s policies and HIPAA Minimum Necessary standards when entering clinical context. Do not paste documents that contain identifiers other than the resident’s last name (such as a face sheet with date of birth, medical record number, or full name).

5. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process payments and manage your subscription.
• To send you transactional emails (password reset, billing notifications, account-related notices).
• To enforce account security policies (single active session, 2-device limit, inactivity timeout).
• To respond to your support inquiries.

6. Data Retention

Account information is retained for the duration of your subscription and for a reasonable period afterward to comply with legal and accounting obligations. You may request deletion of your account at any time by contacting us.

7. Your Rights

You may at any time:

• Access and update your account information from your account settings.
• Cancel your subscription from your account settings.
• Request deletion of your account by contacting us at the email below.

8. Cookies

The Service uses a single HTTP-only session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children

The Service is not intended for use by anyone under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the email associated with your account.

11. Contact

Questions about this Privacy Policy? Contact zach@careplanpro.care.