Privacy Policy

We collect information you provide directly when you create an account, request a demo, or contact us. This includes your name, email address, phone number, agency name, and role.

When you use the CareLX platform, we collect usage data including login times, features accessed, and actions taken within the application. This data helps us improve the platform and provide support.

For agencies using our home health management software, CareLX processes Protected Health Information (PHI) on behalf of the agency as a Business Associate under HIPAA. PHI is governed by a separate Business Associate Agreement (BAA) and is subject to additional protections.

We automatically collect certain technical information including IP address, browser type, device type, and operating system through standard web server logs and analytics.

We use the information we collect to provide, maintain, and improve the CareLX platform, including caregiver scheduling, billing, compliance tracking, and all other agency management features.

Your contact information is used to communicate with you about your account, provide customer support, send product updates, and deliver relevant information about CareLX features and services.

We use aggregated, de-identified data to analyze platform performance, identify trends, and improve our home health agency management software. This data cannot be used to identify any individual.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

CareLX employs industry-leading security measures to protect your data. All data at rest is encrypted using AES-256-GCM encryption, the same standard used by financial institutions and government agencies.

All data in transit is protected with TLS 1.2+ encryption. Our infrastructure is hosted on Microsoft Azure with SOC 2 Type II certified data centers.

We implement role-based access controls (RBAC) to ensure that users can only access information relevant to their role. All access to Protected Health Information is logged and auditable.

Our multi-tenant architecture uses per-tenant database isolation, meaning each agency's data is stored in a completely separate database — never commingled with other agencies' data.

CareLX is designed to be fully HIPAA-compliant. We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule.

We enter into a Business Associate Agreement (BAA) with every agency that uses our platform to process Protected Health Information. The BAA establishes our obligations for protecting PHI.

All PHI is encrypted at rest and in transit. Access to PHI is restricted to authorized personnel and logged through our audit trail system. We conduct regular security assessments and maintain incident response procedures.

For more details about our HIPAA compliance program, please see our dedicated HIPAA Compliance page.

We retain your account information for as long as your account is active or as needed to provide you services. If you cancel your account, we will retain your data for a reasonable period to comply with legal obligations and resolve disputes.

For agencies subject to healthcare record retention requirements, CareLX retains PHI in accordance with applicable federal and state regulations, which generally require a minimum of 6-10 years depending on the record type and jurisdiction.

Audit logs and compliance records are retained for a minimum of 7 years to support regulatory requirements and Joint Commission accreditation.

You have the right to access, update, or delete your personal information at any time through your account settings or by contacting us at privacy@carelx.com.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what information we collect, the right to delete your information, and the right to opt out of the sale of personal information (note: we do not sell personal information).

For PHI managed on behalf of your home health agency, data access and deletion requests should be directed to your agency in accordance with HIPAA regulations. Your agency controls the use and disclosure of PHI.

We use essential cookies to maintain your session, remember your preferences, and keep you logged in. These cookies are necessary for the platform to function properly.

We use analytics cookies to understand how users interact with CareLX so we can improve the experience. You can opt out of analytics cookies through your browser settings.

We do not use advertising or tracking cookies. We do not share your browsing data with advertising networks.

If you opt in to receive text messages from CareLX (on behalf of your home care agency), we collect and store your mobile phone number, the date and time you consented, and a record of the consent language you agreed to. This consent record is kept as proof of opt-in and to honor your messaging preferences.

No mobile information — including phone numbers and SMS opt-in or consent data — will be shared with or sold to third parties, affiliates, or lead generators for marketing or promotional purposes. Mobile information is used solely to deliver the operational and customer-service messages you have opted in to receive (such as shift updates, schedule changes, visit reminders, and account notifications).

Message frequency varies based on your activity. Message and data rates may apply, charged by your mobile carrier. You can opt out of SMS at any time by replying STOP to any message or by turning off text messaging in your account settings; reply HELP for assistance. See our SMS Terms for full details.

CareLX uses select third-party services to provide our platform, including Microsoft Azure for cloud hosting, and secure email delivery services for notifications and communications.

All third-party service providers are vetted for security and compliance. Where they process PHI, they are bound by Business Associate Agreements and subject to HIPAA requirements.

We do not share your data with third parties except as necessary to provide the CareLX platform, comply with legal obligations, or protect our rights.

We may update this privacy policy from time to time. When we make material changes, we will notify you by email or through a notice on our website prior to the change becoming effective.

Your continued use of CareLX after any changes to this policy constitutes your acceptance of the updated terms.

If you have questions about this privacy policy or our data practices, please contact us:

Email: privacy@carelx.com

CareLX by Loffa Interactive Group