Legal

Privacy Policy

Last updated: February 3, 2026

Effective Date: January 28, 2026

1. Introduction and Scope

AveeCare LLC ("AveeCare," "Company," "we," "us," or "our") is committed to protecting the privacy and security of all information we collect and process. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you use our home care, home healthcare, hospice, and disability care management platform and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including but not limited to:

  • Home care agency administrators and staff
  • Healthcare providers and caregivers
  • Patients and their authorized representatives
  • Family members with authorized access
  • Visitors to our website at aveecare.com

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our privacy practices, please do not use our Services.

2. Notice of Privacy Practices (HIPAA)

HIPAA Notice of Privacy Practices

As required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), we provide a formal Notice of Privacy Practices that describes how we may use and disclose your Protected Health Information (PHI) and explains your rights regarding that information.

This Notice applies to all health information we maintain in our role as a Business Associate to Healthcare Providers (Covered Entities) who use our platform. By using our Services, you acknowledge receipt of this Notice.

What's Included in the Notice:

  • Your Rights: Right to access, amend, and receive an accounting of disclosures of your health information
  • Permitted Uses & Disclosures: How we may use your PHI for treatment, payment, and healthcare operations
  • Required Authorizations: When we need your written permission before sharing your information
  • Our Responsibilities: Our legal duties to protect your privacy and notify you of breaches
  • Safeguards: Technical, administrative, and physical protections we implement
  • Complaint Process: How to file a complaint if you believe your privacy rights have been violated
View Notice of Privacy Practices (PDF)

Opens in a new tab • Last updated: January 31, 2026

Important: This Notice of Privacy Practices is provided by AveeCare, LLC in our capacity as a Business Associate. Your Healthcare Provider (the home health agency, hospice, or care organization that provides your care) is the Covered Entity responsible for your care and has their own Notice of Privacy Practices. If you have questions about how your Healthcare Provider uses your information, please contact them directly.

3. Information We Collect

3.1 Personal Information

We collect personal information that you voluntarily provide to us, including but not limited to:

  • Identity Information: Full legal name, date of birth, Social Security Number (SSN), government-issued identification numbers, photographs, and profile pictures
  • Contact Information: Email addresses, phone numbers (home, work, mobile), mailing addresses, and emergency contact information
  • Account Credentials: Usernames, passwords, security questions and answers, multi-factor authentication settings
  • Employment Information: For caregivers—employer details, job titles, certifications, licenses, background check information, training records, and work schedules
  • Financial Information: Payment card details, bank account information, billing addresses, and transaction history
  • Insurance Information: Insurance policy numbers, group numbers, insurance card images, coverage details, and claims information

3.2 Protected Health Information (PHI)

As a platform serving home care, healthcare, hospice, and disability care agencies, we process Protected Health Information as defined under the Health Insurance Portability and Accountability Act (HIPAA). PHI we may collect, store, and process includes:

  • Medical Records: Diagnoses, treatment plans, care plans, physician orders, and medical history
  • Medication Information: Current medications, dosages, administration schedules, allergies, adverse reactions, and prescription details
  • Clinical Notes: Visit notes, incident reports, progress notes, and care documentation
  • Vital Signs and Health Metrics: Blood pressure, heart rate, weight, glucose levels, and other health measurements
  • Assessment Data: Activities of Daily Living (ADL) assessments, cognitive assessments, and functional status evaluations
  • Photographs and Images: Wound photos, ID card images, insurance card images, and clinical documentation images
  • Care Goals: Patient-specific care objectives, interventions, and outcome measurements
  • Intake Forms: Patient intake questionnaires, medical history forms, and consent documentation
  • Disclosure Records: HIPAA authorizations, consent forms, and disclosure tracking

3.3 Visit Verification and Location Data

Our platform collects location and visit verification data to support care documentation:

  • Location Data: GPS coordinates at visit clock-in and clock-out times
  • Time Stamps: Precise date and time of service delivery
  • Service Verification: Type of service provided, caregiver identity, and patient identity
  • Visit Documentation: Tasks completed, observations, and service notes
  • Mileage Data: Travel distance tracking for caregiver visits

3.4 Automatically Collected Information

When you use our Services, we automatically collect:

  • Device Information: Device type, operating system, unique device identifiers, browser type and version, and mobile network information
  • Usage Data: Pages viewed, features accessed, actions taken, time spent on pages, click patterns, and navigation paths
  • Log Data: IP addresses, access times, referring URLs, error logs, and system activity
  • Cookies and Similar Technologies: Session cookies, persistent cookies, pixels, and local storage data (see our Cookie Policy)

3.5 AI and Machine Learning Data

Our platform incorporates artificial intelligence features. When you use AI-powered features, we may collect and process:

  • AI Interaction Data: Queries submitted to our AI assistant ("Avee"), natural language inputs, and conversation history
  • AI-Generated Content: Reports, forms, schedules, and recommendations generated by our AI systems
  • OCR Data: Documents scanned and processed through our optical character recognition features
  • Analytics Data: Patterns and insights derived from aggregated, de-identified data to improve AI functionality

Important Notice Regarding AI Features: Our AI features may have access to Protected Health Information to provide functionality such as generating reports, answering queries about patient data, and creating care documentation. All AI processing of PHI is conducted in compliance with HIPAA requirements and our Business Associate Agreement obligations. AI-generated content should always be reviewed by qualified personnel before being used for clinical decision-making.

3.6 Customer Responsibility for AI Data Submissions

CRITICAL NOTICE - YOUR RESPONSIBILITY FOR AI DATA:

When you or your users submit information to our AI features (including queries to "Avee," documents for OCR processing, or any other AI-powered functionality), YOU are initiating and facilitating the transfer of that information to AI processing systems. AveeCare processes this information as directed by you, but you bear sole responsibility for:

  • Determining what information is appropriate to submit to AI features
  • Ensuring your users understand the implications of submitting Protected Health Information or other sensitive data to AI systems
  • Obtaining any necessary consents or authorizations for AI processing of personal information
  • Training your users on appropriate AI usage within your organization
  • Implementing policies and controls to prevent inappropriate submissions to AI features

You acknowledge that by using AI features with Protected Health Information, personally identifiable information, or other confidential data, you are making a deliberate choice to process such information through AI systems. This choice, and any consequences arising from it, are your responsibility, not AveeCare's.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

  • Providing, maintaining, and improving our home care management platform
  • Processing scheduling, visit documentation, and care coordination
  • Enabling visit verification and documentation
  • Facilitating communication between caregivers, patients, and agency staff
  • Generating reports, analytics, and business intelligence
  • Powering AI-assisted features including natural language queries, form generation, and smart scheduling

4.2 Account Administration

  • Creating and managing user accounts
  • Processing subscription payments and billing
  • Providing customer support and responding to inquiries
  • Sending transactional and administrative communications about your account, including visit notifications, billing alerts, security notices, and service updates (these communications are essential to the Services and cannot be opted out of while your account is active)

4.3 Compliance and Legal Obligations

  • Complying with HIPAA and state healthcare regulations applicable to AveeCare
  • Maintaining audit trails and compliance documentation
  • Responding to legal requests and law enforcement requirements

Note: While we collect and store location and visit data, customers are solely responsible for their own regulatory compliance, including any Electronic Visit Verification (EVV) requirements, state Medicaid agency obligations, or other regulatory requirements applicable to their business.

4.4 Security and Fraud Prevention

  • Detecting, investigating, and preventing fraudulent or unauthorized activity
  • Monitoring for security threats and vulnerabilities
  • Enforcing our Terms of Service and acceptable use policies

4.5 Service Improvement and Analytics

  • Analyzing usage patterns to improve user experience and service quality
  • Developing new features, products, and functionality
  • Training and improving our AI models using de-identified, aggregated data
  • Conducting internal research, analytics, and statistical analysis
  • Benchmarking and comparing usage across customers (in aggregated, de-identified form)
  • Creating industry reports and insights (using de-identified, aggregated data only)
  • Testing and quality assurance
  • Troubleshooting and debugging

4.6 Analytics, Tracking, and Monitoring

YOUR CONSENT TO DATA COLLECTION:

By using our Services, you expressly consent to our collection, use, and analysis of your usage data, behavior patterns, and interaction data as described in this section. This consent is a material condition of your use of the Services.

We collect and analyze comprehensive data about your use of our Services, including but not limited to:

  • Usage Analytics: Pages viewed, features used, actions taken, time spent on pages, click patterns, navigation paths, and interaction sequences
  • Performance Metrics: Load times, error rates, system performance, and technical diagnostics
  • Behavioral Data: How you use features, workflow patterns, frequency of use, and feature adoption
  • Session Data: Session duration, login frequency, active hours, and engagement metrics
  • Device and Technical Data: Browser type, operating system, screen resolution, device type, and network information
  • Geographic Data: General location based on IP address (country, region, city)
  • Interaction Data: Clicks, scrolls, mouse movements, touch interactions, and form interactions
  • Error and Crash Data: Error logs, crash reports, and debugging information
  • Integration Data: How you use our APIs and integrations
  • Support Interactions: Communications with our support team and in-app feedback

This data helps us understand how our Services are used, identify areas for improvement, detect and prevent issues, and provide better support. We may use third-party analytics services (such as Google Analytics) to collect and analyze this data. You may opt out of certain analytics as described in our Cookie Policy.

4.7 Marketing and Communications

  • Sending promotional materials, newsletters, and product updates (with your consent where required)
  • Personalizing marketing communications based on your usage patterns
  • Measuring the effectiveness of our marketing campaigns
  • Conducting surveys and gathering feedback

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 With Your Authorization

We share PHI and personal information when you or your authorized representative provides explicit consent or authorization as required under HIPAA.

5.2 With Our Customers (Your Employer/Agency)

If you are a caregiver or staff member, your employer (the home care agency) has access to information related to your work activities, schedules, visit documentation, and performance within our platform.

5.3 Service Providers and Subcontractors

We share information with third-party service providers who assist us in operating our Services, including:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
  • Payment Processing: Stripe and other payment processors for subscription billing and financial transactions
  • Healthcare Clearinghouses: Optum and other clearinghouse providers for insurance claims processing, eligibility verification, and electronic data interchange (EDI) transactions
  • Communication Services: Email, SMS, and push notification providers
  • Analytics Services: Tools for understanding service usage and performance

All service providers who process PHI are bound by Business Associate Agreements and are required to maintain HIPAA compliance.

5.4 Regulatory and Government Authorities

We may disclose information to:

  • State agencies when required by law or at customer direction
  • Healthcare regulatory bodies as required by law
  • Law enforcement when required by valid legal process
  • Government agencies for public health activities

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

5.6 Aggregated and De-Identified Data

We may create, use, and share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you or any individual for any purpose, including but not limited to:

  • Research, analytics, and statistical analysis
  • Industry benchmarking and reports
  • Marketing and promotional materials
  • Training AI and machine learning models
  • Improving our products and services
  • Academic and scientific research
  • Public reports and publications
  • Third-party partnerships and collaborations

You acknowledge and agree that aggregated, de-identified data is not subject to the same restrictions as personal data, and we may use and share such data without limitation. De-identification is performed in accordance with HIPAA Safe Harbor or Expert Determination methods where applicable.

5.7 Unrestricted Use of De-Identified Data

Once data has been properly de-identified in accordance with applicable standards, it is no longer personal data or PHI, and we may use and disclose it for any lawful purpose without restriction and without further notice or compensation to you. This includes creating commercial products, services, or insights derived from such de-identified data.

6. Data Security

We implement comprehensive technical, administrative, and physical safeguards to protect your information:

6.1 Technical Safeguards

  • Encryption: AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
  • Access Controls: Role-based access controls (RBAC) limiting data access to authorized personnel
  • Authentication: Multi-factor authentication (MFA) support for enhanced account security
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection
  • Vulnerability Management: Regular security assessments and penetration testing
  • Audit Logging: Comprehensive logging of all system access and data modifications

6.2 Administrative Safeguards

  • Written security policies and procedures
  • Employee training on privacy and security practices
  • Background checks for personnel with access to PHI
  • Incident response and breach notification procedures
  • Regular risk assessments and security audits

6.3 Physical Safeguards

  • AWS data centers with SOC 2 Type II certification
  • Physical access controls and environmental protections
  • Automatic encrypted backups with secure offsite storage

Security Commitment: While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry-standard practices. For more details on our security practices, please see our HIPAA Compliance page.

7. Data Retention

We retain your information according to the following guidelines:

  • Account Information: Retained for the duration of your account plus 7 years after account closure
  • Protected Health Information: Retained according to HIPAA requirements and applicable state law (minimum 6 years from date of creation or last effective date)
  • Visit Records: Retained for 6 years or as required by applicable law
  • Financial Records: Retained for 7 years as required by tax and accounting regulations
  • System Logs: Retained for 1-3 years depending on log type
  • Backup Data: Retained according to our backup retention schedule, typically 90 days for operational backups

Upon termination of service, customers may request data export in standard formats. After the retention period, data is securely deleted or de-identified.

8. Your Rights

8.1 HIPAA Rights (For PHI)

Under HIPAA, individuals have the right to:

  • Access: Obtain copies of your Protected Health Information
  • Amendment: Request corrections to inaccurate PHI
  • Accounting of Disclosures: Receive a list of certain disclosures of your PHI
  • Restrictions: Request restrictions on certain uses and disclosures
  • Confidential Communications: Request alternative means of communication
  • Complaints: File complaints with us or the HHS Office for Civil Rights

Note: For PHI maintained by AveeCare on behalf of a covered entity (your healthcare provider or agency), requests should be directed to that covered entity.

8.2 General Privacy Rights

Depending on your jurisdiction, you may have additional rights including:

  • Right to Know: Information about what personal data we collect and how it is used
  • Right to Delete: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Portability: Receive your data in a portable format
  • Right to Opt-Out: Opt out of certain data processing activities including marketing communications
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@aveecare.com. We will respond to requests within the timeframes required by applicable law.

8.3 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (such as data necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. AveeCare does not sell personal information as defined under CCPA. We do not share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide the Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information as defined by CCPA:

  • Identifiers: Name, email address, phone number, IP address, account username
  • Personal Information under Cal. Civ. Code 1798.80: Name, address, telephone number, employment information, financial information
  • Protected Classification Characteristics: Age, gender (only if voluntarily provided)
  • Commercial Information: Records of services purchased, subscription history
  • Internet/Network Activity: Browsing history within our Services, interaction with our platform
  • Geolocation Data: Location data from GPS-enabled visit verification features
  • Professional/Employment Information: Job title, employer, certifications (for caregiver users)
  • Sensitive Personal Information: Health information (PHI), Social Security Number (only when required for billing/compliance), precise geolocation

How to Exercise Your California Rights

To exercise your California privacy rights, you may:

  • Email us at privacy@aveecare.com with the subject line "California Privacy Request"
  • Call us at our support number and request to exercise your California privacy rights

We will verify your identity before processing your request. For requests made by an authorized agent, we may require proof of authorization and may still verify your identity directly.

We will respond to verifiable requests within 45 days (or up to 90 days with notice if reasonably necessary). If we cannot verify your identity, we may deny the request. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded.

Note for B2B Users: If you are an employee, contractor, or agent of a business customer (home care agency), certain CCPA exemptions may apply to information collected in the employment or B2B context. However, we honor privacy requests from all California residents to the extent required by law.

9. Children's Privacy and COPPA Compliance

Our Services are not directed to children under 13 years of age and are intended for use by adults in a professional healthcare context. We do not knowingly collect personal information directly from children under 13.

9.1 Minor Patients in Healthcare Context

Our Services may be used by home care agencies to maintain healthcare records for minor patients, including children under 13. In such cases:

  • AveeCare acts as a service provider/business associate processing data on behalf of the healthcare agency (Covered Entity)
  • The healthcare agency, not AveeCare, is responsible for obtaining any required parental consents or authorizations
  • Such records are maintained in accordance with HIPAA requirements, which generally preempt COPPA for healthcare records
  • Customers are solely responsible for determining whether COPPA applies to their specific use case and for compliance with COPPA if applicable

9.2 Customer Obligations for Minor Data

CUSTOMER RESPONSIBILITY FOR CHILDREN'S DATA:

If you use our Services to process personal information of children under 13 in contexts where COPPA may apply (e.g., non-healthcare services, marketing, or activities outside the treatment relationship), YOU are solely responsible for:

  • Determining whether COPPA applies to your specific activities
  • Obtaining verifiable parental consent before collecting personal information from children under 13
  • Complying with all COPPA requirements including parental notice, consent, access, and deletion rights
  • Ensuring your privacy notices adequately disclose your collection and use of children's data

AveeCare does not provide COPPA compliance tools or verification mechanisms. If we become aware that personal information has been collected from a child under 13 without proper consent outside of a HIPAA-covered healthcare relationship, we will take steps to delete that information promptly.

10. International Data Transfers

AveeCare operates primarily in the United States and stores all data within the United States on AWS infrastructure. If you access our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where our servers are located. By using our Services, you consent to this transfer.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Your Consent and Acknowledgment

By accessing or using our Services, you expressly consent to and acknowledge the following:

  • Collection Consent: You consent to the collection of all categories of information described in this Privacy Policy
  • Use Consent: You consent to all uses of your information as described in this Privacy Policy, including analytics, tracking, and service improvement
  • Sharing Consent: You consent to the sharing of your information with third parties as described in this Privacy Policy
  • Analytics Consent: You consent to our use of analytics tools, tracking technologies, and monitoring of your usage patterns
  • AI Training Consent: You consent to the use of de-identified, aggregated data to train and improve our AI systems
  • De-Identification Consent: You consent to the de-identification and aggregation of your data for unrestricted use
  • Transactional Communications Consent: You consent to receiving transactional and administrative communications essential to the Services (including visit notifications, billing alerts, and security notices), which cannot be opted out of while your account is active
  • Marketing Consent: You consent to receiving marketing communications (you may opt out at any time)
  • Policy Changes: You consent to future changes to this Privacy Policy as described herein, with your continued use constituting acceptance

If you do not consent to these practices, you must not use our Services. Your continued use of the Services after being notified of any changes to this Privacy Policy constitutes your consent to those changes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a new "Last Updated" date, and for significant changes, we will provide additional notice via email or through our platform. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

AveeCare LLC

Privacy Officer

Phoenix, Arizona, United States

Email: privacy@aveecare.com

For general inquiries: hi@aveecare.com

If you believe your privacy rights have been violated, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

15. Related Documents

Please also review our other legal documents: