Privacy Policy

1. Introduction and Scope

AveeCare LLC ("AveeCare," "Company," "we," "us," or "our") is committed to protecting the privacy and security of all information we collect and process. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you use our home care, home healthcare, hospice, and disability care management platform and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including but not limited to:

• Home care agency administrators and staff
• Healthcare providers and caregivers
• Patients and their authorized representatives
• Family members with authorized access
• Visitors to our website at aveecare.com

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our privacy practices, please do not use our Services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us, including but not limited to:

• Identity Information: Full legal name, date of birth, Social Security Number (SSN), government-issued identification numbers, photographs, and profile pictures
• Contact Information: Email addresses, phone numbers (home, work, mobile), mailing addresses, and emergency contact information
• Account Credentials: Usernames, passwords, security questions and answers, multi-factor authentication settings
• Employment Information: For caregivers—employer details, job titles, certifications, licenses, background check information, training records, and work schedules
• Financial Information: Payment card details, bank account information, billing addresses, and transaction history
• Insurance Information: Insurance policy numbers, group numbers, insurance card images, coverage details, and claims information

2.2 Protected Health Information (PHI)

As a platform serving home care, healthcare, hospice, and disability care agencies, we process Protected Health Information as defined under the Health Insurance Portability and Accountability Act (HIPAA). PHI we may collect, store, and process includes:

• Medical Records: Diagnoses, treatment plans, care plans, physician orders, and medical history
• Medication Information: Current medications, dosages, administration schedules, allergies, adverse reactions, and prescription details
• Clinical Notes: Visit notes, incident reports, progress notes, and care documentation
• Vital Signs and Health Metrics: Blood pressure, heart rate, weight, glucose levels, and other health measurements
• Assessment Data: Activities of Daily Living (ADL) assessments, cognitive assessments, and functional status evaluations
• Photographs and Images: Wound photos, ID card images, insurance card images, and clinical documentation images
• Care Goals: Patient-specific care objectives, interventions, and outcome measurements
• Intake Forms: Patient intake questionnaires, medical history forms, and consent documentation
• Disclosure Records: HIPAA authorizations, consent forms, and disclosure tracking

2.3 Electronic Visit Verification (EVV) Data

To comply with the 21st Century Cures Act and Arizona Health Care Cost Containment System (AHCCCS) requirements, we collect EVV data including:

• Location Data: GPS coordinates at visit clock-in and clock-out times
• Time Stamps: Precise date and time of service delivery
• Service Verification: Type of service provided, caregiver identity, and patient identity
• Visit Documentation: Tasks completed, observations, and service notes
• Mileage Data: Travel distance tracking for caregiver visits

2.4 Automatically Collected Information

When you use our Services, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers, browser type and version, and mobile network information
• Usage Data: Pages viewed, features accessed, actions taken, time spent on pages, click patterns, and navigation paths
• Log Data: IP addresses, access times, referring URLs, error logs, and system activity
• Cookies and Similar Technologies: Session cookies, persistent cookies, pixels, and local storage data (see our Cookie Policy)

2.5 AI and Machine Learning Data

Our platform incorporates artificial intelligence features. When you use AI-powered features, we may collect and process:

• AI Interaction Data: Queries submitted to our AI assistant ("Avee"), natural language inputs, and conversation history
• AI-Generated Content: Reports, forms, schedules, and recommendations generated by our AI systems
• OCR Data: Documents scanned and processed through our optical character recognition features
• Analytics Data: Patterns and insights derived from aggregated, de-identified data to improve AI functionality

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Providing, maintaining, and improving our home care management platform
• Processing scheduling, visit documentation, and care coordination
• Enabling Electronic Visit Verification and compliance reporting
• Facilitating communication between caregivers, patients, and agency staff
• Generating reports, analytics, and business intelligence
• Powering AI-assisted features including natural language queries, form generation, and smart scheduling

3.2 Account Administration

• Creating and managing user accounts
• Processing subscription payments and billing
• Providing customer support and responding to inquiries
• Sending administrative communications about your account

3.3 Compliance and Legal Obligations

• Complying with HIPAA and state healthcare regulations
• Meeting EVV requirements under the 21st Century Cures Act
• Fulfilling Arizona AHCCCS reporting requirements
• Maintaining audit trails and compliance documentation
• Responding to legal requests and law enforcement requirements

3.4 Security and Fraud Prevention

• Detecting, investigating, and preventing fraudulent or unauthorized activity
• Monitoring for security threats and vulnerabilities
• Enforcing our Terms of Service and acceptable use policies

3.5 Service Improvement

• Analyzing usage patterns to improve user experience
• Developing new features and functionality
• Training and improving our AI models using de-identified, aggregated data
• Conducting research and analytics

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Your Authorization

We share PHI and personal information when you or your authorized representative provides explicit consent or authorization as required under HIPAA.

4.2 With Our Customers (Your Employer/Agency)

If you are a caregiver or staff member, your employer (the home care agency) has access to information related to your work activities, schedules, visit documentation, and performance within our platform.

4.3 Service Providers and Subcontractors

We share information with third-party service providers who assist us in operating our Services, including:

• Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
• Payment Processing: Third-party payment processors for subscription billing
• Communication Services: Email, SMS, and push notification providers
• Analytics Services: Tools for understanding service usage and performance

All service providers who process PHI are bound by Business Associate Agreements and are required to maintain HIPAA compliance.

4.4 Regulatory and Government Authorities

We may disclose information to:

• State Medicaid agencies (including Arizona AHCCCS) for EVV compliance
• Healthcare regulatory bodies as required by law
• Law enforcement when required by valid legal process
• Government agencies for public health activities

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

4.6 Aggregated and De-Identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you for research, analytics, and industry benchmarking purposes.

5. Data Security

We implement comprehensive technical, administrative, and physical safeguards to protect your information:

5.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
• Access Controls: Role-based access controls (RBAC) limiting data access to authorized personnel
• Authentication: Multi-factor authentication (MFA) support for enhanced account security
• Network Security: Firewalls, intrusion detection systems, and DDoS protection
• Vulnerability Management: Regular security assessments and penetration testing
• Audit Logging: Comprehensive logging of all system access and data modifications

5.2 Administrative Safeguards

• Written security policies and procedures
• Employee training on privacy and security practices
• Background checks for personnel with access to PHI
• Incident response and breach notification procedures
• Regular risk assessments and security audits

5.3 Physical Safeguards

• AWS data centers with SOC 2 Type II certification
• Physical access controls and environmental protections
• Automatic encrypted backups with secure offsite storage

6. Data Retention

We retain your information according to the following guidelines:

• Account Information: Retained for the duration of your account plus 7 years after account closure
• Protected Health Information: Retained according to HIPAA requirements and applicable state law (minimum 6 years from date of creation or last effective date)
• EVV Records: Retained for the period required by state Medicaid agencies (typically 6-10 years)
• Financial Records: Retained for 7 years as required by tax and accounting regulations
• System Logs: Retained for 1-3 years depending on log type
• Backup Data: Retained according to our backup retention schedule, typically 90 days for operational backups

Upon termination of service, customers may request data export in standard formats. After the retention period, data is securely deleted or de-identified.

7. Your Rights

7.1 HIPAA Rights (For PHI)

Under HIPAA, individuals have the right to:

• Access: Obtain copies of your Protected Health Information
• Amendment: Request corrections to inaccurate PHI
• Accounting of Disclosures: Receive a list of certain disclosures of your PHI
• Restrictions: Request restrictions on certain uses and disclosures
• Confidential Communications: Request alternative means of communication
• Complaints: File complaints with us or the HHS Office for Civil Rights

Note: For PHI maintained by AveeCare on behalf of a covered entity (your healthcare provider or agency), requests should be directed to that covered entity.

7.2 General Privacy Rights

Depending on your jurisdiction, you may have additional rights including:

• Right to Know: Information about what personal data we collect and how it is used
• Right to Delete: Request deletion of your personal information (subject to legal retention requirements)
• Right to Correct: Request correction of inaccurate personal information
• Right to Portability: Receive your data in a portable format
• Right to Opt-Out: Opt out of certain data processing activities including marketing communications
• Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@aveecare.com. We will respond to requests within the timeframes required by applicable law.

8. Children's Privacy

Our Services are not directed to children under 13 years of age and are intended for use by adults in a professional healthcare context. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. Note that our Services may be used to maintain healthcare records for minor patients; such records are maintained on behalf of healthcare providers and handled in accordance with HIPAA requirements.

9. International Data Transfers

AveeCare operates primarily in the United States and stores all data within the United States on AWS infrastructure. If you access our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where our servers are located. By using our Services, you consent to this transfer.

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a new "Last Updated" date, and for significant changes, we will provide additional notice via email or through our platform. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

If you believe your privacy rights have been violated, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

13. Related Documents

Please also review our other legal documents:

• Terms of Service
• Cookie Policy
• HIPAA Compliance
• Data Processing Agreement