Privacy Policy

Last updated: June 9, 2026

CareAria is a patient-led personal health journal. We do not sell your personal information. This policy describes what we collect and how we use it.

1. Information we collect

Account information: name, email, and profile photo from your sign-in provider (Google).
Health journal data you enter: medications, appointments, allergies, providers, visit notes, documents, and family sharing settings.
Usage data: basic analytics events (feature usage) and error reports to improve reliability.
Payment data: processed by Stripe; we store subscription status and customer identifiers, not full card numbers.

2. How we use information

We use your information to operate CareAria: authenticate you, store your journal, send reminders and invitations, process subscriptions, and improve the product. AI features send visit notes and audio you submit to Google Gemini to generate structured summaries.

3. Service providers

We use trusted processors to run CareAria, including:

Supabase — authentication, database, and file storage
Google Gemini — AI transcription and visit summary generation
Stripe — subscription billing
Resend — transactional email
Twilio — optional SMS reminders (with your consent)
Google Places — provider and pharmacy search
Sentry — error monitoring (with health-field scrubbing on the server)
Vercel — application hosting

4. Sharing

You control caregiver access to patient profiles. We do not sell personal information. We may disclose data if required by law or to protect rights, safety, and security.

5. Data retention and deletion

We retain your data while your account is active. You may request account deletion by contacting support. Backups may persist for a limited period after deletion.

6. Security

We use industry-standard measures including encrypted transport (HTTPS), authenticated API access, and role-based sharing controls. No online service can guarantee absolute security.

7. Your choices

You can update profile information, manage caregiver access, opt in or out of SMS reminders, and review AI-generated content before sharing it with family members.

8. Children

CareAria is intended for adults managing their own care or family care. Accounts must be created by an adult responsible for the patient profile.

9. International users

Data may be processed in the United States where our service providers operate.

10. Changes

We may update this policy. The "Last updated" date reflects the current version.

11. Contact

Privacy questions: support@carearia.com