Cariloop Privacy Policy

Last modified: December 2024

1. Introduction

Cariloop, Inc. (“Cariloop,” “us,” or “we”) respects your privacy and is committed to protecting it through our compliance with this notice.

This Privacy Notice applies to information we collect when you: 

• Visit our website (www.cariloop.com); 
• Use the Cariloop Caregiver Support Platform® (“the Platform”) which connects members to a care coach who can walk them through their caregiver journey as well as provide digital tools to help them plan and manage their care; 
• Download and use our mobile application (Cariloop); on our Platform (whether it is the web application or the mobile application); 

It does not apply to information collected by:

• us offline or through any other means, including on any other website operated by Cariloop or any third party; or 
• any third party, including through any application or content (including advertising) which may link to or be accessible from or on the Platform.

Our use of your Personal Data (see definition below) may be further limited by a HIPAA Business Associate Agreement entered between us and your employer when your employer provides access to our Platform and our services as part of your benefits. If anything in this Privacy Notice conflicts with HIPAA or a HIPAA Business Associate Agreement, we will comply with the terms of HIPAA and/or the HIPAA Business Associate Agreement where applicable.

Questions or Concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our services. If you have any questions or concerns, please contact us through the Contact Information listed below.

2. Children Under the Age of 18

You may use our Platform to help you in the care of your loved one of any age. However, our Platform is not intended for use by individuals under 18 years of age. No one under age 18 may directly provide any information to the Platform without verification of parental or guardian consent. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use or provide any information on our Platform or on or through any of its features, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete the respective information. If you believe we might have any information from a child under 18, please contact through the Contact Information provided below. 

3. Information We Collect About You and How We Collect Iti

General

We collect information from and about users of our Platform (“Personal Data”):

• by which you may be personally identified, such as name, postal address, e-mail address, and telephone number;
• about you but individually does not identify you, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Platform, error information, clickstream data, and other communication data and the resources you access and use on the Platform; and/or
• about your internet connection, the equipment you use to access our Platform and usage details, IP addresses, operating system, and browser type.

We collect this information:

• directly from you when you provide it to us;
• automatically as you navigate through the Platform, for example, information collected through cookies or other tracking technologies

Zoom Meetings

• your contact information and any information provided if you participate in a Zoom meeting with us 

Information You Provide to Us

We collect Personal Data that you voluntarily provide to us when you register for an account on the Platform, when you participate in activities on the Platform, or otherwise when you contact us. 

The Personal Data we collect depends on the context of your interactions with Cariloop and the features and products you use on the Platform. The Personal Data we may collect may include the following: 

• Name
• Contact information
• Passwords
• Contact preferences
• Case information you provide to your coach

When necessary, with your consent or as otherwise permitted by law, we process the following categories of sensitive information: 

• Health data 
• Data about a person’s sexual orientation
• Student information
• Information revealing trade union membership
• Information revealing religious, race or ethnic backgrounds

We may collect Personal Data necessary to process your payment if you choose to make purchases, such as your payment instrument number. All payment data is handled and stored by Stripe. You may find their privacy notice linked here. 

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns as described above. 

Like many businesses, we also collect information through cookies and similar technologies. You may learn more about our cookie collection practices in our Cookie Consent policy. https://cariloop.com/cookie-consent-policy 

The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service by enabling us to:

• estimate our audience size and usage patterns;
• maintain the security and operation of our Platform; 
• speed up your searches; and
• recognize you when you return to our Platform.

4. What Legal Bases Do We Rely On to Process Your Information?

We may rely on the following legal bases to process your Personal Data:

Consent: We may process your Personal Data if you have given us permission (i.e., consent) to use your Personal Data for a specific purpose. You can withdraw your consent at any time by emailing privacy@cariloop.com. 

Performance of a Contract: We may process your Personal Data when we believe it necessary to fulfill our contractual obligations to you, including providing our services to you. 

Legal Obligations: We may process your Personal Data where we believe it necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests: We may process your Personal Data where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. 

5. How We Use Your Information

We use information we collect about you or you provide to us, including any Personal Data:

• to present our Platform and their contents to you;
• to provide you with information, products, or services you request from us;
• to inform your Care Coach of new information;
• to use for internal research or statistical analysis (in this situation we would sanitize and de-identify any information relating to you in accordance with HIPAA Security Rule regulations);
• to use for sample cases for internal or external use (in this situation we would sanitize and de-identify any information relating to you in accordance with HIPAA Security Rule regulations)
• to fulfill any other purpose for which you provide it;
• to provide you with notices about your account, including expiration and renewal notices;
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
• to notify you about changes to our Platform or any products or services we offer or provide though them;
• to allow you to participate in interactive features on our Platform;
• in any other way we may describe when you provide the information;
• to provide to a third-party if your employer sponsored plan has an incentive program; and
• for any other purpose with your consent.

6. When Do We Share Your Information? 

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice, including to your employer or the health plan sponsored by your employer. However, we may disclose aggregated information about our users and information which does not identify any individual, without restriction, in accordance with the Service Agreement signed by your employer. This may include incentive programs which your employer or your Plan utilize.

We may disclose Personal Data we collect or you provide as described in this Privacy Notice:

• to service providers who perform services for us (for example, providing marketing assistance). They have access to Personal Data as needed to perform their functions, but may not disclose the Personal Data for other purposes;
• to your Care Coach and potentially other Care Coaches to provide the best member experience;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding;
• to fulfill the purpose for which you provide it;
• for research and development purposes, including to analyze and improve our Services and business to develop new products and services;
• for any other purpose disclosed by us when you provide the Personal Data; and
• with your consent.

We may also disclose your Personal Data:

• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to enforce or apply our Terms of Service;
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Cariloop, Inc., our customers, or others. This includes exchanging information with other companies and organizations such as law enforcement or other regulatory authorities. 
• We may share the fact you are utilizing Cariloop services to your program sponsor by disclosing name, ID, email, or the number of cases opened. We will not disclose the details about your case other than duration unless you consent or authorize Cariloop to provide this information. 
• We may use or disclose information to allow your participation in additional third-party services for programs sponsored by your Program Sponsor. This information may be shared back with your employer. 
• We may provide information to an analytics processor in a group format to derive analytical information. These analytic processors do not have any right to use your information except to provide the aggregation and analysis services.
• Your program sponsor may have engaged our services through a distributor or aggregator service. If directed by the Program Sponsor, we may share limited amounts of Personal Data with these services related to your participation in utilizing Cariloop services. 
• We do not sell Personal Data to any third-parties.

7. Choices About How We Use and Disclose Your Information

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information as strictly confidential. 

8. Accessing and Correcting Your Information

You can review and update your Personal Data by logging into the Platform and visiting your account page. You may also contact us through the Contact Information below to request access to, correct or delete any Personal Data you have provided to us. If you are a resident of California, the European Economic Area, or the United Kingdom, please see information below regarding your rights.

9. Data Security

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We have our control environment and infrastructure tested by independent external firms to ensure we have best practices in place in compliance with various risk frameworks.

The safety and security of your information also depends on you. Where you require a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Platform. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform except where required by law.

10. Artificial Intelligence (AI)

Our Platform sometimes utilizes AI to provide a better experience to you. These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of AI within the Platform.  Please note AI is not used to collect your personal information and you do not enter any information into an AI tool to utilize our Platform. 

11. Retention and Deletion

We keep your Personal Data only as long as needed to fulfill the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements. When deciding how long to retain your data, we consider:

• The type and sensitivity of the data;
• The risk of harm from unauthorized use or disclosure;
• The purposes for which we process your data and if we can achieve them in other ways;
• Applicable legal and regulatory requirements;

In some cases, we may de-identify or anonymize your data in line with laws and industry standards. Once anonymized, it is no longer considered Personal Data and cannot be linked back to you.

12. International Transfers

If you are using our Platform from outside the United States, please be aware that Personal Data may be collected, stored, and processed in the United States and in other countries outside of your home country. Privacy laws in the locations where we handle your Personal Data may not be as protective as the privacy laws in your country. By providing your Personal Data, where applicable law permits, you specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein. 

13. What Are Your Privacy Rights? 

Depending on your state of residence in the United States, or in some regions such as a the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your Personal Data. 

These may include the following: 

• To request access to and obtain a copy of your Personal Data; 
• To request erasure; 
• To restrict the processing of your Personal Data; 
• To not be discriminated against for exercising your rights; 
• To data portability; and 
• Not to be subject to automated decision-making. 

In certain circumstances you may also have the right to object to the processing of your Personal Data. You can make such a request by contacting us through the Contact Information below. We will consider and act upon any request in accordance with applicable data protection laws. 

If you are located in the EEA or UK and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland you may contact the Federal Data Protection and Information Commissioner. 

If we are relying on your consent to process your Personal Data, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can make such a request by contacting us through the Contact Information below. Under certain United States data protection laws, you can designate an authorized agent to make a request on your behalf. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows it, will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent. 

California Residents

This section applies to our collection and use of “personal information” as defined under the California Consumer Privacy Act (“CCPA”). 

• We collect/have collected the following categories of personal information within the preceding twelve (12) months:
• Identifiers such as your name, email address, IP address, and online identifiers;
• Certain categories of personal information described in subdivision (e) of California Civil Code Section 1798.80;
• Internet or other electronic network activity information, including the device data and online activity data that we describe above in the section titled “Information We Collect About You and How We Collect It” 
• Inferences related to how you interact with us or purchase services from us;
• Commercial information, including records of products or services purchased or other purchasing histories; and
• Professional or employment-related information.

The categories of Personal Data collected, along with the sources of collection, are more fully described above in the section above titled “Information We Collect About You and How We Collect It” The business or commercial purposes for which we collect and share these categories of personal information are described in the section above titled “What Legal Bases Do We Rely On to Process Your Information?” 

To the extent that we may collect sensitive personal information (as defined under the CCPA), we only use or disclose it for purposes permitted under the CCPA (e.g., to provide the Site or Services, detect security incidents and prevent fraud, or to verify and maintain the quality of the Site or Services). We do not collect or use sensitive personal information for the purpose of inferring characteristics about California residents.

We share (and in the preceding 12 months may have shared) each of the categories of personal information listed above with our service providers and the other parties listed above in the section titled “When Do We Share Your Information?” 

14. Changes to Our Privacy Notice

We may change this Privacy Notice at any time. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Website home page. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Notice to check for any changes.

15. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact through the contact information below or through the “Contact Us” page on our Website. 

To Contact Cariloop, please email: 

privacy@cariloop.com