Cariloop Privacy Policy
Last modified: October 16, 2026
1. Introduction
Cariloop, Inc. (“Cariloop,” “us,” or “we” or “our”) respects your privacy and is committed to protecting it through our compliance with this privacy notice (“Privacy Notice”). This Privacy Notice is subject to the terms of service available at https://cariloop.com/terms-of-service (“Terms of Service”) and the Terms of Service are made part of this Privacy Notice. All capitalized, but undefined terms in this Privacy Notice will have the same meaning as provided in the Terms of Service.
This Privacy Notice applies to personal information we collect when you:
- visit our website and its subpages and content at cariloop.com;
- use the Cariloop Caregiver Support Platform®, which connects you and your family to a care coach who can walk you through their caregiver journey as well as provide digital tools to help them plan and manage their care;
- download and use our mobile application (whether it is the web application or the mobile application); and
- participate in our Backup Care Program
It does not apply to information collected by:
- us offline or through any other means, including on any other website operated by Cariloop or any third party; or
- any third party, including through any application or content (including advertising) which may link to or be accessible from or on the Platform. We do not control the collection and use of your information collected by third parties.
This Privacy Notice does not govern any information we collect about you that is subject to the Health Insurance Portability and Accountability Act (HIPAA). In circumstances where HIPAA applies, your HIPAA Notice of Privacy Practices and not this Privacy Notice will apply.
Questions or Concerns?
Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Platform. If you have any questions or concerns, please contact us through the Contact Information listed below.
2. Children Under the Age of 18
You may use our Platform to help care for yourself or your dependents of any age. However, our Platform is not intended for use by individuals under 18 years of age. No one under age 18 may directly provide any information to the Platform without verification of parental or guardian consent. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on our Platform or on or through any of its features, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete the respective information. If you believe we might have any information from a child under 18, please contact through the Contact Information provided below.
3. Personal Information We Collect About You and How We Collect It
Our Platform collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records;
- Deidentified or aggregated information about our users;
- Health or medical information covered by HIPAA; and
- Other information deemed under applicable state privacy laws not to be personal information.
The personal information we collect depends on the context of your interactions with Cariloop and the features you use on the Platform. In particular, our Platform has collected within the last twelve (12) months, and intends to continue collecting, the following categories of personal information:
| Category | Examples | Collected |
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, names of dependents that are connected to or covered by your account, date of birth, or other similar identifiers. | YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). | A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, bank account number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES |
| C. Protected classification characteristics under applicable state or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES |
| D. Commercial information. | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
| F. Internet or other similar network activity. | Browsing and search history, usage of, and information regarding your use of our Platform. | YES |
| G. Geolocation data. | City and state location of your device, which may include GPS-based, wifi based, or cell-based location | YES |
| H. Sensory data. | Audio recordings of calls when you call our customer service. You are notified at the beginning of a call whether the call is being recorded. | NO |
| I. Professional or employment-related information. | Current or past job history and resume and employment application information. | YES |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
We collect this information:
- directly from you when you provide it to us when you register for an account on the Platform, when you participate in activities on the Platform, or otherwise when you contact us.
- automatically as you navigate through the Platform, including, without limitation, your browser information on our server logs including your IP address, browser type, browser versions, browser language, browser plug-in type and version, country and time zone, URLs that refer visitors to our Platform, dates and times of visits to our Platform, page views and site navigation, geographic location, cookie information, web beacons, the page you requested, duration of activity on our Platform, searches, hardware model, operating system version, unique device identifiers, and mobile network information. You may learn more about our cookie collection practices in our Cookie Consent policy. https://cariloop.com/cookie-consent-policy
- from third parties. This information may be utilized, analyzed, and/or compared with information that we have collected from you or that you have submitted to the Platform. Such third parties may include but are not limited to Your Employer. If we obtain information from third-party sources, we take commercially reasonable measures to ensure the third parties lawfully obtained and provided the information to us. If the third parties unlawfully obtained and/or provided the information to us despite our reasonable measures to ensure the third parties complied with all legal requirements in obtaining and providing the information to us, you understand, agree, and acknowledge that your sole legal remedy is against the third party that engaged in the unlawful activity and that you will not assert any cause of action, claim or demand against us.
4. How We Use Your Personal Information
- To Provide and Manage Our Services:
- To provide access to our Platform, services, and products.
- To administer and support your account, including eligibility determinations, claims processing, and displaying claims information.
- To link accounts and facilitate reimbursements through our third-party payment processor.
- To prepare account statements and tax documentation, if applicable.
- To personalize your experience and develop or improve our Platform.
- To provide access to our Platform, services, and products.
- To Communicate with You:
- To provide customer support and respond to inquiries.
- To notify you about changes to our Platform, products, or services.
- To inform your care coach of relevant information.
- To provide customer support and respond to inquiries.
- To Ensure Security and Compliance:
- To prevent fraud and maintain the security of our Platform and your account.
- To enforce our Terms of Service and protect the rights, property, or safety of Cariloop, our users, or others.
- To comply with legal obligations or respond to regulatory requests.
- To prevent fraud and maintain the security of our Platform and your account.
- For Analysis and Improvement:
- To conduct audits and monitor usage patterns.
- To perform internal research or statistical analysis (with data de-identified in compliance with HIPAA Security Rule).
- To create sanitized sample cases for internal or external use.
- To conduct audits and monitor usage patterns.
- For Program Sponsor Purposes:
- To share limited information (e.g., name, ID, email, number and duration of cases) with your program sponsor. We will not disclose case details without your consent.
- To support third-party services or incentive programs sponsored by your employer or program sponsor. Limited personal data may also be shared with distributor or aggregator services, if directed by your sponsor.
- To share limited information (e.g., name, ID, email, number and duration of cases) with your program sponsor. We will not disclose case details without your consent.
- Other Uses:
- To fulfill any other purpose disclosed at the time of data collection.
- For any other use with your prior consent.
- To fulfill any other purpose disclosed at the time of data collection.
We do not sell your personal information for monetary or other valuable consideration. Data obtained for SMS text messaging will not be shared with any third parties for marketing purposes.
5. Who We Share Your Information?
We may share your personal information by disclosing it to a third party for a business purpose. In the preceding twelve (12) months, we have disclosed the personal information identified in categories A, B, and I above. We disclose your personal information for a business purpose to the following categories of third parties:
- Third party service providers that assist us with providing our services including care providers and payment facilitators (including Stripe, Inc.)
- Your Employer;
- Third parties whom you or your agents authorize us to disclose personal information to in connection with products or services we provide to you;
6. Your Rights and Choices Under U.S. State Laws
If you are a U.S. resident, depending on where you live (including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia), you may be entitled to certain rights without respect to your personal information, as described below.
NOTE: In some instances, we may NOT be able to comply with your request given that we are not the data controller, but instead are a data processor (such as when Your Employer provides your personal information to us), and/or may be required under applicable law to maintain your personal information. We may also decline your request in order to maintain our legitimate use of your information for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for fraud.
Right to Know and Data Portability
You may have the right to know what personal information we have collected about you and how we use it, including the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our business or commercial purpose for collecting or selling that personal information, the categories or list of third parties with whom we share that personal information, and specific pieces of personal information we collected about you in a readable format (also called a data portability request).
Right to Correct
You may have the right to request that we correct inaccuracies in the personal information we maintain about you. You may also correct the personal information in your account on the Platform.
Right to Delete
You may have the right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. We may deny your request if retaining the personal information is necessary for us or our third party service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our obligations to you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Limit Use and Disclosure of Sensitive Personal Information
Companies who collect, use, and disclose your sensitive personal information for purposes other than to provide you with products or services are required to provide you with the right to limit the use and disclosure of your sensitive personal information by providing a “Limit the Use and Disclosure of My Sensitive Personal Information” link. We only collect, use, and disclose your sensitive personal information to provide services to you, therefore Cariloop is not required to provide this link.
Exercising Your Rights
To exercise your right to know, right to correct, right to delete, or right to limit as further described above, please submit a request by either:
- Emailing us at privacy@cariloop.com or
- Completing the form available here https://cariloop.com/contact-us
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may only submit a request twice within a twelve (12) month period. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include, contact information and other information as we may reasonably request.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- If you are an authorized agent of a third party, you must provide us with: (i) sufficient information demonstrating your role as an authorized agent for the individual you are making the request about (e.g. Court order, power of attorney, etc.); (ii) information that will allow us to verify your identity; and (iii) any other information that we may reasonably request consistent with applicable law in order to authenticate your request.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request. However, we do consider requests made through your password protected account on the Platform sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request to exercise your right to know, right to correct, right to delete, and/or right to limit within ten (10) business days. If you do not receive confirmation within the ten (10) day timeframe, please contact us. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. Please note that additional time may be needed to process the deletion of personal information from backup and/or archival databases. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. If you have an account with us on the Platform, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you submit a request regarding one of the rights listed above and such request is denied you may appeal our decision by emailing us at privacy@cariloop.com with the subject line “Appealed Privacy Right Decision”. We will respond to an appeal within forty-five (45) days, with the ability to extend this by an additional sixty (60) days after notifying you of the extended time period. We will maintain records of all appeals and responses for a period of at least twenty-four (24) months.
Non-Discrimination
We will not discriminate against you for exercising any of your rights set forth above. Unless permitted by applicable state law, we will not:
- Deny you products or services.
- Charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of products or services.
- Suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Platform who are consumers, employees, potential employees and businesses that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please email us at privacy@cariloop.com.
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit www.donottrack.us.
7. How We Protect Your Personal Information
We have implemented reasonable security measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure, including regular testing of our control environment and infrastructure by independent firms. Unfortunately, despite these measures, we cannot guarantee the security of your personal information. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform, except where required by law.
The safety and security of your information also depends on you. Where you require a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
8. How we use Artificial Intelligence (AI)
Our Platform sometimes utilizes AI to provide a better experience to you. These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of AI within the Platform. Please note AI is not used to collect your personal information and you do not enter any information into an AI tool to utilize our Platform.
9. How long we retain your personal information
We keep your personal information only as long as needed to fulfill the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements. When deciding how long to retain your data, we consider:
- The type and sensitivity of the data;
- The risk of harm from unauthorized use or disclosure;
- The purposes for which we process your data and if we can achieve them in other ways;
- Applicable legal and regulatory requirements; and
- In some cases, we may de-identify or anonymize your personal information in line with laws and industry standards. Once anonymized, it is no longer considered personal information and cannot be linked back to you.
10. International Transfers
If you are using our Platform from outside the United States, please be aware that Personal Data may be collected, stored, and processed in the United States and in other countries outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your country. By providing your personal information, where applicable law permits, you specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.
11. What Are Your International Privacy Rights?
This section provides general information about how we collect, store, use, transfer, and otherwise process personal information in or from some regions such as a the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, and may provide you rights that allow you greater access to and control over your personal information.
These may include the following:
- To request access to and obtain a copy of your personal information;
- To request erasure;
- To restrict the processing of your personal information;
- To not be discriminated against for exercising your rights;
- To data portability; and
- Not to be subject to automated decision-making.
In certain circumstances you may also have the right to object to the processing of your personal information. You can make such a request by contacting us through the Contact Information below. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland you may contact the Federal Data Protection and Information Commissioner.
If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can make such a request by contacting us through the Contact Information below.
12. Changes to Our Privacy Notice
We may change this Privacy Notice at any time. If we make material changes to how we treat your personal information, we will notify you by email to the email address specified in your account and/or through a notice on the Platform. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Platform and this Privacy Notice to check for any changes. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes to this Privacy Notice.
13. Our Contact Information
If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your personal information pursuant to applicable laws, or otherwise need to contact us, you may contact through the contact information below or through the “Contact Us” page on our Platform.
To Contact Cariloop, please email:
privacy@cariloop.com