Privacy Policy

Care-Intel (“we”, “us”, “our”) operates care-intel.com and the related Care-Intel platform (the “Service”). This Privacy Policy explains how we collect, use, disclose and protect information about you when you use the Service.

1. Who We Are

Care-Intel is a healthcare intelligence platform that aggregates, normalises and delivers biomedical and clinical datasets, knowledge graph relationships, and AI-ready analytics to payers, providers, biopharma organisations, researchers, and AI developers. We are headquartered in the United States and operate under applicable U.S. and international privacy law.

2. Data We Collect

We collect the following categories of information:

• Account information — name, work email, organisation, job title, password hash.
• Usage data — pages visited, API calls made, datasets accessed, session identifiers, IP address, browser/device metadata.
• Payment data — billing address, last-four digits of card; full card details are processed directly by Stripe and never stored on our servers.
• Communications — demo requests, support messages, marketing opt-ins.
• Healthcare data on the platform — the platform processes de-identified, population-level clinical and claims data. We do not store individually identifiable protected health information (PHI) in end-user-facing systems.

3. How We Use Your Data

• Provide, operate and improve the Service.
• Process subscriptions and billing (via Stripe).
• Send transactional emails (account verification, invoice, alerts).
• Send marketing emails where you have opted in; you may opt out at any time.
• Comply with legal obligations and enforce our Terms of Service.
• Conduct analytics to improve product quality and user experience (aggregated/anonymised).

4. HIPAA & GDPR Compliance

HIPAA: Care-Intel applies Safe Harbor de-identification to any clinical dataset before it is ingested into the platform. PHI governance controls, minimum-necessary access policies, audit trails, and BAA-ready enterprise workflows are available for covered entities. Contact info@care-intel.com to request a BAA.

GDPR: If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (see Your Rights below). Our legal basis for processing is: performance of a contract (account provision), legitimate interests (security, analytics), and consent (marketing communications).

5. Data Sharing & Transfers

We do not sell your personal data. We share data only with:

• Service providers — AWS (infrastructure), Stripe (payments), SendGrid/SES (email), Snowflake/Databricks (data delivery to enterprise clients under contract).
• Legal requirements — courts, regulators, law enforcement as required by law.
• Business transfers — in the event of a merger or acquisition, data may be transferred to the acquiring entity.

International transfers to the U.S. from the EEA are governed by Standard Contractual Clauses.

6. Cookies & Tracking

We use:

• Strictly necessary cookies — session authentication, CSRF protection.
• Analytics cookies — aggregated, anonymised visitor analytics (no cross-site tracking).

You can disable non-essential cookies in your browser settings. We do not use third-party advertising cookies.

7. Your Rights

Depending on your jurisdiction you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Erasure — request deletion of your account and associated data.
• Portability — receive your data in a machine-readable format.
• Object / Restrict — object to or restrict processing for direct marketing or legitimate interests.
• Withdraw consent — unsubscribe from marketing emails at any time via the link in any email.

To exercise any right, email privacy@care-intel.com. We will respond within 30 days.

8. Security

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest, access controls, key rotation, audit logging, and penetration testing. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security but we take reasonable measures to protect your data.

9. Data Retention

Account data is retained for the duration of the subscription plus 90 days after closure. Audit logs are retained for 7 years for compliance purposes. You may request earlier deletion by contacting us.

10. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us immediately.

11. Contact Us

For privacy questions, data requests, or to report a concern:

• Email: privacy@care-intel.com
• General: info@care-intel.com

We may update this policy periodically. Material changes will be notified by email or a prominent notice on the site. Continued use of the Service after changes constitutes acceptance.