Data Usage Policy

CareBoarding Technology Platform Data Usage Policy

Last Updated: 8th May 2025

1. Introduction

This Data Usage Policy ("Policy") describes how CareBoarding Technology Platform ("CareBoarding," "we," "us," or "our") collects, uses, processes, stores, transfers, and protects data in connection with our healthcare technology platform ("Platform"). This Policy is incorporated into and subject to our Terms and Conditions and Privacy Policy.

We are committed to protecting the privacy and security of all data entrusted to us, particularly sensitive healthcare information. This Policy is designed to ensure transparency about our data practices and to comply with applicable data protection laws and regulations.

2. Types of Data We Collect

CareBoarding collects and processes the following categories of data:

2.1 Customer Account Data

Information related to our customers' (healthcare providers) accounts, including:

  • Business contact information
  • Billing information
  • Account credentials
  • Service preferences
  • Communication preferences

2.2 Healthcare Provider Data

Information about healthcare professionals who use our Platform, including:

  • Name and professional credentials
  • Contact information
  • Professional license information
  • Service locations and schedules
  • Time and attendance records
  • Care delivery documentation

2.3 Patient Data

Protected Health Information (PHI) and personally identifiable information about patients, including:

  • Demographic information
  • Medical history and conditions
  • Treatment plans and interventions
  • Medications and allergies
  • Assessment data
  • Care documentation
  • Billing information

2.4 Usage Data

Information about how the Platform is used, including:

  • Log data
  • Device information
  • IP addresses
  • Browser type
  • Access times
  • Pages viewed
  • Features used

3. How We Use Data

CareBoarding uses the data we collect for the following purposes:

3.1 Service Provision

  • Delivering and maintaining our Platform and services
  • Authenticating and authorizing users
  • Facilitating communication between care providers and patients
  • Processing and documenting care delivery
  • Supporting billing and administrative functions

3.2 Service Improvement

  • Enhancing and optimizing the Platform
  • Developing new features and functionality
  • Fixing bugs and resolving technical issues
  • Analyzing usage patterns to improve user experience

3.3 Customer Support

  • Responding to support requests
  • Troubleshooting technical problems
  • Providing training and assistance
  • Addressing account issues

3.4 Compliance and Security

  • Meeting regulatory requirements
  • Maintaining audit trails
  • Detecting and preventing security incidents
  • Protecting against fraudulent or illegal activity

3.5 Analytics and Reporting

  • Generating aggregated and anonymized statistics
  • Creating organizational performance reports
  • Supporting quality improvement initiatives
  • Conducting research to improve healthcare delivery (with appropriate consent)

4. Data Processing Principles

CareBoarding adheres to the following principles when processing data:

4.1 Lawfulness, Fairness, and Transparency

We process data in accordance with applicable laws, fairly, and in a transparent manner.

4.2 Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

4.3 Data Minimization

We limit data collection to what is necessary for the purposes for which it is processed.

4.4 Accuracy

We take reasonable steps to ensure that data is accurate and, where necessary, kept up to date.

4.5 Storage Limitation

We retain data only as long as necessary for the purposes for which it is processed, subject to legal retention requirements.

4.6 Security and Confidentiality

We implement appropriate technical and organizational measures to ensure data security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

5. Data Security Measures

CareBoarding implements comprehensive security measures to protect all data, including:

5.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Multi-factor authentication
  • Firewalls and intrusion detection systems
  • Regular security patches and updates
  • Automatic session timeouts
  • Secure backup systems
  • Data loss prevention tools

5.2 Administrative Safeguards

  • Role-based access controls
  • Background checks for employees
  • Regular security awareness training
  • Formal security policies and procedures
  • Regular risk assessments
  • Incident response plans
  • Vendor management program

5.3 Physical Safeguards

  • Secure data center facilities
  • Environmental controls
  • Physical access restrictions
  • Surveillance systems
  • Secure disposal of physical media

6. Data Sharing and Disclosure

6.1 No Sale of Data

CAREBOARDING DOES NOT SELL OR RENT CUSTOMER DATA OR PATIENT DATA UNDER ANY CIRCUMSTANCES.

6.2 Limited Sharing

We share data only in the following limited circumstances:

6.2.1 Service Providers

We may share data with third-party service providers who assist us in delivering our services, such as:

  • Cloud infrastructure providers
  • Technical support services
  • Analytics providers
  • Payment processors

All service providers are contractually bound to maintain the confidentiality and security of the data they process on our behalf.

6.2.2 Legal Requirements

We may disclose data if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

6.2.3 Business Transfers

In connection with a business transaction such as a merger, acquisition, or asset sale, data may be transferred as part of the transaction. Any successor entity will be bound by this Policy.

6.2.4 With Consent

We may share data with third parties when we have explicit consent to do so.

6.3 De-identified Data

We may use de-identified or aggregated data for research, analysis, and improvement of our services. This data does not identify any individual and is not subject to the same restrictions as personally identifiable information.

7. Data Retention and Deletion

7.1 Retention Period

We retain data for the following periods:

  • Customer Account Data: For the duration of the customer relationship plus 7 years
  • Healthcare Provider Data: For the duration of the provider's activity on the Platform plus 7 years
  • Patient Data: In accordance with applicable healthcare record retention laws (typically 7-10 years, depending on jurisdiction) or as specified in our Service Agreement with the customer
  • Usage Data: For up to 2 years

7.2 Deletion Process

When data is no longer necessary, we will:

  • Securely delete electronic records using industry-standard methods
  • Physically destroy any hard copies containing sensitive information
  • Request deletion of data from backup systems according to our backup rotation schedule

7.3 Data Retrieval After Termination

Upon termination of services, customers may request a copy of their data in a machine-readable format within 30 days of termination, as specified in the Service Agreement.

8. Customer Controls and Rights

8.1 Customer Administrative Controls

Customers have administrative control over their data, including:

  • Managing user access and permissions
  • Configuring security settings
  • Setting data retention policies
  • Exporting data
  • Requesting deletion of data

8.2 Individual Rights

Individuals whose data is processed through our Platform may have certain rights under applicable data protection laws. Requests to exercise these rights should be directed to the relevant customer (the healthcare provider), who is the data controller. These rights may include:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion of data
  • Restriction of processing
  • Data portability
  • Objection to processing

CareBoarding will assist our customers in fulfilling these requests as required by law and as specified in our Service Agreement.

9. Data Transfers

9.1 Cross-Border Transfers

CareBoarding primarily stores data in the country where our customers operate. However, we may transfer data across borders in certain limited circumstances:

  • To provide technical support
  • For disaster recovery purposes
  • As required by our service providers

All cross-border transfers are conducted in accordance with applicable data protection laws and with appropriate safeguards in place.

9.2 Data Localization

Where required by law or specified in our Service Agreement, we implement data localization measures to ensure that certain data remains within specific geographical boundaries.

10. Compliance with Regulations

10.1 Healthcare Regulations

CareBoarding is committed to complying with healthcare regulations, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Provincial health information privacy laws in Canada
  • Other applicable healthcare privacy laws

10.2 Data Protection Regulations

CareBoarding complies with applicable data protection regulations, including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • State privacy laws in the United States
  • Other applicable data protection laws

10.3 Compliance Program

CareBoarding maintains an active compliance program, including:

  • Regular assessments and audits
  • Staff training
  • Policy reviews and updates
  • Monitoring of regulatory changes

11. Data Breach Response

11.1 Detection and Notification

In the event of a data breach, CareBoarding will:

  • Promptly investigate the incident
  • Assess the nature and scope of the breach
  • Implement measures to contain and mitigate the breach
  • Notify affected customers as required by law and our Service Agreement
  • Assist customers in notifying regulatory authorities and affected individuals as appropriate

11.2 Documentation

CareBoarding maintains records of all data breaches, including:

  • Facts about the breach
  • Effects of the breach
  • Remedial action taken

12. Changes to This Policy

CareBoarding may update this Policy from time to time. We will notify customers of any significant changes through our Platform or other communication channels. Continued use of our services after such changes constitutes acceptance of the revised Policy.

13. Contact Information

If you have questions or concerns about this Data Usage Policy, please contact us at:

Email: admin@careboarding.com