Notice: One of our vendors was impacted by a security incident, which affected some of our patients’ or their primary insured’s protected health information. Learn more.
This Policy covers personal information we collect through the Site, including identifiers (e.g., name, email), usage information (e.g., IP address, device/browser details, pages viewed), and communications you send to us. It does not cover information processed solely on behalf of a HIPAA-covered entity under a BAA, which is handled in accordance with HIPAA and the applicable BAA. It also does not cover de-identified or aggregate data.
We use personal information to: provide and secure the Site; respond to inquiries; personalize content; perform analytics; comply with law; protect against fraud and abuse; and improve our products and services. Where required by law, we will request your consent for certain processing (for example, processing sensitive data or using certain tracking technologies for targeted advertising where applicable).
We do not sell personal information in exchange for money. We may disclose personal information to: (a) service providers bound by contract to use the data only to provide services to us; (b) business partners where you have asked us to share information (for example, to schedule a demo); (c) legal authorities when required to comply with law or protect rights and safety; and (d) in connection with a corporate transaction. Where state law treats certain disclosures as a “sale” or “sharing” for targeted advertising, you may exercise applicable opt-out rights (see Section 10).
If Caregenix serves as a business associate to HIPAA-covered entities, we handle PHI in accordance with HIPAA, the HIPAA Privacy, Security, and Breach Notification Rules, and our BAAs. HIPAA-covered providers and health plans must post and provide a Notice of Privacy Practices (NPP). Caregenix will also post a link to the applicable NPP(s) on the Site where appropriate. For HIPAA breaches of unsecured PHI, we will notify covered entities and, where applicable, affected individuals and HHS as required by law.
If any feature of the Site qualifies as a vendor of personal health records (PHR) or a PHR-related entity not covered by HIPAA, Caregenix will comply with the Federal Trade Commission (FTC) Health Breach Notification Rule, including providing notice of a breach of unsecured, identifiable health information to affected individuals, the FTC, and, if applicable, the media within the timelines and with the content required by the Rule.
We use first- and third-party cookies and similar technologies to operate the Site, measure engagement, and, where permitted, provide interest-based advertising. You can manage cookies through your browser settings. Some states require honoring Global Privacy Control (GPC) or other universal opt-out signals for targeted advertising—where these laws apply to us, we will process such signals as an opt-out.
Our Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it. If we offer any child-directed features, we will comply with the Children’s Online Privacy Protection Act (COPPA), including verifiable parental consent, enhanced notices, data minimization, and retention limits. Parents may contact us to review or delete their child’s information.
We implement administrative, technical, and physical safeguards designed to protect personal information. We retain personal information for as long as needed to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Where required (e.g., for children’s data), we maintain a written retention schedule and delete data when no longer necessary for the stated purpose.
Depending on where you live, you may have the right to: (a) know/access, (b) correct, (c) delete, (d) obtain a portable copy, and (e) opt out of targeted advertising, the sale of personal data (as broadly defined by certain state laws), and certain profiling. States with such rights include, for example, California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana (effective Jan 1, 2026), and Tennessee (effective Jul 1, 2025). Florida provides specific rights under the Florida Digital Bill of Rights for a narrow set of very large technology companies. How to exercise your rights is described in Section 12 below.
If you are a Washington or Nevada resident, or your consumer health data is collected in those states, additional protections may apply (e.g., separate consumer health data privacy policies; opt-in consent for collection and sharing; restrictions on geofencing near health care facilities; and specific authorization for any sale of consumer health data). Caregenix has adopted a separate Consumer Health Data Privacy Policy, available at https://caregenix.solutions/consumer-health-data-privacy, which applies to consumer health data as defined by those state laws.
Submit a request by emailing privacy@caregenix.solutions or by using our web form at https://caregenix.solutions/privacy-request. We will authenticate your request and respond within the timelines required by applicable law, typically 45 days. You may designate an authorized agent where permitted. If we deny your request, you may appeal using the instructions in our response. For California residents, you may also use the following links: "Do Not Sell or Share My Personal Information" and "Limit the Use of My Sensitive Personal Information" (where applicable). For Colorado and Delaware, we honor recognized universal opt-out mechanisms.
At or before the point of collection, we disclose the categories of personal information to be collected, the purposes, whether the data will be sold or shared for targeted advertising, the retention period or criteria, and links to our privacy policy and applicable opt-out mechanisms. If we use or disclose sensitive personal information for non-exempt purposes, you may limit such use/disclosure.
This Site is intended for users in the United States. If you are located outside the U.S., you understand that information may be processed in and transferred to the United States, which may have different data-protection laws than your country of residence.
We may update this Policy from time to time to reflect changes to our practices or applicable law. We will post the updated Policy and update the effective date. Material changes will be highlighted when they take effect.
If you have questions or requests, contact: info@caregenix.solutions
At CareGenix, our mission is to remove barriers and deliver the best care possible. We believe personalized solutions lead to success in every case. Contact us today for a complimentary consultation and discover how we can help you achieve better outcomes.