Privacy Policy

CareTap (“we,” “us,” “our”) helps clinics and medical practices share a simple, branded link hub via QR cards. This Privacy Policy explains what we collect, how we use it, and the choices you have.

In short: we collect minimal analytics about page views and button clicks, we don’t sell your data, we don’t run ads, and we don’t collect protected health information (PHI).

What we collect

• Clinic account info (admins/customers): clinic name, email, plan details, start date, and the content you provide for your CareTap page. Analytics passwords are stored as a secure hash (if enabled).
• Payments: processed by Stripe. We never see or store full card numbers. Stripe provides us with billing status details (e.g., successful/failed, renewal date).
• Usage analytics: for public CareTap pages, we record page views and button clicks with timestamps. We may store IP address, user agent, referrer, and the profile slug to detect abuse and understand aggregate usage.
• Server logs: standard logs (IP, user agent, requested URL, timestamp) for troubleshooting and security.

PHI note: CareTap is not intended to collect or store medical records or protected health information.

How we use data

• Provide and maintain the CareTap service.
• Show clinics aggregate analytics (visits and clicks).
• Improve reliability, performance, and user experience.
• Detect, prevent, and address fraud or abuse.
• Send essential account or billing notices.

Sharing & processors

We do not sell your personal information. We share data only with service providers who help us operate CareTap:

• Stripe for payments and billing.
• Jotform if you submit a contact, demo, or onboarding form.
• Our hosting provider(s) that store the application and database.

We may disclose information if required by law or to protect our rights, users, or the public.

Cookies

• Essential cookies: used for admin authentication/session security.
• Analytics: our pageview/click analytics are first-party (no third-party ad trackers). We may use a simple first-party cookie to remember preferences like date ranges for reports.

Data retention

• Account and billing records: retained while the account is active and as required by law.
• Analytics events (page views & clicks): typically retained up to 24 months in identifiable form, and may be aggregated thereafter.
• Server logs: typically retained for up to 90 days.

Security

• HTTPS is enforced across the site.
• Admin and analytics passwords are stored as secure hashes.
• Access to production systems is limited to authorized personnel.

No internet service is 100% secure, but we work to protect your data using reasonable safeguards.

Your choices & rights

Clinic admins can request access, correction, or deletion of their profile data by contacting us. If you are a patient who scanned a clinic’s CareTap QR, we do not know who you are; analytics events are not tied to your identity.

EEA/UK/California: depending on your location, you may have additional rights (access, correction, deletion, portability). We do not “sell” or “share” personal information for cross-context behavioral advertising.

Children

CareTap is intended for use by clinics and their staff. It is not directed to children under 13, and we do not knowingly collect personal information from children.

International

We operate in the United States. If you access CareTap from outside the U.S., you agree to the transfer and processing of your information in the U.S. where data protection laws may differ from those in your jurisdiction.

Changes to this policy

We may update this Privacy Policy from time to time. We’ll change the “Last updated” date above and, if changes are significant, we’ll provide additional notice.

Contact

Questions or requests? Email michael@epikore.com.