Effective Date: January 18, 2026 Version: 2.0
Caretrics ("we", "us") is a revenue protection system that processes clinic operational data to help identify and recover revenue leaks. We process billing and scheduling data, which may include patient names for reconciliation purposes; we never access clinical notes or protected health information. We comply with PIPEDA and implement safeguards aligned with healthcare industry best practices. This Policy explains what we collect, why, and your choices.
| Category | Examples | Notes |
|---|---|---|
| Account Info | Name, email, clinic name, billing details | Needed to create & service your account. |
| Operational Data | Revenue totals, appointment counts, billing status, patient names (for billing reconciliation only) | Pulled only from integrations you authorize (Jane.app). Clinical notes are never accessed. |
| Usage Data | IP, timestamps, clicks, error logs | Improves performance & security. |
| Cookies | Session & analytics cookies | Essential cookies run the service; analytics cookies help us improve (you can opt out). |
Caretrics offers two data modes that control how patient identity is handled. Your clinic administrator selects the mode in Settings, and can change it at any time.
| Mode | What We Receive | Best For |
|---|---|---|
| Analytics Mode (default) | Pseudonymized patient references only — no patient names | Clinics wanting operational insights with the strictest privacy posture |
| Recovery Mode (opt-in) | First name + Jane GUID only — no contact info, no clinical data | Clinics wanting patient-level revenue recovery with staff task assignment |
In both modes, we never access clinical notes, patient contact information (phone, email, address), health records, or payment card data.
For full details, see our Data Transparency page.
We never sell your information. We share it only with:
We use the following service providers to operate Caretrics:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting, authentication | Canada (AWS ca-central-1) or USA (AWS), depending on customer region |
| Vercel | Web application hosting | USA (Edge network) |
| Railway | Background job processing | USA |
| Stripe | Payment processing | USA |
| Resend | Transactional email | USA |
We maintain contracts with all subprocessors requiring them to protect your data consistent with this Policy. Enterprise customers may request a complete subprocessor list and notification of changes.
You may:
Contact privacy@caretrics.com to exercise these rights. We respond within 30 days.
Upon account termination, you may request a full data export within 30 days. Data is permanently deleted within 90 days of termination unless legal retention applies.
Data may be processed in Canada, the USA, or other countries where our subprocessors operate. We use Standard Contractual Clauses and other safeguards to protect cross‑border transfers.
Links in Caretrics may lead to external sites (e.g., tutorials, social media). Their privacy practices apply once you leave our domain.
Caretrics is not for children under 13. We don't knowingly collect children's data. Contact us if you believe we have inadvertently done so.
Enterprise customers (multi-clinic networks, organizations with negotiated contracts) may be entitled to:
Contact enterprise@caretrics.com for enterprise privacy inquiries.
We'll post updates here and notify you of material changes via email or in‑app notice at least 30 days before they take effect. Continued use after the effective date = acceptance.
Caretrics – Privacy Team Email: privacy@caretrics.com Enterprise: enterprise@caretrics.com
We're happy to answer any questions or handle data requests.
Your data stays yours. We're the custodian, you're the owner.
