PalmCare AI
PalmCare AIBack to Home

Privacy Policy

Last updated: February 22, 2026

PalmCare AI ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform at palmcareai.com and any related services (collectively, the "Service").

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, company/agency name, and password when you register for an account.
  • Business Information: Agency name, state of incorporation, business registration number, address, and licensing details.
  • Client & Care Data: Client names, care assessments, caregiver information, visit records, and related care documentation that you input into the platform.
  • Audio Recordings & Transcripts: Audio recordings of care assessments that you upload for AI-powered transcription, speaker identification, and documentation generation. See Section 4 for recording consent requirements.
  • Assessment Data: Structured assessment information including ADLs, IADLs, cognitive screening results, medical conditions, and care needs as captured during provider assessments.
  • Payment Information: Billing details processed securely through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Communications: Support tickets, emails, and other correspondence you send to us.

Information Collected Automatically

  • Usage & Engagement Data: Pages visited, features used, timestamps, session duration, login frequency, and interaction patterns used for platform analytics and engagement scoring.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and session management. See Section 8 for details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including AI-powered transcription, contract generation, and care documentation.
  • Process your transactions and manage your subscription.
  • Send transactional emails (account verification, password resets, billing receipts).
  • Provide customer support and respond to your inquiries.
  • Improve and personalize the Service through usage analytics.
  • Detect, prevent, and address security issues and fraudulent activity.
  • Comply with legal obligations, including healthcare data regulations.

3. Data Sharing & Disclosure

We do not sell your personal information. We may share information with:

  • Service Providers: Third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, email delivery). These providers are contractually obligated to protect your data.
  • AI Processing Partners: Audio and transcript data may be processed by AI service providers (e.g., Deepgram for transcription, Anthropic Claude for analysis) for transcription and document generation. Data is transmitted securely and is not used to train third-party models.
  • Legal Requirements: When required by law, subpoena, or government request, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

4. Healthcare Data & HIPAA

We recognize that the Service may be used to process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). We implement the following safeguards:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Role-based access with secure authentication, session timeouts, and audit logging.
  • Data Isolation: Each agency's data is logically isolated and inaccessible to other customers.
  • Audit Trails: All access to sensitive data is logged for compliance and security purposes.
  • Business Associate Agreements: We will enter into a BAA with covered entities upon request. Contact us at [email protected] to arrange this.

5. Audio Recording & Consent Disclosures

PalmCare AI processes audio recordings of care assessments to generate transcripts, visit notes, service contracts, and billable item documentation. Recording consent requirements vary by state.

Two-Party (All-Party) Consent States

If you or your clients are located in any of the following states, all parties must consent before any audio recording takes place:

CaliforniaConnecticutDelawareFloridaIllinoisMarylandMassachusettsMichiganMontanaNew HampshireOregon (in-person)PennsylvaniaWashington

All other states follow one-party consent rules under federal law (18 U.S.C. §2511), meaning at least one participant (typically the person recording) must consent.

Your Consent Obligations

  • Provider Responsibility: As the agency using PalmCare AI, you are responsible for obtaining appropriate consent from clients and caregivers before recording assessments.
  • Cross-State Calls: When participants are in different states, the stricter state's consent law applies. When in doubt, obtain consent from all parties.
  • Consent Documentation: We recommend documenting consent in writing as part of your intake or service agreement process.
  • Platform Support: PalmCare AI provides consent notification features to assist with compliance, but does not replace your legal obligation to obtain valid consent.

How We Process Recordings

  • Transcription: Audio is converted to text using AI speech-to-text technology.
  • Speaker Identification: AI identifies different speakers in the recording (provider vs. client).
  • Documentation: Transcripts are analyzed to generate visit notes, extract billable services, and create service agreements.
  • Storage: Recordings are encrypted at rest (AES-256) and in transit (TLS 1.2+). Audio is retained according to the schedule in Section 6.
  • No Third-Party Training: Your audio recordings are never used to train third-party AI models.

6. Data Retention

  • Account data is retained for the duration of your active subscription and for 90 days following account closure.
  • Audio recordings are retained for 30 days after processing, then permanently deleted unless you choose to retain them.
  • Generated contracts, notes, and care documentation are retained for the life of your account.
  • Audit logs are retained for a minimum of 6 years for compliance purposes.
  • You may request deletion of your data at any time by contacting [email protected].

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • 256-bit AES encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Secure password hashing (bcrypt)
  • Regular security assessments and vulnerability scanning
  • Multi-factor authentication support
  • Automatic session timeouts after periods of inactivity

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Cookies & Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service to improve the experience. These can be opted out of.

We do not use advertising cookies or sell data to advertisers.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request a machine-readable export of your data.
  • Opt-Out: Unsubscribe from marketing emails at any time using the link in any email.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To make a request, contact [email protected].

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will promptly delete it.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. For significant changes, we will also send a notification to the email associated with your account.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

PalmCare AI

Email: [email protected]

Website: palmcareai.com