Privacy Policy

How CraigCare collects, uses, and protects information.

Effective: June 20, 2026

This Privacy Policy explains how CraigCare, Inc. (“CraigCare,” “we,” “us”) collects, uses, and shares information in connection with our website at craigcare.com (the “Site”) and our chronic care management software and services (the “Service”).

Scope, and a note on protected health information

This policy describes our handling of information about visitors to the Site, people who contact us, and the administrative users of our Service.

The Service is used by healthcare practices to manage care for their patients. Where CraigCare processes protected health information (PHI) on behalf of a practice, CraigCare acts as that practice’s Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). Our handling of PHI is governed by HIPAA and by the Business Associate Agreement (BAA) between CraigCare and the practice — not by this Privacy Policy. If you are a patient, please contact your healthcare provider about their privacy practices.

Information we collect

• Information you give us. When you request a demo, contact us, or correspond with us, we collect details such as your name, email, phone number, practice name, and the contents of your message.
• Account information. When a practice’s staff use the Service, we collect account credentials and profile details (name, work email, role).
• Information collected automatically. When you visit the Site we collect standard log and device data (IP address, browser type, pages viewed, referring URL, timestamps) and similar information through cookies and comparable technologies.

How we use information

We use information to operate, maintain, and improve the Site and Service; respond to inquiries and provide support; authenticate users and secure accounts; communicate with you about the Service; comply with legal obligations; and protect the rights, safety, and security of CraigCare, our customers, and others.

How we share information

We do not sell personal information. We share information only as follows:

• Service providers / subprocessors that help us run the Site and Service (for example, cloud hosting and infrastructure such as Amazon Web Services, email delivery, and analytics), under contracts that limit their use of the information.
• Legal and safety reasons — to comply with law, respond to lawful requests, or protect rights, property, and safety.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

PHI is shared only as permitted by the applicable BAA and HIPAA.

Cookies and analytics

The Site uses cookies and similar technologies for essential functionality and to understand usage. You can control cookies through your browser settings; blocking some cookies may affect how the Site works.

Data retention

We retain information for as long as needed to provide the Site and Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention of PHI is governed by the BAA.

Security

We use administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information, or to opt out of certain processing (for example, under the GDPR or the CCPA/CPRA). To make a request, contact us using the details below. For PHI, please contact the relevant healthcare practice, which controls that information.

Children’s privacy

The Site and Service are not directed to children, and we do not knowingly collect personal information from children through the Site.

Third-party links

The Site may link to third-party websites. We are not responsible for the privacy practices of those sites; review their policies directly.

Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the “Effective” date above.

Contact us

Questions about this policy or our privacy practices: privacy@craigcare.com.