Legal

Privacy Policy

Last updated: April 2026

01

Introduction

Karebase ("Karebase," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our services.

Because our services are designed for DHS-licensed providers who handle protected health information (PHI), we treat data privacy as a foundational requirement, not an afterthought. Where applicable, our data practices are governed by HIPAA and any executed Business Associate Agreement (BAA) between Karebase and your organization.

Karebase does not provide Electronic Visit Verification (EVV) services and does not process EVV data.

02

Information We Collect

We collect information you provide directly to us, including your name, email address, organization name, job title, and business details when you fill out a contact form, book a discovery call, or communicate with us directly.

We also collect information automatically when you visit our website, including IP address, browser type, pages viewed, and referring URLs through standard analytics tools.

In the course of a client engagement, we may receive organizational data such as service records, care plan information, authorization data, and internal policy documents, necessary to build, configure, and train systems on your behalf. This data is handled in strict accordance with your BAA and applicable privacy law. Karebase does not collect, receive, or process EVV records as part of its services.

03

How We Use Your Information

We use the information we collect to respond to your inquiries and provide requested services, send technical notices and administrative communications, discuss your organization's operational needs and project scope, analyze usage patterns to improve our website, and comply with applicable legal obligations.

We do not sell your personal information or your organization's data to third parties. We do not use client data to train external AI models or to improve any AI systems beyond those explicitly built for your organization.

04

Information Sharing

We may share your information with trusted third-party service providers who assist in operating our website and delivering our services, including Airtable (our primary data platform), notification services such as email and Slack integrations, and AI infrastructure providers for clients who opt into the AI layer, provided they have agreed to maintain appropriate confidentiality and, where required, have executed a BAA.

All third-party providers used in client engagements involving PHI are vetted for HIPAA compliance and operate under executed BAAs. We do not share your organizational data with any provider not directly involved in delivering your system.

We may also disclose your information when required by law, to protect our rights, or in connection with a business transfer. In such cases, we will notify you before your information becomes subject to a different privacy policy.

05

HIPAA & Protected Health Information

Karebase operates as a Business Associate under HIPAA for clients whose work involves PHI. All systems we build, including Airtable datastores, dashboard interfaces, automation workflows, and the optional AI layer, are designed to meet the technical and administrative safeguards required under the HIPAA Security Rule. We execute a BAA with every client whose engagement involves PHI.

PHI is never used for any purpose other than performing the services outlined in your service agreement, and is never shared with unauthorized parties or used to train any AI model.

06

AI Data Handling

Karebase offers an optional AI layer for clients who choose to include it. This AI system is trained on DHS 245D and HCBS documentation and further augmented with your organization's own internal policies and procedures. When this feature is enabled, the following data practices apply:

Your organizational data used to augment or configure the AI system is treated as PHI where applicable and governed by your BAA. It is processed exclusively within HIPAA-compliant infrastructure and is never used to train external AI models or improve any model beyond your own deployment. The AI layer operates in a private, isolated environment. Your data is not shared with other organizations or used for any purpose outside your engagement with Karebase.

Clients who do not opt into the AI layer are not subject to AI-specific data handling.

07

Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction, using encrypted data pipelines, role-based access controls, and HIPAA-compliant infrastructure on all client-facing systems.

Automated notification workflows, such as email and Slack alerts generated by your Airtable system, are configured to transmit only the minimum necessary information and are set up in accordance with your organization's communication security requirements.

No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

08

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data. You can control cookie settings through your browser preferences. Disabling cookies may affect some functionality of our site.

09

Third-Party Links

Our website may contain links to third-party websites, including scheduling tools and external resources. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

10

Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal information, or to object to or restrict certain processing. To exercise these rights, please contact us at the address below. We will respond to all requests in accordance with applicable law.

11

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Client data, including any data used to configure Airtable systems or the optional AI layer, is retained in accordance with the terms of your service agreement. When we no longer need your information, we securely delete or anonymize it.

12

Children's Privacy

Our services are directed to organizational clients and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated effective date. Your continued use of our website or services after any changes indicates acceptance of the updated policy.

14

Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at contact@karebase.com.