Privacy Policy

CareVault ('we', 'our', 'us') is committed to protecting your personal information and your right to privacy.

When you use our platform, we collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Information We Collect

We collect information you provide directly, including your name, email address, company name, and any information you enter into the CareVaultc platform. We also collect technical information such as your IP address, browser type, and usage data.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, to communicate with you about updates and support, and to comply with our legal obligations.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. Contact us at info@carevault.care to exercise your rights.

Contact Us

If you have any questions about this Privacy Policy, please contact us at info@carevault.care

CAREVAULT SOFTWARE LTD (“we”, “our”, or “us”) is committed to protecting the privacy of all individuals who use our care management platform, including care agency administrators, coordinators, and carers. This Privacy Policy explains how we collect, use, store, and protect your information when you use the CareVaultc web application and any associated mobile applications (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

CareVaultc is a Software-as-a-Service (SaaS) platform providing domiciliary and home care management tools to care companies. We act as a data processor on behalf of care companies (our customers), who act as data controllers for the personal data of their clients and employees entered into the platform.

For questions about this policy, contact us at: privacy@carevault.care

We collect and process the following categories of information:

We use collected information to:

• Provide, operate, and maintain the Service
• Authenticate users and enforce access controls
• Process and display care schedules, timesheets, and payroll data
• Send transactional emails (e.g. account invitations, password resets, notifications)
• Respond to support requests
• Monitor and improve platform performance and security
• Comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising purposes.

Where GDPR applies, we process personal data on the following legal bases:

• Contract: processing necessary to deliver the Service under our Terms of Service
• Legitimate interests: improving the platform, maintaining security
• Legal obligation: compliance with applicable law
• Consent: where you have provided explicit consent (e.g. location data for clock-in)

All data is stored on secure servers. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encrypted passwords (bcrypt)
• HTTPS encryption for all data in transit
• JWT-based authentication with short-lived access tokens
• Role-based access control — users only see data relevant to their role
• Tenant isolation — each agency's data is fully separated

Data is hosted on servers located within the European Union (or EEA-equivalent regions). We do not transfer personal data to countries outside the EEA without appropriate safeguards in place.

We retain personal data for as long as your agency account is active, or as long as necessary to provide the Service. When an agency account is closed, data is retained for a minimum of 30 days to allow for export, after which it is permanently deleted unless legal obligations require longer retention.

You may request deletion of your data at any time by contacting us at privacy@carevault.care.

We use the following third-party services to operate the platform:

• Resend — transactional email delivery (resend.com)
• Google Maps Platform — address geocoding and distance calculations
• Groq — AI writing assistance (optional feature, processes only text you submit)
• Stripe — subscription billing for agency plans

Each of these providers has their own privacy policy and data processing agreements in place.

We use session cookies strictly necessary for authentication and secure operation of the Service. We do not use tracking cookies or third-party advertising cookies.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (“right to be forgotten”)
• Restrict or object to processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at privacy@carevault.care. We will respond within 30 days.

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify agency administrators of significant changes by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy. The current version is always available at https://www.carevault.care/privacy.

For any privacy-related questions or requests: