Plain-English summary. We collect what consultants and family caregivers enter into the app, encrypt it in our database, and send a redacted version to Anthropic to draft an AI assessment. We don't sell your data. We don't use it to train AI models. You can ask us to delete it. We're not a HIPAA-regulated service today.
1. Who we are
This Privacy Policy explains how ConfirmOk ("we," "us," "our") collects, uses, and shares information when you use the ConfirmOk Advisor service (the "Service"). It applies to consultants, admin users, and family caregivers who submit information through a public intake link.
2. Information we collect
2.1 From consultants and admin users (account holders)
Account information: name, email address, password (hashed), business name, branding (accent color, logo), and role.
Authentication data: two-factor authentication secret and recovery codes.
Case data you create: care-recipient name, primary caregiver name, client email, status, notes, tasks, recommendations, care plans, and closure information.
Technical data: IP address, user-agent, and session metadata for security and abuse prevention.
2.2 From family caregivers (intake submissions)
Intake content: answers to the Caregiving Story Workbook, including observations about the care recipient's health, mobility, cognition, mood, medications, finances, family dynamics, and end-of-life wishes.
Consent record: timestamp, IP address, and consent-text version at the moment you acknowledged the intake consent gate.
3. How we use the information
To provide, maintain, and improve the Service.
To generate AI-assisted draft assessments, recommendations, and care plans for the consultant's review.
To authenticate users and secure accounts.
To communicate with you about the Service (account, security, billing, support).
To comply with legal obligations and respond to lawful requests.
We do not use Customer Content to train AI models. We do not sell personal information.
4. AI processing — what is and isn't sent
When a caregiver submits an intake form, the consultant's AI draft is generated by sending a sanitized version of the intake to Anthropic Claude. Before transmission we:
Remove the care recipient's name;
Replace the recipient's exact age with an age bracket (e.g., "80–89");
Remove free-text "notes" fields most likely to contain third-party names (family members, doctors, attorneys, pharmacies, facilities);
Truncate excessively long strings and strip suspicious control characters.
The consultant always sees the unredacted information you submitted. Anthropic's handling of API data is governed by their terms; under their standard commercial terms, prompts and completions may be retained for a limited period for abuse monitoring and are not used to train their models.
5. How we protect your information
Encryption in transit: HTTPS/TLS for all connections.
Application-layer encryption at rest: sensitive columns — including intake payloads, assessment results, care plans, recommendations, notes, tasks, names, and emails — are encrypted in our database using Laravel's encrypted casts (AES-256).
Infrastructure encryption: our hosting provider applies disk-level encryption to managed databases and backups.
Network access controls: our database is restricted to trusted IP addresses on the private network.
Two-factor authentication: required for all consultant and admin accounts.
Role-based access controls: consultants can only access their own cases; we enforce this in policy and code.
Audit considerations: we are actively expanding our access logging.
6. Who we share information with
We share information only as needed to operate the Service:
Anthropic (AI processing of redacted intake content).
Email-delivery providers (transactional and account email).
Payment processors (for billing, where applicable).
Legal and regulatory authorities when required by law, valid legal process, or to protect rights, safety, and security.
Successors in the event of a merger, acquisition, or asset sale, subject to confidentiality obligations.
7. HIPAA status
The Service is not currently configured as a HIPAA-compliant platform, and we do not enter Business Associate Agreements with our customers at this time. Consultants whose practices fall under HIPAA must not use the Service to handle Protected Health Information on behalf of, or as a Business Associate of, a Covered Entity. See our Terms of Service for more.
8. State health-privacy laws
Even where HIPAA does not apply, state laws may. Notable examples include the California Confidentiality of Medical Information Act (CMIA), the Washington My Health My Data Act, and similar statutes. We are working to align with these where reasonably applicable, but you remain responsible for your own compliance with the laws of your jurisdiction.
9. Data retention
Account data is retained while your account is active and for a reasonable period after termination to handle support, disputes, and legal obligations.
Case data is retained until you (or, where appropriate, the caregiver) request its deletion or until the case is closed and reasonable retention has elapsed.
Backups follow the retention schedule of our hosting provider.
10. Your rights
Depending on where you live, you may have rights to:
Access the personal information we hold about you;
Correct inaccurate information;
Request deletion of your information;
Object to or restrict certain processing;
Receive a portable copy of your information;
Withdraw a consent you previously gave.
To exercise these rights, email [email protected]. We respond within 30 days. Family caregivers should first ask their consultant; if the consultant cannot help, contact us directly.
11. Cookies and similar technologies
We use strictly necessary cookies to keep you signed in and to maintain CSRF protection. We do not use third-party advertising cookies in the application. Our marketing pages may use limited analytics; these are described where used.
12. Children's privacy
The Service is not intended for, and may not be used by, anyone under 18. We do not knowingly collect information from minors. If you believe a minor has provided information through the Service, contact us and we will delete it.
13. International users
The Service is hosted in the United States. If you access it from outside the U.S., you understand that your information will be transferred to, stored, and processed in the U.S.
14. Breach notification
If we become aware of a security incident affecting your personal information, we will notify affected users without undue delay and in accordance with applicable law (including the FTC Health Breach Notification Rule, where applicable).
15. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect.
This document is a starting point and not a substitute for legal advice. Have a qualified attorney review and adapt this Privacy Policy for your specific business, customers, and jurisdiction before relying on it.