Effective Date: February 2026
Last Updated: February 2026
Introduction
InclusiCare ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our caregiving platform. This Privacy Policy explains our data practices, how we collect, use, and protect your information when you use the InclusiCare app and associated services.
InclusiCare is developed by InclusiGear, LLC. We've designed this policy to be transparent and straightforward, helping you understand how we handle sensitive health and behavioral information about neurodivergent children.
By accessing and using InclusiCare, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our services.
Information We Collect
We collect information to provide you with effective caregiving support and personalized features. Here's what we gather:
Account & Profile Information
What we collect:
- Full names of caregivers and children
- Email addresses
- Phone numbers
- Profile photos (for identification and Care Circle sharing)
- Relationship to the child (parent, guardian, therapist, etc.)
- Subscription and payment information
Health & Behavioral Data
What we collect:
- Neurodivergent diagnoses (autism, ADHD, sensory processing, etc.)
- Behavioral observations and patterns
- Therapy progress notes
- Developmental milestones and assessments
- Medication and treatment information
- Custom care preferences and accommodations
Care Circle & Communication
What we collect:
- Messages exchanged within Care Circle (shared family and care team coordination)
- Care Circle member contact information and roles
- Shared media (photos, videos, documents) from Care Circle interactions
- Voice messages for logging and communication
Uploaded Documents
What we collect:
- Individualized Education Programs (IEPs)
- Therapy reports and evaluations
- Medical records and assessments
- Educational reports
- Any other documents you upload for care coordination
Voice Input & CARLA Assistant
What we collect:
- Voice recordings when you use voice input to log activities and observations
- Transcripts of voice input
- Chat conversations with the CARLA AI assistant
Device & Technical Information
What we collect:
- Device model and operating system
- Mobile app version
- Unique device identifiers
- Push notification tokens (for Expo notifications)
- IP address and general location (country/region level)
- Usage analytics and feature interactions
- Crash logs and error reports
Permissions We Request
What permissions we use:
- Camera: To capture profile photos and media for Care Circle sharing
- Microphone: To process voice input for logging and voice-to-text conversion
- Push Notifications: To send important care reminders, Care Circle updates, and app notifications
How We Use Your Information
We use the information you provide for specific, legitimate purposes directly related to providing InclusiCare's caregiving services:
Core Service Delivery
- Providing the InclusiCare app and its features
- Enabling Care Circle coordination and communication
- Processing and storing your child's health and behavioral data securely
- Generating care insights and personalized recommendations
- Facilitating parent-therapist-educator communication
Account Management
- Creating and maintaining your account
- Processing subscription payments
- Verifying your identity and authorization
- Resetting passwords and managing account security
Communication & Support
- Responding to your support requests
- Sending service-related notifications (policy changes, maintenance, etc.)
- Sending Care Circle updates and reminders
- Notifying you about important account activities
Improving Our Services
- Analyzing usage patterns to improve app functionality
- Identifying and fixing technical issues and bugs
- Understanding user needs to develop better features
- Conducting quality assurance and performance monitoring
Legal & Safety Compliance
- Complying with legal obligations and regulations
- Responding to lawful requests from authorities
- Protecting against fraud and unauthorized access
- Enforcing our Terms of Service and other agreements
What We Do NOT Do
- We do NOT sell your data to third parties, advertisers, or data brokers
- We do NOT use your health/behavioral data to train AI models (see AI Features section for details)
- We do NOT display advertisements within the app
- We do NOT share data for marketing purposes
- We do NOT use your information for profiling or discriminatory purposes
AI Features & Services
InclusiCare includes the CARLA chat assistant, an AI-powered feature designed to help caregivers with insights, questions, and support. Here's how we handle AI features responsibly:
How CARLA Works
- CARLA processes your conversations, care observations, and logged information to provide personalized assistance
- Your conversations with CARLA are treated as protected health information
- CARLA provides evidence-based suggestions for neurodivergent caregiving
Third-Party AI Services
To power CARLA and other AI-assisted features, we use the following services:
AI Service Providers:
- Azure OpenAI (Microsoft): For natural language processing and conversation
- Google Gemini: For additional AI insights and recommendations
Data Handling with AI Services
- Only necessary information is sent to AI services (not entire health records unless explicitly needed for your query)
- Your data is transmitted securely with encryption
- Your health and behavioral data is NOT used to train or improve these third-party AI models
- AI service providers handle data according to their privacy agreements with us
- We have data processing agreements in place with all AI service providers
Your Choices with AI
- You can disable CARLA and AI-assisted features in your account settings
- You can delete your conversation history with CARLA at any time
- Using or not using CARLA does not affect your core app functionality
HIPAA Alignment
While InclusiCare is not covered under HIPAA directly (as we are a consumer health app), we maintain HIPAA-aligned security practices to protect health information. This means we implement:
- Encryption of data in transit and at rest
- Access controls and authentication
- Audit logs for data access
- Regular security assessments and penetration testing
Data Storage & Security
Protecting your family's sensitive information is our highest priority. We implement enterprise-grade security measures:
Where Your Data Is Stored
Cloud Infrastructure
- Primary Storage: Microsoft Azure (US-based data centers with HIPAA-compliant infrastructure)
- Database: MongoDB Atlas (encrypted, multi-region capable, with automated backups)
- All data centers maintain SOC 2 Type II and ISO 27001 certifications
Encryption & Protection
Security Measures
- In Transit: All data is encrypted using TLS 1.2+ protocols when transmitted between your device and our servers
- At Rest: Health data is encrypted using AES-256 encryption when stored in databases and cloud storage
- Database Security: MongoDB Atlas provides encryption, backup encryption, and access control
- Authentication: JWT (JSON Web Tokens) for secure session management
Access Controls
- Only authorized team members can access the data infrastructure
- Role-based access control (RBAC) limits access to necessary data only
- All data access is logged and monitored for suspicious activity
- Multi-factor authentication required for administrative accounts
- Regular employee training on data privacy and security
Backup & Disaster Recovery
- Regular automated backups to prevent data loss
- Backup data encrypted and stored separately from primary systems
- Disaster recovery procedures tested regularly
- 99.9% uptime SLA for core services
Security Assessments
- Regular penetration testing by third-party security firms
- Vulnerability scanning and patch management
- Annual security audits and compliance reviews
- Incident response plan in place for potential data breaches
Important Note on Security
While we implement strong security measures, no system is 100% secure. We encourage you to:
- Use strong, unique passwords for your account
- Enable multi-factor authentication when available
- Keep your device software up to date
- Use secure, private Wi-Fi networks when accessing your account
Third-Party Services & Data Sharing
InclusiCare works with carefully selected partners to provide you with the best service. Here's how we share data:
Service Providers (Data Processors)
We share data with service providers who help us operate InclusiCare:
Who we share with:
- Microsoft Azure: Cloud hosting and storage
- MongoDB Atlas: Database services
- Azure OpenAI & Google Gemini: AI processing for CARLA assistant
- Expo: Push notification service
- Payment Processors: Secure payment processing (PCI-DSS compliant)
- Customer Support Tools: Help desk and support ticketing systems
Data Processing Agreements
- All service providers sign Data Processing Agreements (DPAs) that require them to protect your data
- Service providers can only use data to provide the specific service contracted
- Service providers must implement similar security and privacy protections
- We regularly audit service providers for compliance
What We Do NOT Do
- We never sell your data to marketers, advertisers, or data brokers
- We never share health data with third parties for their marketing purposes
- We never allow third parties to profile you for targeted advertising
Legal Requirements & Law Enforcement
We may disclose your information if required by law or in response to valid legal requests:
- Court orders, subpoenas, or warrants
- Government agency requests (with proper authorization)
- Child safety concerns (mandated reporting)
- Fraud prevention or abuse detection
When possible and legally permitted, we will notify you of such requests.
Business Transfers
If InclusiGear, LLC is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
Children's Privacy & Parental Controls
InclusiCare is designed specifically for families caring for neurodivergent children. We take children's privacy seriously:
Who Can Create Accounts
- Only parents, guardians, and legal caregivers (age 18+) can create InclusiCare accounts
- You must be authorized to make decisions about the child's information
- Account creation requires email verification and consent acceptance
Children's Data Collection
- We collect information about children (health, behavioral, developmental) only with parental/guardian consent
- This information is not used for marketing, profiling, or other purposes outside caregiving
- Children do not directly interact with InclusiCare (app is for caregivers)
- If older children use any features, it's only under parental supervision and control
Care Circle Sharing & Permissions
- You control who has access to your child's information through Care Circle settings
- You can add/remove Care Circle members (therapists, educators, relatives) at any time
- You can set different permission levels for different members
- All Care Circle members must agree to privacy and data handling terms
Media & Photos
- You control what photos and media are uploaded and shared
- Photos are only stored within InclusiCare for your family's use
- We never use children's photos for marketing or external purposes
- You can delete photos and media at any time
Your Rights as Parent/Guardian
- Access all information stored about your child
- Request corrections to inaccurate information
- Delete your child's information and account
- Withdraw consent for specific data uses
- Limit how information is shared within Care Circle
Your Rights & Choices
Depending on your location, you have certain rights regarding your personal information:
Access Your Information
- You can access, view, and download all information we have about you and your child
- Use the "Account Settings" or contact us to request a data export
- We'll provide your data in a portable, machine-readable format
Correct Information
- You can update inaccurate or incomplete information through your account
- Contact us if you need assistance correcting data
Delete Your Account
- You can request complete account deletion at any time
- This removes all personal information, health data, and content from active systems
- Deletion requests are processed within 30 days
- We may retain certain data as required by law or for legitimate business purposes (backups, fraud prevention)
Data Portability
- You can request all your data in a portable format (CSV, JSON, PDF)
- This allows you to transfer your information to other services
- Contact us to initiate a data portability request
Marketing Communications
- You can opt out of promotional emails anytime by clicking "Unsubscribe"
- You can update communication preferences in account settings
- We still send service-related notifications (account updates, care reminders) even if you opt out of marketing
Limit AI Processing
- You can disable CARLA and AI-assisted features in your settings
- You can delete conversation history with CARLA anytime
Regional Privacy Rights
Depending on your location, you may have additional rights under local privacy laws (such as CCPA, GDPR, etc.). Please contact us for information about your specific rights.
Data Retention
We keep your data only for as long as necessary to provide services and comply with legal requirements:
Active Account Data
- Health & Behavioral Data: Retained while your account is active. You can delete specific entries anytime.
- Care Circle Information: Retained while your account is active and Care Circle members have access
- Documents & Photos: Retained while your account is active. You can delete individual items anytime
After Account Deletion
- Personal information is deleted from active systems within 30 days
- Health and behavioral data is deleted from active systems within 30 days
- Backup copies may be retained for up to 90 days for disaster recovery purposes
- Aggregated, anonymized data may be retained for service improvement (non-identifiable)
- Data may be retained longer if required by law or in response to legal holds
Support & Communication Records
- Support tickets and communications may be retained for 1-2 years for quality assurance
- You can request deletion of your support records
Technical Logs & Analytics
- Server logs and analytics data are retained for 90 days
- Aggregated usage analytics may be retained longer
- This data is not personally identifiable and does not contain health information
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:
How We Notify You
- Post the updated policy on our website with a clear "Last Updated" date
- Send email notification to registered accounts for material changes
- Request consent to the updated policy before providing continued service
- Provide at least 30 days' notice for significant changes
Your Options
- You can review changes and decide whether to continue using InclusiCare
- Continued use of the service after changes means you accept the updated policy
- If you don't agree with changes, you can delete your account
Archive
We maintain an archive of previous privacy policy versions. Contact us if you'd like to review prior versions.
Summary
InclusiCare is built on a foundation of trust and transparency. Here's what you need to know:
- Your data is safe: We use enterprise-grade encryption and security measures
- Your data is private: We never sell or share your information with marketers or advertisers
- Your data is yours: You have full control and can access, correct, or delete it anytime
- We're transparent: This policy explains exactly what we collect and why
- We're accountable: We're committed to protecting your family's sensitive health information
Thank you for trusting InclusiCare to support your family. We're honored to be part of your caregiving journey.