Privacy Policy

1. Who We Are

CareAutopilot ("we," "us," or "our") is a marketing and recruitment platform built for home care agencies. Our website is located at careautopilot.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our tools, or interact with our services.

2. Information We Collect

Information you provide directly

• Account information: name, email address, phone number, and business name when you sign up or subscribe.
• Agency profile data: business address, services offered, service area, and team size entered into your agency dashboard.
• Lead and applicant data: when care-seekers or job applicants submit forms on your campaign landing pages (e.g., /care/[slug] or /jobs/[slug]), we collect their name, phone, email, ZIP code, and form responses on your behalf.
• Payment information: processed securely by Stripe. We do not store full credit card numbers on our servers.

Information collected automatically

• Usage data: pages visited, features used, browser type, device, IP address, and referring URLs.
• Cookies and tracking pixels: we use Meta Pixel and Google Ads tracking on campaign landing pages to measure ad performance for agencies. These are only active on landing pages where an agency has enabled ad campaigns.

Information from third parties

• Meta Lead Ads:when a lead fills out a Facebook Lead Ad form, Meta sends us the lead's contact information via webhook so we can deliver it to the relevant agency.
• Meta Ad Library: we access publicly available ad data to provide competitive intelligence to agencies.

3. How We Use Your Information

• Provide, operate, and improve our platform and services.
• Process subscriptions and payments through Stripe.
• Deliver leads and applicant submissions to the appropriate agency.
• Generate AI-powered content (ad copy, social posts, competitive analysis) on behalf of agencies using third-party AI providers.
• Deploy and manage advertising campaigns on Meta and Google on behalf of agencies.
• Send transactional emails (account confirmations, lead notifications).
• Analyze usage patterns to improve the platform.

4. How We Share Your Information

We do not sell your personal information. We share data only as follows:

• With agencies: lead and applicant data submitted on campaign landing pages is shared with the agency that created the campaign.
• Service providers: we use Supabase (database and authentication), Stripe (payments), Resend (email delivery), Anthropic (AI content generation), Meta (advertising), and Google (advertising) to operate the platform. Each provider receives only the data necessary to perform their function.
• Meta Conversions API: when a lead submits a form on a campaign landing page, we send hashed (SHA-256) contact data to Meta for ad attribution. This is server-side and uses one-way hashing.
• Legal requirements: we may disclose information if required by law, legal process, or government request.

5. Data Retention

We retain your account and agency data for as long as your account is active. Lead and applicant data is retained for the duration of the agency's subscription plus 90 days. You may request deletion of your data at any time by contacting us at support@careautopilot.com.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS/SSL), encrypted storage, row-level security policies on our database, and secure authentication. Payment data is handled entirely by Stripe, which is PCI DSS compliant.

7. Cookies and Tracking

Our main application uses essential cookies for authentication and session management. Campaign landing pages may include:

• Meta Pixel: tracks page views and lead conversions for Facebook/Instagram ad attribution.
• Google Ads tag (gtag): tracks page views and conversions for Google Ads attribution.

These tracking pixels are only active on agency campaign landing pages (/care/[slug] and /jobs/[slug]) and are used solely for ad performance measurement.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Opt out of marketing communications.
• Request a copy of your data in a portable format.

To exercise any of these rights, contact us at support@careautopilot.com.

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

10. Medicare/Medicaid Waiver Program Data

Our recruitment campaigns may target caregivers who work with families enrolled in Medicaid waiver programs. We do not collect, store, or process any Protected Health Information (PHI) as defined by HIPAA. Our platform handles only employment-related information (contact details, certifications, availability) for recruitment purposes.

11. Third-Party AI Processing

We use Anthropic's Claude AI to generate marketing content, ad copy, and competitive analysis on behalf of agencies. Agency profile data (name, location, services) is sent to the AI provider to generate relevant content. We do not send lead personal data or PHI to AI providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. Continued use of the platform after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: support@careautopilot.com
Website: careautopilot.com