CAREIMO INC.
PRIVACY POLICY
This Privacy Policy describes how CareIMO Inc. (“CareIMO,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects information when you access or use the CareIMO website (www.careimo.com), mobile applications, and related services (collectively, the “Services”). This Privacy Policy is incorporated into and forms part of the CareIMO Terms of Service.
By accessing or using the Services, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with our data practices as described herein, please do not use the Services.
SECTION 1 – INTRODUCTION AND SCOPE
1.1 About CareIMO
CareIMO is a public health discussion and provider discovery platform. Users may post health-related questions, upload clinical images, and participate in public discussions. Verified healthcare providers may answer questions, build professional profiles, and participate in provider-only discussion spaces. The Services also include a provider directory, leaderboard, specialty browsing, and related features.
CareIMO is an educational and informational platform. CareIMO is not a healthcare provider, does not provide medical advice, and does not create any provider–patient relationship. CareIMO is not a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
1.2 Scope of This Privacy Policy
This Privacy Policy applies to all information collected through the Services, including information collected through our website (www.careimo.com and all subdomains), our mobile applications for iOS and Android, user-generated posts, comments, images, and uploads, account registration and profile creation, provider verification and onboarding, and communications with CareIMO.
1.3 What This Privacy Policy Does Not Cover
This Privacy Policy does not apply to: (a) information collected by healthcare providers outside of the CareIMO platform; (b) third-party websites, services, or platforms that may link to or from the Services, including provider websites linked from provider profiles; (c) medical treatment, clinical services, or provider–patient relationships that occur independently of the Services; or (d) information practices of third-party advertising networks, which are governed by their own privacy policies.
1.4 Related Documents
This Privacy Policy should be read together with our Terms of Service (www.careimo.com/terms), Consumer Health Data Privacy Policy (www.careimo.com/consumer-health-data-privacy), and Cookie Policy (www.careimo.com/cookies). In the event of a conflict between this Privacy Policy and the Terms of Service, the Terms of Service shall control.
1.5 Important Notice About Public Content
CAREIMO IS A PUBLIC DISCUSSION PLATFORM. HEALTH-RELATED QUESTIONS, ANSWERS, COMMENTS, AND CLINICAL IMAGES POSTED IN PUBLIC AREAS OF THE SERVICES ARE VISIBLE TO OTHER USERS, VISITORS, AND SEARCH ENGINES. YOU SHOULD NOT POST INFORMATION THAT YOU DO NOT WISH TO BE PUBLICLY ACCESSIBLE. CAREIMO STRONGLY ADVISES USERS NOT TO INCLUDE PERSONALLY IDENTIFIABLE INFORMATION SUCH AS FULL NAMES, ADDRESSES, PHONE NUMBERS, SOCIAL SECURITY NUMBERS, OR INSURANCE IDENTIFICATION NUMBERS IN PUBLIC POSTS.
SECTION 2 – INFORMATION WE COLLECT
2.1 Information You Provide Directly
Account Registration Information
When you create an Account, we collect: username, first name, middle name (optional), last name, email address, password, date of birth, and current location (city, state).
Profile Information
You may choose to provide additional profile information, including a community avatar or profile photograph and display preferences.
User Content
We collect content you submit to the Services, including health-related questions, comments, and replies; descriptions of symptoms, conditions, treatments, and experiences; information about what your provider said; additional context, history, or background; and post updates or edits you make after the original submission.
Clinical Images
You may upload photographs, radiographs, scans, or other visual depictions of medical conditions or clinical findings. Clinical images may contain sensitive health information and, once posted in public areas, are visible to other Users, visitors, and search engines. We recommend that you de-identify clinical images by removing or obscuring any identifying features (such as faces, tattoos, or distinctive marks) before uploading.
Health Information
CareIMO allows Users to voluntarily submit health-related content, which may include descriptions of symptoms, diagnoses, or medical conditions; medical history or treatment experiences; pricing or insurance information related to healthcare services; information about prescribed medications or procedures; and information about a minor child’s or pet’s health condition. CareIMO does not require Users to submit health information. Any such information is provided voluntarily and at your own discretion. Health information posted in public areas of the Services is not protected by HIPAA and may be visible to anyone.
Provider Verification Information
If you apply for a Verified Provider Account, we collect: provider type designation (e.g., MD, DO, NP, PA, DDS, DMD, PT, RDN, Psychologist, OT, SLP, Veterinarian); professional license information, including license number and state of licensure; National Provider Identifier (NPI) number, where applicable; CDR credential number, where applicable; front and back photographs of government-issued identification; and any additional credentialing documentation submitted during the onboarding process. Provider verification is currently performed by CareIMO’s internal team through manual review of submitted documentation. If CareIMO engages a third-party verification service in the future, this Privacy Policy will be updated to reflect that change.
Provider Profile Information
Verified Providers may provide additional professional information for their public profiles, including specialties and primary specialty, professional bio, credentials and years of experience, practice website URL, office addresses and phone numbers, languages spoken, states of licensure, and accepted insurance plans. Provider profile information is publicly visible.
Payment Information
If you enroll in Paid Services, payment transactions are processed by Stripe, Inc. (“Stripe”). CareIMO does not receive, store, or have access to your full credit card number, bank account number, or other sensitive financial account details. Stripe collects payment card details, billing address, and transaction data directly. Stripe’s data practices are governed by Stripe’s Privacy Policy, available at stripe.com/privacy.
Communications
We collect information you provide when you contact CareIMO for support, submit feedback or feature suggestions, report content or other Users, or otherwise communicate with us through the Services.
2.2 Information Collected Automatically
When you access or use the Services, we automatically collect certain technical and usage information, including:
(a) Device Information: device type and model, operating system and version, unique device identifiers (including advertising identifiers), mobile carrier, and browser type and version.
(b) Log and Usage Data: IP address, access times and dates, pages and screens viewed, features used, search queries entered, referring and exit URLs, click and scroll patterns, and time spent on pages and screens.
(c) Location Data: approximate location derived from your IP address (typically city-level). We may collect more precise geolocation data only with your explicit consent (for example, when you use location-based provider search features). You may disable precise location access through your device’s operating system settings.
(d) Crash and Performance Data: crash reports, diagnostic data, and performance metrics used to identify and resolve technical issues.
2.3 Cookies and Similar Technologies
We use cookies, web beacons, pixels, mobile SDKs, local storage, and similar tracking technologies to operate, secure, and improve the Services. These technologies help us authenticate Users, maintain sessions, remember preferences, understand usage patterns, and deliver and measure advertisements. For detailed information about the specific cookies we use, their purposes, duration, and your control options, please see our Cookie Policy at www.careimo.com/cookies.
2.4 Information from Third-Party Sources
We may receive information about you from the following third-party sources:
(a) Credential Verification: publicly available licensing databases and professional registries used to verify Provider credentials during the onboarding process.
(b) Advertising Partners: Google AdSense (web) and Google AdMob (mobile) may provide us with information about ad interactions, impressions, and conversions.
(c) Fraud Prevention: services that help us detect fraudulent or unauthorized activity.
We may combine information received from third-party sources with information collected directly through the Services.
2.5 De-Identified and Aggregated Information
We may create de-identified or aggregated information from personal information and User Content. De-identified information cannot reasonably be used to identify a specific individual and is not subject to this Privacy Policy. We may use de-identified or aggregated information for research, analytics, healthcare transparency reporting, industry insights, statistical modeling, product development, and other lawful purposes.
SECTION 3 – HOW WE USE INFORMATION
3.1 To Provide and Operate the Services
We use information to: create and manage your Account; enable you to post, upload, and share User Content; display public content within the platform; facilitate discussions between Users and Verified Providers; operate the provider directory, map, leaderboard, and specialty browsing features; calculate and display Contribution Metrics and reputation scores; verify Provider credentials; process transactions for Paid Services through Stripe; and provide customer support.
3.2 To Maintain Platform Safety and Integrity
We use information to: moderate content and enforce our Terms of Service and Community Guidelines; detect and prevent fraud, abuse, harassment, spam, and other prohibited conduct; investigate suspected violations of our policies; respond to reports submitted by Users; comply with legal obligations, including CSAM reporting requirements under 18 U.S.C. § 2258A; and protect the safety of Users, Providers, and the public.
3.3 To Improve and Develop the Services
We use information to: analyze platform usage, engagement patterns, and feature adoption; improve user experience, functionality, and performance; develop new features and services; conduct internal research and analytics using our own systems (CareIMO does not currently use third-party analytics tools); and evaluate the effectiveness of content moderation and safety tools.
3.4 To Communicate with You
We use information to: send transactional emails (account confirmation, password reset, payment receipts); send notification emails (replies to your posts, helpful votes on your replies, activity from followed providers, announcements); send push notifications to your mobile device regarding account activity and platform updates; send SMS/text messages for account verification, security alerts, and other transactional purposes; and respond to your inquiries, support requests, and feedback.
You may manage your communication preferences through your Account settings. You may unsubscribe from promotional emails using the unsubscribe link in each email. You may opt out of non-transactional text messages by replying STOP. You may control push notifications through your device’s operating system settings. CareIMO reserves the right to send transactional and administrative communications regardless of your marketing preferences.
3.5 To Display Advertising
The Services display advertisements provided by Google AdSense (on our website) and Google AdMob (in our mobile applications). We and our advertising partners may use cookies, device identifiers, and similar technologies to deliver relevant advertisements, measure advertising effectiveness, limit ad frequency, and build interest-based user profiles. For more information, see Section 6 (Advertising and “Do Not Sell or Share”).
3.6 For Legal and Compliance Purposes
We use information to: comply with applicable federal, state, and local laws and regulations; respond to lawful requests, subpoenas, court orders, or enforceable governmental requests; protect the rights, property, or safety of CareIMO, Users, Providers, or the public; enforce our Terms of Service and other agreements; and establish, exercise, or defend legal claims.
SECTION 4 – HOW WE SHARE AND DISCLOSE INFORMATION
4.1 Public Content
Content that you post in publicly accessible areas of the Services, including health questions, answers, comments, clinical images, and provider profile information, may be visible to other Users, Verified Providers, visitors, and search engines. Public content may be indexed, cached, copied, archived, or redistributed by third parties beyond CareIMO’s control. CareIMO is not responsible for how third parties use or share public content once it has been made publicly available. You should not post information that you do not wish to be publicly accessible.
4.2 Service Providers
We share information with third-party service providers that perform functions on our behalf, including:
(a) Stripe, Inc.: processes payment transactions for Paid Services. Stripe receives payment card details, billing address, and transaction data. Stripe’s practices are governed by stripe.com/privacy.
(b) Amazon Web Services (AWS): provides cloud infrastructure, including hosting (ECS), data storage (S3), and authentication services (Cognito). AWS processes data on CareIMO’s behalf under a data processing agreement.
(c) Google AdSense and Google AdMob: deliver advertisements within the Services. These services may use cookies, device identifiers, and similar technologies to collect information about your interactions with advertisements. Google’s practices are governed by Google’s Privacy Policy.
Our service providers are authorized to use information only as necessary to provide services to CareIMO and are subject to contractual confidentiality and data protection obligations.
4.3 Provider Credential Verification
For Users applying for or maintaining a Verified Provider Account, we may share or verify information with publicly available licensing databases and professional registries to confirm licensure status and credential validity. If CareIMO engages a third-party identity verification service in the future, Provider credential data may be shared with that service, and this Privacy Policy will be updated accordingly.
4.4 Law Enforcement and Legal Requests
We may disclose information to law enforcement agencies, government authorities, or other third parties when we in good faith believe disclosure is: (a) required by applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request; (b) necessary to enforce our Terms of Service, investigate potential violations, or detect and prevent fraud, security incidents, or technical issues; (c) necessary to protect the rights, property, or safety of CareIMO, Users, Providers, or the public; or (d) necessary to respond to an emergency involving danger of death or serious physical injury.
Where legally permitted, CareIMO will attempt to notify affected Users before disclosing their information in response to legal process.
4.5 CSAM Reporting
In accordance with 18 U.S.C. § 2258A, CareIMO will report any apparent child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and may disclose associated User information, content, metadata, and IP addresses in connection with such reports.
4.6 Business Transfers
In the event of a merger, acquisition, financing transaction, reorganization, bankruptcy, or sale of all or substantially all of CareIMO’s assets, your information may be transferred as part of that transaction. We will provide notice through the Services or by email if your information becomes subject to a different privacy policy as a result of such a transaction.
4.7 De-Identified and Aggregated Information
We may share de-identified or aggregated information that cannot reasonably identify any individual for lawful purposes, including research, analytics, healthcare transparency reporting, and industry insights.
4.8 With Your Consent
We may share your information in other circumstances with your consent or at your direction.
SECTION 5 – PUBLIC NATURE OF THE PLATFORM
5.1 Public Visibility of User Content
CareIMO is a public discussion platform. Content posted in public areas of the Services may be viewed by other Users, Verified Providers, visitors, and search engines. Once you post content publicly, it may be shared, copied, indexed, cached, or redistributed by third parties beyond CareIMO’s control. CareIMO does not guarantee the confidentiality of any content posted in public areas.
5.2 User Responsibility
You are solely responsible for the content you submit, post, or upload to the Services. You should not post: (a) information that you do not wish to make public; (b) personally identifiable information about yourself or others (such as full names, addresses, phone numbers, social security numbers, or insurance identification numbers); (c) clinical images containing identifying features (such as faces, tattoos, or distinctive marks) unless you have taken steps to de-identify them; or (d) content that violates applicable law or the rights of others.
5.3 No Confidential Healthcare Relationship
Submitting information through the Services does not create a provider–patient relationship, a confidential medical record, or a HIPAA-protected healthcare communication. CareIMO is not a healthcare provider and does not provide medical treatment, diagnosis, or clinical services. Health-related content posted on the Services is user-generated and should not be relied upon as medical advice.
5.4 Curbside Provider-Only Space
The Curbside feature is a private discussion space available exclusively to Verified Providers in good standing. Content posted in Curbside is not visible to general Users or the public. However, CareIMO administrators may access and review Curbside content for safety, legal compliance, content moderation, and enforcement purposes. Curbside content is subject to the same data practices described in this Privacy Policy.
5.5 Content About Third Parties
Users may post health-related content about third parties, including minor children and pets. If you post content about another individual, you are responsible for ensuring that you have lawful authority to share such information and that you have obtained any necessary consents. You should not include directly identifying information about minors (such as full name, date of birth, school name, or photographs showing the child’s face). For detailed rules about posting on behalf of third parties, see Section 7 of the Terms of Service.
SECTION 6 – ADVERTISING AND “DO NOT SELL OR SHARE”
6.1 Third-Party Advertising
The Services display advertisements provided by Google AdSense (on our website) and Google AdMob (in our mobile applications). These advertising networks may use cookies, mobile advertising identifiers, device identifiers, IP addresses, and similar technologies to collect information about your interactions with the Services and with advertisements. This information may be used to deliver targeted advertisements, measure ad effectiveness, and build interest-based user profiles across websites and apps.
6.2 What Data Flows to Advertising Partners
Information that may be collected by or shared with our advertising partners includes: cookie identifiers and similar tracking identifiers; mobile advertising identifiers (such as Apple IDFA or Google AAID); device type and operating system; IP address; pages and screens visited; and interactions with advertisements (clicks, views, conversions).
CareIMO does not share the content of your health questions, answers, clinical images, or other Health Content with advertising partners. Advertising partners do not have access to your registration information (name, email, date of birth) unless you independently provide it to them.
6.3 “Sale” and “Sharing” Under State Privacy Laws
CareIMO does not sell your personal information to third parties in exchange for monetary payment. However, CareIMO’s use of advertising cookies from Google AdSense and AdMob may constitute “sharing” of personal information for cross-context behavioral advertising under certain state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”).
Specifically, the following categories of personal information may be “shared” (as defined under CCPA/CPRA) with advertising partners: identifiers (IP address, device identifiers, advertising identifiers) and internet or electronic network activity information (browsing history, interactions with advertisements).
CareIMO does not “sell” or “share” Sensitive Personal Information (including Health Content or precise geolocation data) with advertising partners.
6.4 Your Opt-Out Rights
You may opt out of the “sale” or “sharing” of your personal information by: (a) clicking the “Do Not Sell or Share My Personal Information” link in the footer of www.careimo.com or in the mobile application settings; (b) submitting an opt-out request to support@careimo.com; or (c) enabling a Global Privacy Control (GPC) signal in your browser, which CareIMO will process as an opt-out request for the associated browser or device. You may exercise these rights at any time without creating an Account.
6.5 Limit the Use of Sensitive Personal Information
Under the CPRA, health-related information constitutes Sensitive Personal Information. You may limit CareIMO’s use and disclosure of your Sensitive Personal Information to uses that are necessary to provide the Services. To exercise this right, click the “Limit the Use of My Sensitive Personal Information” link in the footer of www.careimo.com or in the mobile application settings, or contact support@careimo.com.
SECTION 7 – HIPAA AND REGULATORY STATUS
7.1 CareIMO Is Not a HIPAA Covered Entity
CareIMO is not a healthcare provider, health plan, or healthcare clearinghouse. CareIMO is not a “covered entity” or “business associate” as those terms are defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA does not govern the health-related information you voluntarily share on the Services. The Services do not provide a secure, HIPAA-compliant communication channel.
7.2 Health Information Is Not Protected Health Information
Information submitted by Users to the Services, including health-related content and clinical images, is not submitted for purposes of medical treatment or healthcare operations. Information posted on the Services is not “Protected Health Information” under HIPAA. Users should not expect the Services to function as a medical record system or secure healthcare communication platform.
7.3 No Provider–Patient Relationship
Use of the Services does not establish a provider–patient, dentist–patient, therapist–client, veterinarian–client, or any other professional duty-of-care relationship. Discussions on the Services are for informational and educational purposes only and do not constitute medical advice, diagnosis, or treatment.
7.4 Consumer Health Data Laws
Although HIPAA does not apply, CareIMO recognizes that health-related information may be subject to other laws, including the Washington My Health My Data Act (“MHMDA”), the Nevada Consumer Health Data Privacy Act, the Connecticut Data Privacy Act, and the Sensitive Personal Information provisions of the CCPA/CPRA. CareIMO’s practices with respect to consumer health data are described in our separate Consumer Health Data Privacy Policy, available at www.careimo.com/consumer-health-data-privacy.
7.5 FTC Health Breach Notification
CareIMO is subject to the FTC Health Breach Notification Rule (16 C.F.R. Part 318). In the event of a breach of security involving your identifiable health-related information, CareIMO will provide notification in accordance with this rule, applicable state breach notification laws, and any other applicable requirements. CareIMO will notify affected Users without unreasonable delay and within the timeframes required by applicable law.
SECTION 8 – DATA SECURITY
8.1 Security Measures
CareIMO implements reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include: encryption of data in transit using TLS/HTTPS; encryption of stored data in our cloud infrastructure; access controls and authentication procedures, including multi-factor authentication for administrative access; role-based access limitations for CareIMO personnel; monitoring for suspicious or unauthorized activity; and secure cloud hosting through Amazon Web Services (AWS), which maintains its own comprehensive security certifications and controls.
8.2 No Absolute Security Guarantee
While we implement reasonable security measures, no method of transmission over the internet and no method of electronic storage is completely secure. We cannot guarantee absolute security of information submitted to or stored within the Services. Users acknowledge and accept the inherent risks associated with transmitting information online.
8.3 User Account Security
You are responsible for: (a) maintaining the confidentiality of your Account credentials; (b) restricting access to your Account and devices; and (c) notifying us promptly at support@careimo.com of any suspected unauthorized use, breach, or compromise of your Account. CareIMO is not responsible for unauthorized access resulting from your failure to safeguard your login credentials.
8.4 Public Content Security Limitations
Because CareIMO operates a public discussion platform, content posted in publicly accessible areas is not protected from viewing, copying, or redistribution by other Users or third parties. Security safeguards apply to private account information and internal systems but do not prevent the visibility of public content as described in this Privacy Policy.
SECTION 9 – DATA RETENTION
9.1 General Retention Principles
CareIMO retains personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, enforce our agreements, and protect the safety and integrity of the Services. When personal information is no longer needed for these purposes, we will delete or anonymize it in accordance with our data retention practices.
9.2 Retention Periods by Category
(a) Account Information: retained for as long as your Account remains active. If you close your Account, we will delete or anonymize your registration data within a commercially reasonable timeframe, subject to any legal retention requirements.
(b) Public User Content (posts, replies, comments): may be retained in de-identified or anonymized form after Account deletion to maintain the integrity and continuity of public discussion threads, unless you specifically request deletion and no legal retention obligation applies.
(c) Clinical Images: if you delete a clinical image or close your Account, we will remove the image from active display. Copies may persist in backup systems for a limited period and in third-party caches, search engine indexes, or copies made by other Users, which are outside CareIMO’s control.
(d) Provider Verification Data (credential documents, government ID copies): retained for as long as the Provider Account is active and for a reasonable period after Account closure for compliance, audit, and dispute resolution purposes.
(e) Payment Data: CareIMO does not store full payment card details. Transaction records and billing history are retained as required by tax and financial record-keeping laws. Stripe retains payment data in accordance with its own data retention policies.
(f) Automatically Collected Data (server logs, IP addresses, device information): retained for up to 12 months for security, analytics, and troubleshooting purposes, then deleted or aggregated.
(g) Communications and Support Requests: retained for as long as necessary to resolve the matter and for a reasonable period afterward for quality assurance and legal purposes.
(h) CSAM-Related Records: retained for a minimum of one (1) year in accordance with the REPORT Act and 18 U.S.C. § 2258A.
9.3 Legal and Regulatory Retention
Notwithstanding the above, we may retain information for longer periods where required or permitted by applicable law, including to comply with regulatory requirements, respond to legal claims or litigation holds, preserve evidence, and protect the safety and integrity of the Services.
9.4 De-Identified Information
We may retain de-identified or aggregated information indefinitely, provided that such information cannot reasonably be used to identify a specific individual.
SECTION 10 – YOUR RIGHTS AND CHOICES
10.1 Account Settings
You may review and update certain Account information through your Account settings, including your profile information, notification preferences, privacy and profile visibility controls, default feed and specialty preferences, and current location.
10.2 Account Deletion
You may request closure of your Account at any time through Account settings or by contacting support@careimo.com. Upon Account closure: (a) your profile will be removed from active display; (b) your registration data will be deleted or anonymized in accordance with Section 9; (c) public User Content may be retained in de-identified form as described in Section 9.2(b); and (d) content that has been shared, copied, or archived by third parties cannot be removed by CareIMO.
10.3 Data Export
CareIMO intends to provide Users with the ability to export their own User Content and Account data. This feature is under development. Until the data export feature is available, Users may request a copy of their data by contacting support@careimo.com, and CareIMO will fulfill such requests within a commercially reasonable timeframe, subject to identity verification.
10.4 Communication Preferences
You may manage your communication preferences as follows: (a) email: unsubscribe from promotional emails using the unsubscribe link in each email, in compliance with the CAN-SPAM Act; (b) push notifications: enable or disable through your device’s operating system settings or your Account notification preferences; (c) SMS/text messages: opt out of non-transactional messages by replying STOP to any message, or by adjusting your Account settings; for help, reply HELP or contact support@careimo.com. Message and data rates from your mobile carrier may apply. By providing your phone number, you represent that you are the subscriber or authorized user of that number and consent to receive text messages from CareIMO in compliance with the Telephone Consumer Protection Act (47 U.S.C. § 227) (“TCPA”). CareIMO reserves the right to send transactional and administrative communications regardless of your marketing preferences.
10.5 Cookie and Tracking Preferences
You may manage your cookie preferences through our cookie preference center accessible via the Services. Most web browsers allow you to control cookies through browser settings. If you disable certain cookies, some features of the Services may not function properly. For more information, see our Cookie Policy at www.careimo.com/cookies.
10.6 Advertising Opt-Out
You may opt out of interest-based advertising by: (a) using the “Do Not Sell or Share My Personal Information” link described in Section 6.4; (b) adjusting your device’s advertising settings (e.g., “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android); (c) visiting the Digital Advertising Alliance’s opt-out page at optout.aboutads.info; or (d) enabling a Global Privacy Control (GPC) signal in your browser.
SECTION 11 – STATE PRIVACY RIGHTS
11.1 Applicability
Depending on your state of residence, you may have certain rights regarding your personal information under applicable state privacy laws. This Section provides information about the rights available under the laws of specific states. CareIMO will honor verifiable requests from residents of all states with applicable comprehensive privacy laws, including but not limited to those listed below.
11.2 California (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
(a) Right to Know: you may request that CareIMO disclose the categories and specific pieces of personal information collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom information is shared.
(b) Right to Delete: you may request that CareIMO delete personal information collected from you, subject to certain legal exceptions (such as information needed to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights).
(c) Right to Correct: you may request correction of inaccurate personal information that CareIMO maintains about you.
(d) Right to Opt Out of Sale/Sharing: you may opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising, as described in Section 6.
(e) Right to Limit Use of Sensitive Personal Information: you may limit CareIMO’s use and disclosure of your Sensitive Personal Information (including health data) to uses necessary to provide the Services.
(f) Right to Data Portability: you may request a copy of your personal information in a portable and readily usable format.
(g) Right to Non-Discrimination: CareIMO will not discriminate against you for exercising your privacy rights.
Categories of Personal Information Collected (CCPA Disclosure)
In the preceding twelve (12) months, CareIMO has collected the following categories of personal information as defined by the CCPA:
| CCPA Category | Examples Collected by CareIMO |
|---|---|
| A. Identifiers | Name, username, email address, IP address, device identifiers, advertising identifiers |
| B. Customer Records | Name, address (for providers), phone number (for providers), insurance information (if provided in posts) |
| D. Commercial Information | Subscription history, payment records (processed by Stripe) |
| F. Internet/Network Activity | Browsing history, search queries, pages viewed, interactions with content and advertisements |
| G. Geolocation Data | Approximate location from IP address; precise location only with consent |
| H. Audiovisual Information | Clinical images, profile photographs, provider photos |
| I. Professional Information | Provider credentials, license numbers, NPI, specialties, practice information |
| K. Inferences | Contribution Metrics, reputation scores, content recommendations |
| L. Sensitive Personal Info | Health information from Q&A posts, clinical images, precise geolocation (with consent), government ID (providers) |
Sale and Sharing Disclosure
CareIMO does not “sell” personal information for monetary consideration. CareIMO’s use of advertising cookies from Google AdSense and AdMob may constitute “sharing” of personal information in Categories A and F for cross-context behavioral advertising. CareIMO does not sell or share Sensitive Personal Information in Category L with advertising partners.
11.3 Washington (My Health My Data Act)
If you are a Washington resident, or if Washington’s My Health My Data Act otherwise applies to you, you have additional rights regarding your consumer health data, including the right to access, delete, and withdraw consent for the collection and sharing of consumer health data. These rights are described in detail in our separate Consumer Health Data Privacy Policy, available at www.careimo.com/consumer-health-data-privacy.
11.4 Other State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Indiana, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, Kentucky, and other states with comprehensive privacy laws may have rights including: the right to access personal information; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of targeted advertising, sale of personal information, and certain profiling; and the right to data portability. CareIMO will honor verifiable requests from residents of these states in accordance with applicable law.
11.5 How to Exercise Your Rights
To submit a privacy rights request, you may: (a) email support@careimo.com with the subject line “Privacy Rights Request”; or (b) use the privacy controls available in your Account settings.
CareIMO will verify your identity before fulfilling any request. We may ask you to provide information that matches the information we have on file for your Account. If you submit a request through an authorized agent, we may require the agent to provide signed written authorization and may verify your identity directly.
We will respond to verifiable requests within the timeframes required by applicable law (generally within 45 days for CCPA requests, with a possible 45-day extension for complex requests). CareIMO will not discriminate against you for exercising your privacy rights.
11.6 Do Not Track and Global Privacy Control
CareIMO honors Global Privacy Control (GPC) signals in accordance with applicable law. When CareIMO detects a valid GPC signal, CareIMO will treat it as a request to opt out of the “sale” or “sharing” of personal information for the associated browser or device. CareIMO does not currently respond to Do Not Track (DNT) browser signals, as there is no universally accepted industry standard for DNT compliance.
11.7 Financial Incentives
CareIMO does not offer financial incentives or price or service differences in exchange for the retention or sale of personal information.
SECTION 12 – PROVIDER-SPECIFIC PRIVACY PRACTICES
12.1 Provider Profile Visibility
Verified Provider profiles are publicly visible and may include: display name, professional photo, specialties, credentials, years of experience, bio, practice website, office addresses, phone numbers, languages spoken, states of licensure, accepted insurances, verification status, Contribution Metrics, recent answers, and recent activity. This information may be indexed by search engines and viewed by anyone, including non-registered visitors.
12.2 Provider Credential Data
Credential documentation submitted during the verification process (including government-issued identification, license information, and NPI) is stored securely and is accessible only to CareIMO personnel involved in the verification process. Government ID images are not displayed publicly on the platform. CareIMO may retain credential documentation after Account closure for compliance, audit, and dispute resolution purposes.
12.3 Anonymous Provider Participation
Verified Providers may post content anonymously in certain contexts (displayed as “Verified Provider” without the Provider’s name). However, CareIMO retains full identity records internally for all anonymous posts for moderation, safety, and legal compliance purposes. CareIMO may disclose a Provider’s identity if required by law, subpoena, court order, or to address imminent safety concerns.
12.4 Provider Content Persistence
Provider answer history, reputation scores, and Contribution Metrics are core features of the platform. If a Provider closes their Account, CareIMO may continue to display publicly available provider information (such as name, credentials, and licensure status) for the benefit of consumer transparency, unless removal is required by law. Answer history and reputation data may be retained in de-identified form.
12.5 Curbside Data Practices
Content posted in the Curbside provider-only discussion space is restricted to verified participants and is not publicly accessible. However, CareIMO administrators may access Curbside content for safety, legal compliance, moderation, and enforcement purposes. Curbside content is subject to the same retention practices described in Section 9.
SECTION 13 – CHILDREN’S PRIVACY
The Services are intended solely for individuals who are at least eighteen (18) years of age. CareIMO does not knowingly collect personal information from children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (“COPPA”). No person under the age of 18 may create an Account, submit User Content, or use interactive features of the Services.
CareIMO does allow adult Users (who must be 18 or older) to post health-related content about their minor children. Adults posting about minors should not include the child’s full name, date of birth, school name, address, or other directly identifying information, and should not upload photographs showing the child’s face. For complete rules about posting on behalf of minors, see Section 7 of the Terms of Service.
If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. Parents or guardians who believe their child under 13 has provided personal information to CareIMO may contact us at support@careimo.com.
SECTION 14 – INTERNATIONAL USERS
CareIMO is operated from the United States. The Services are primarily intended for Users located within the United States. If you access or use the Services from outside the United States, you understand and acknowledge that: (a) your information will be transferred to, processed in, and stored in the United States; (b) data protection laws in the United States may differ from those in your jurisdiction; and (c) by using the Services, you consent to the transfer of your information to the United States.
CareIMO makes no representation that the Services are appropriate or available for use in any particular jurisdiction outside the United States. If CareIMO expands to serve Users in jurisdictions with additional data protection requirements (such as the European Economic Area, United Kingdom, or Switzerland), CareIMO will update this Privacy Policy to address applicable requirements, including lawful data transfer mechanisms.
SECTION 15 – THIRD-PARTY LINKS AND SERVICES
The Services contain links to third-party websites and services, including links within Verified Provider profiles to provider websites, office addresses (which may link to mapping services), and phone numbers. CareIMO does not control, endorse, or assume responsibility for third-party websites, their content, or their privacy practices. Accessing third-party websites is at your own risk, and you should review the privacy policies of any third-party website you visit. The inclusion of any link on the Services does not imply endorsement by CareIMO.
SECTION 16 – CHANGES TO THIS PRIVACY POLICY
We may update or modify this Privacy Policy from time to time. If we make material changes, we will: (a) update the “Effective Date” and “Last Updated” date at the top of this Privacy Policy; (b) provide a summary of the material changes; and (c) provide notice through the Services (such as an in-app notification or banner) or by email to the address associated with your Account, where required by applicable law.
Material changes will become effective thirty (30) days after posting or such later date as specified in the notice. Non-material changes (such as typographical corrections) may become effective upon posting. Your continued use of the Services after any changes become effective constitutes your acknowledgment of the revised Privacy Policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Prior versions of this Privacy Policy will be made available upon request.
SECTION 17 – CONTACT INFORMATION
If you have questions about this Privacy Policy or our privacy practices, or if you wish to submit a privacy-related request, you may contact us at:
CareIMO Inc.
c/o Republic Registered Agent LLC
262 Chapman Rd, Ste 240
Newark, DE 19702
Email: support@careimo.com
Website: www.careimo.com
If you are submitting a request to access, correct, or delete personal information, please provide sufficient information to allow us to verify your identity and process your request. We may request additional information to confirm your identity before responding to certain requests.
If you have a complaint about our privacy practices that we have not satisfactorily resolved, you may contact the appropriate state attorney general’s office or regulatory authority in your jurisdiction.
If you grant camera or photo-library permission, CareIMO uses it only when you choose to take or upload images for posts, profile photos, or provider verification. CareIMO does not access your camera, camera roll, or photo library unless you choose an image workflow.
When you leave CareIMO through a provider booking link or other outbound link, the third party's terms and privacy policy govern what they collect. CareIMO does not receive information you enter on an external booking, EHR, payment, intake, telehealth, or scheduling system.
CareIMO uses location information for account location fields, provider directory search, provider location filters, and map/current-location features when you consent.