CRMO Care - Privacy Policy

At a Glance

CRMO Care ("CRMO Care," "we," "our," or "us") is a wellness and information management platform that helps individuals and families organize health-related information through structured clinical data collection and treatment progress monitoring.

Key points:

• You control your data (view, edit, delete; request export).
• We do not sell or rent your information.
• All data encrypted in transit (TLS 1.3) and at rest (AES-256).
• Row-level database security ensures complete data isolation between users.
• Business Associate Agreements (BAAs) with all AI and data processing vendors.
• PHI-free logging—no health data in system logs or error tracking.
• We do not provide medical advice, diagnosis, or treatment.
• Voice recordings retained per user preference; you can delete at any time.
• CRMO Care is not a HIPAA Covered Entity; we implement HIPAA-aligned safeguards.

1. Scope and Definitions

This Privacy Policy describes what information we collect, how we use and share it, how we protect it, and your rights and choices.

Not a healthcare provider: CRMO Care is not a healthcare provider, medical device, or HIPAA-covered entity. We nonetheless apply HIPAA-aligned privacy, security, and de-identification safeguards to protect your information.

2. Data We Collect and How We Use It

2.1 Account Information

We collect:

• Name or display name
• Email address and login credentials
• Authentication tokens from third-party providers (Apple, Google, etc.)

Purpose: To create and manage your account, authenticate logins, and provide technical support.

2.2 Wellness and Input Data

We collect:

• Symptom logs, activity data, mood or pain entries, medication schedules, flare-up frequency, sleep quality, or other wellness-related inputs
• Optional caregiver or child profile information that you enter
• Optional wearable or portal data that you connect (e.g., WHOOP, Apple Health)

Purpose: To generate charts, insights, and personal summaries to help you understand patterns in your wellness. You may delete any record you have entered at any time through your account settings or by contacting us.

2.3 Voice Recordings and Transcriptions

If you use our voice journal feature, we collect:

• Voice recordings captured via the voice journal feature
• Transcribed text derived from voice recordings (using OpenAI Whisper with Business Associate Agreement for HIPAA compliance)
• Extracted structured data (e.g., symptoms, pain levels, medications, triggers, mood)

Why we collect it: Hands-free entry and accessibility; converting spoken updates into structured, searchable wellness information.

AI Processing Safeguards:

• Business Associate Agreement (BAA) in place with OpenAI for HIPAA compliance
• Voice recordings processed through BAA-covered endpoints only
• Minimal necessary PHI principle applied to AI prompts (IDs and metadata only, not full names/DOB)
• AI processing logs contain no PHI (only request IDs, latency, and error codes)
• User review and editing required before any AI-structured data is saved
• Voice recordings and transcripts never stored in non-BAA-covered analytics tools

Retention and Your Control:

• Voice recordings and transcripts may be retained for quality improvement but can be deleted upon request at any time
• Default retention: recordings are kept unless you request deletion
• You can delete specific recordings or all voice data from account settings or by contacting info@crmo-care.app
• You can review, edit, and correct all AI-extracted data before saving
• Transcription quality validated before clinical use

2.4 AI Chat Interactions

We collect:

• Chat queries and messages you send to the AI assistant
• AI-generated responses and recommendations
• Context about your health data used to personalize responses

Purpose: To provide personalized health insights, answer questions about your data, and improve the AI assistant's accuracy and helpfulness.

Usage: Chat interactions are logged for quality improvement and debugging. De-identified chat data may be used for research purposes if you opt into the Research Databank. AI processing involves third-party language models that comply with HIPAA-aligned security standards.

Important: AI-generated insights are for informational purposes only and do not constitute medical advice. Always consult healthcare professionals for medical decisions.

2.5 Connected Portal and Medical Record Data (Right of Access)

If you choose to use CRMO Care to connect your health provider portals or request copies of your records under the HIPAA Right of Access, you authorize CRMO Care to act as your personal health record tool for the limited purpose of retrieving your information and displaying it within your private account.

We collect:

• Copies of medical records you request under your HIPAA Right of Access
• Basic demographics from provider systems (name, age, lab summaries, visit data, etc.)

Purpose: To help you consolidate your own records in one place.

Important Note: CRMO Care acts at your direction when processing your own medical records obtained through your Right of Access. We are not acting as a Business Associate in this capacity, but rather as your personal agent helping you organize your own data. All imported data remains your property and can be deleted or exported at any time. CRMO Care does not modify or interpret medical records and is not responsible for their accuracy.

2.6 Medical Records - HIPAA Right of Access

If you choose to use CRMO Care to connect your health provider portals or request copies of your records under the HIPAA Right of Access, you authorize CRMO Care to act as your personal health record tool for the limited purpose of retrieving your information and displaying it within your private account.

We may collect:

• Copies of medical records you request under your HIPAA Right of Access
• Basic demographics from provider systems (name, age, lab summaries, visit data, etc.)

Purpose: To help you consolidate your own records in one place.

Important Note: CRMO Care acts at your direction when processing your own medical records obtained through your Right of Access. We are not acting as a Business Associate in this capacity, but rather as your personal agent helping you organize your own data. All imported data remains your property and can be deleted or exported at any time. CRMO Care does not modify or interpret medical records and is not responsible for their accuracy.

2.7 Technical and Usage Data

We collect:

• Device type and operating system (e.g., iPhone model, iOS version)
• App version and build number
• Crash logs and error reports (with PHI scrubbing)
• Basic feature usage metrics (e.g., screen views, button interactions)
• Session duration and timestamps

Why we collect it: Reliability, debugging, security monitoring, and product improvement.

We do not collect advertising identifiers, third-party advertising analytics, or location data (unless you explicitly enable location services for a specific feature).

PHI protection: Error logs are scrubbed of protected health information before being sent to our error tracking service (Sentry).

2.8 Communications and Feedback

We collect:

• Your name, email, and message content
• Optional usability or feature feedback

Purpose: To improve app design, troubleshoot issues, and enhance user experience. We may anonymize and aggregate feedback for internal analysis.

3. Data Storage and Security

Infrastructure

CRMO Care uses U.S.-based infrastructure, including:

• Supabase (database/auth/storage - SOC 2 Type II certified)
• OpenAI (voice transcription and text processing - Business Associate Agreement in place)
• Sentry (error tracking and monitoring - PHI scrubbed before transmission)
• Expo (mobile app development and push notifications)
• Vercel (web hosting and deployment)

All service providers that process Protected Health Information (PHI) are covered by Business Associate Agreements (BAAs) to ensure HIPAA-aligned protection of your data.

Security Controls

We use administrative, technical, and operational measures, including:

• Encryption in transit: TLS 1.3
• Encryption at rest: AES-256
• Row-Level Security (RLS): Database-level access controls ensure every query is automatically filtered by user_id and child_id; no user can access another user's health data
• Database queries fail-closed (deny by default) if RLS is misconfigured
• Access controls: Role-based permissions and multi-factor authentication
• Secure credential storage: Device secure storage (iOS Keychain / Android Keystore)
• PHI-free logging: Application logs contain only user IDs, child IDs, session IDs, and metadata—never names, DOB, symptoms, medications, or clinical notes
• Error tracking (Sentry): Configured with PHI scrubbing—no health data in error messages or breadcrumbs
• Audit trails: Comprehensive logging for access and modifications with 7-year retention
• Vulnerability management: Periodic assessment and remediation
• Incident response: NIST-aligned procedures with 72-hour breach notification

Voice Processing Security

• Voice recordings uploaded to encrypted storage (AES-256 at rest)
• Transcribed via Supabase Edge Functions calling OpenAI Whisper (BAA-covered endpoint)
• Structured using OpenAI models with minimum-necessary principles (IDs and metadata only, not full names/DOB)
• Retained per user preference; you can delete recordings at any time from account settings
• Quality-validated before clinical use
• Users can review, edit, and correct all AI-extracted data before saving
• Never sent to non-BAA-covered services or analytics tools

Environment Separation

We maintain strict separation between development, staging, and production environments:

• Development and staging environments use only synthetic or anonymized data
• No real PHI ever used for testing, development, or demos
• Database schema changes deployed via tested migrations with rollback capability
• Sandbox endpoints for AI, payment, and email services in non-production environments
• Separate database projects and credentials for each environment
• Production database credentials never used in development or staging

Note: These controls are designed to align with HIPAA-grade safeguards; CRMO Care is not itself a HIPAA-covered entity.

4. How We Share Data

We never sell or rent your data. We share information only in these circumstances:

4.1 Service Providers (Vendors)

We share information with vendors who provide essential services:

• Supabase — database hosting (PostgreSQL), authentication, and file storage
• OpenAI — voice transcription and text processing (Business Associate Agreement in place for HIPAA compliance)
• Sentry — error tracking and monitoring (PHI scrubbed before transmission; no health data sent)
• Expo — mobile app development and push notifications
• Vercel — web hosting and deployment

All service providers that process Protected Health Information (PHI) are covered by Business Associate Agreements (BAAs). These providers process data only as needed to deliver the Service and may not use it for their own purposes.

4.2 With Your Consent

We share information when you explicitly choose to:

• Export your data
• Share information with a connected service
• Authorize sharing through specific app features
• Opt into research participation (see Section 5 below)

4.3 Legal Requirements

We may disclose information when required to comply with valid legal process (e.g., subpoenas, warrants, court orders).

5. Research Participation (Optional)

CRMO Care may invite users to contribute data to rare disease research. Participation is completely voluntary and opt-in only.

Two research pathways exist:

• Clinical Trial Participation: Uses coded identifiers with controlled re-identification capability (ICH GCP-aligned)
• General Research Sharing: Fully anonymized data for observational studies

What Data May Be Shared

• Patient-reported outcomes (symptom logs, pain levels, activity data)
• Voice recording transcripts (audio files are not shared; only de-identified transcripts)
• De-identified AI chat interactions (queries and insights)
• Clinical records obtained through your Right of Access
• Treatment logs and medication schedules
• Wearable device data (if connected)

Clinical Trial Participation (Pathway A)

• Uses coded participant identifiers (subject IDs) with controlled re-identification capability
• Requires separate trial-specific informed consent (see Beta User Agreement Section 12A)
• Data retention follows protocol-specific regulatory requirements
• Supports safety monitoring, protocol compliance, and regulatory submissions
• Withdrawal requests processed according to trial-specific requirements; some data may be retained for trial integrity

General Research Sharing (Pathway B)

• All data fully de-identified using HIPAA Safe Harbor or Expert Determination standards
• 18 PHI identifiers removed (name, address, dates, etc.)
• No re-identification capability exists for this pathway
• Small cohorts aggregated to prevent re-identification
• Researchers must sign Data Use Agreements
• All data exports logged and auditable

Your Rights

• You can opt out at any time without affecting your app usage
• Withdrawal prevents future data sharing
• Previously shared anonymized data cannot be withdrawn from completed studies
• You can request deletion of your identifiable data
• Clinical trial participation has separate withdrawal procedures detailed in trial-specific consent

For more information, see the CRMO Care Research Databank Proposal and Beta User Agreement (Version 2.6, Section 12).

6. Children's Privacy

CRMO Care is intended for adults and caregivers acting on behalf of minors.

Caregivers may:

• Create child/dependent profiles
• Enter wellness data, medications, and treatments
• Manage appointments and care team information
• Import/manage information they are legally authorized to access

No independent accounts for children under 13: We do not knowingly allow minors under 13 to create accounts independently.

If you believe a child's information was entered without authorization, contact info@crmo-care.app for resolution or deletion.

7. Your Rights and Choices

You may request to:

• Access a copy of your personal data
• Export your data in a standard electronic format
• Correct inaccurate data
• Delete your account and associated data
• Delete specific voice recordings or all voice data
• Delete AI chat history
• Withdraw consent for processing (where applicable)
• Opt in or opt out of research participation

To exercise these rights: Email info@crmo-care.app

Response timeline: Within 30 days after identity verification.

8. Data Retention

We retain your data only as long as necessary to operate the Service and comply with legal obligations:

9. Your Responsibilities and Consent

By using CRMO Care, you acknowledge and agree that:

• You have the lawful right to submit any information you enter
• You will not enter another person's health information without proper authorization
• Voice recordings and transcripts persist until you request deletion
• The app is for wellness tracking and information management—not diagnosis or treatment
• You understand the distinction between clinical trial participation and general research

10. Beta Program Terms

If you participate in the CRMO Care Beta:

• Additional terms apply under the CRMO Care Beta User Agreement (Version 2.6, effective November 19, 2025)
• Beta Agreement Section 12 distinguishes clinical trial participation (Section 12A: pseudonymized data with re-identification capability) from general research sharing (Section 12B: fully anonymized data)
• Beta data may be reset, migrated, or anonymized
• Features may be incomplete or experimental
• Functionality may change without notice
• The app is provided "as is" and may contain bugs
• Beta data is treated as non-clinical and will not be part of any medical record

11. Medical Disclaimer

CRMO Care is not a healthcare provider, diagnostic tool, or medical device. Information in the app is for wellness tracking and informational purposes only.

• Do not rely on CRMO Care for diagnosis or treatment decisions
• Consult qualified healthcare professionals for medical questions
• For emergencies, call 911

Updates to This Privacy Policy

We may update this Privacy Policy as we enhance our security measures or in response to changing legal requirements. We will notify you of material changes via:

• Email notification
• In-app notification
• Notice on our website

The "Last Updated" date at the top of this page indicates when changes were last made.

Questions or Concerns?

If you have questions about our security practices or wish to report a security concern:

Security Issues: security@crmo-care.app

General Inquiries: info@crmo-care.app

Privacy Questions: See our Privacy Policy

We take all security concerns seriously and will respond promptly to your inquiries.