Neela Cares — Privacy Policy
Effective date: September 8, 2025 Last updated: September 8, 2025
1) Scope
This Privacy Policy explains how Neela Cares, Inc. (“Neela Cares,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information in the Neela Cares mobile app, our websites, and related services (collectively, the “Service”). It also describes your privacy rights and choices. If you do not agree, please do not use the Service.
2) What We Collect
- Account Data (name, email, phone, password hashes, settings, consent records).
- App Data & PHI you input or connect (e.g., wellness logs, care plans, messages, documents, provider info). May include Protected Health Information (“PHI”).
- Device & Usage (app version, OS, device type, language, crash logs, performance, limited diagnostics).
- Communications with us (support requests, survey responses, feedback).
- Payments handled by app stores (Apple/Google) — we receive limited transaction metadata; their terms apply.
- Optional Permissions you grant: push notifications; camera/microphone (telehealth, scans); photos/files (uploads); contacts/calendar (if a feature requires it); precise/coarse location (if you enable it).
3) Sources
- You (directly in the app), and your authorized connections (e.g., a provider, caregiver, or device/integration you choose).
- Automatically from your device/app for security, diagnostics, and analytics configured to avoid collecting PHI.
- Third-party services you connect (wearables, cloud storage, provider systems) — subject to their policies and your permissions.
4) How We Use Information
- Provide, secure, and maintain the Service (including troubleshooting, fraud/abuse prevention, and safety).
- Enable requested features (messaging, care coordination, reminders, data syncing).
- Comply with legal/contractual obligations (e.g., HIPAA/BAA, accounting, audits, breach notifications).
- Improve the Service (de-identified/aggregated analytics, usability studies, quality assurance).
- Communicate about updates, security alerts, and policy changes.
5) HIPAA, PHI & Our Role
Neela Cares supports HIPAA compliance. When we create, receive, maintain, or transmit PHI on behalf of a Covered Entity or another Business Associate, we act as a Business Associate and our Business Associate Agreement (BAA) applies. When we offer services directly to individuals, we handle health information under applicable law (including HIPAA to the extent it applies).
- Minimum Necessary access and use; role-based controls.
- No Sale of PHI. We do not sell PHI, nor use PHI for cross-context behavioral advertising.
- De-Identification. We de-identify data; de-identified data is not treated as PHI.
- Breach Notice. If PHI is breached, we will notify without unreasonable delay and within 60 days as required by HIPAA/HITECH and the BAA.
6) Legal Bases (EEA/UK)
- Contract (to provide the Service you requested).
- Legitimate interests (security, fraud prevention, service improvement) — balanced against your rights.
- Consent (optional features like precise location, marketing emails, certain integrations).
- Legal obligations (HIPAA, tax, accounting, regulatory requests).
7) Sharing & Disclosures
- Service Providers/Subprocessors. Bound by confidentiality and data protection terms. See our current list: Subprocessors.
- Healthcare Providers/Plans. As directed by you or as allowed under the BAA/HIPAA.
- Legal/Compliance. To comply with law, enforce terms, or protect rights, safety, and security.
- Business Transfers. In connection with a merger, acquisition, or asset sale (with notice and continued protections).
- With Your Consent. When you ask us to share or connect services.
8) SDKs, Analytics & Tracking
- We do not use third-party advertising SDKs that track you across apps.
- Diagnostics/analytics are configured to avoid PHI and are used to improve reliability and performance.
- You can manage optional permissions (notifications, location, camera, microphone, contacts, photos) in your device settings.
- For web experiences, see our cookie disclosures at Privacy Policy (web).
9) Data Security
We use administrative, technical, and physical safeguards consistent with HIPAA’s Security Rule. Examples include encryption in transit (TLS 1.2+) and at rest, role-based access and MFA/SSO, audit logging and monitoring, secure development, vulnerability management, and disaster recovery. No system is 100% secure; help protect your account with strong credentials and updates.
10) Data Retention
We retain account data while you have an account and delete or de-identify it within 90 days of account closure, unless we must keep it longer for legal/contractual reasons.
11) International Data Transfers
We may process data in the United States and other countries using appropriate safeguards (e.g., contractual clauses). For PHI, transfers occur as allowed by HIPAA and the BAA.
12) Your Rights & Choices
HIPAA (PHI): You may have rights to access, amend, and receive an accounting of disclosures of PHI. These are typically exercised through your provider/plan; we will support them as required by HIPAA and our BAA.
EEA/UK: You may request access, correction, deletion, restriction, portability, and object; you may withdraw consent where processing is based on consent. You can also lodge a complaint with your supervisory authority.
California (CPRA): You may request to know/access, delete, correct, and opt-out of “sale” or “sharing” for cross-context behavioral advertising, and limit the use of sensitive personal information. Non-discrimination for exercising rights.
- Submit requests via email privacy@neelacares.com.
- Manage marketing emails via unsubscribe links or by contacting support@neelacares.com.
13) Children’s Privacy
We do not knowingly collect personal information from children under 13 (or the age of digital consent in your region) without verifiable parental consent. If you believe a child has provided information, contact privacy@neelacares.com.
14) Changes to This Policy
We may update this Privacy Policy. If changes are material, we will provide notice (e.g., in-app or email). Continued use after the effective date means you accept the updated Policy.
15) Contact Us
Neela Cares, Inc.
Privacy: privacy@neelacares.com
Security: security@neelacares.com
Support: support@neelacares.com