Privacy Policy
This policy explains what data Caradence collects, how it's used, and the choices you have. We've tried to keep it plain — if something is unclear, email privacy@caradence.org.
Who we are
Caradence ("we", "our", "Caradence") operates the Caradence app at app.caradence.org. You can reach us at privacy@caradence.org for any privacy question.
What we collect
Account information
- Email address (used to sign in and to contact you about the service)
- Username and a one-way hashed password — we never see or store your raw password
- Your role in the household (owner, caregiver, viewer) and per-module permissions
Household data you enter
- Medications, meals, exercises, events, recipes, lists, and your household profile
- Notes you write and AI-generated summaries
- Photos you upload (medication labels, meal pictures, schedule shots, etc.)
- Logs of when activities happened (a dose taken, a meal eaten, an exercise performed)
- Settings and preferences
Limited usage data
- How many AI calls you've made, used to enforce quotas and rate limits
- Server logs (IP address, request path, timestamp) retained briefly for debugging and abuse prevention
We do not run third-party analytics, ad pixels, or marketing trackers on caradence.org or app.caradence.org.
How we use it
- To operate the service: show you your data, keep multiple caregivers in sync, run the schedule.
- To deliver AI features when you request them (see "AI providers" below).
- To debug issues you report and to investigate suspected abuse.
- To send administrative messages about your account (password resets, security notices, major changes to the service).
How we don't use it
- We do not sell your data.
- We do not use your household data to train AI models.
- We do not share your data with advertisers.
AI providers
AI features are optional. When you enable them you choose one of three paths:
- Local AI via Ollama. Your prompts run on a model you host yourself. They never leave your network. Caradence does not see the prompt content.
- Paid commercial APIs (Anthropic, OpenAI, paid Google Gemini). Caradence relays your prompt to the provider — using either our shared key or yours. Under their commercial terms these providers do not train on your prompts and typically retain them briefly (~30 days) for abuse review before deletion. Their privacy policies apply to the relay itself.
- Free Google Gemini tier. Most free tiers allow the provider to use prompts to improve their service. Avoid this for anything sensitive.
When you bring your own key, the key is stored encrypted at rest and is used only to make requests on your behalf.
Photos
Photos you upload are stored on Caradence's servers and are visible only to members of your household. We do not share them with third parties.
How long we keep your data
We keep your household data — meds, meals, logs, notes, photos, and the full activity history — for as long as your account exists. There is no automatic expiration. Caregiving is often a multi-year arc, and we expect you to want to look back at it.
When you delete a specific record from inside the app, it is removed immediately. When you delete your account, your data is removed promptly from the service. We may retain a minimal record of the deletion event itself (e.g. "account <id> deleted on <date>") for audit and abuse-prevention purposes.
Children
Caradence is not directed at children under 13, and we do not knowingly collect data from children. Households may store data about an aging parent or other adult under their care; the account holder is responsible for ensuring they have the authority to do so.
Security
We protect data in transit with HTTPS and store passwords using a one-way bcrypt hash. Access to production servers is restricted to operators and logged. No system is perfectly secure — please use a unique password and keep it private. We recommend exporting your household data from Settings periodically so you have your own copy.
Your choices
- Export your household data from Settings.
- Delete any individual record from inside the app.
- Delete your account, after which your data is removed from the service.
- Correct any field by editing it in the app.
- Contact us at privacy@caradence.org with any request.
Depending on where you live, applicable law (e.g. GDPR, UK GDPR, CCPA/CPRA) may grant you additional rights. We honor them — email us and tell us what you need.
Sub-processors
We use the following service providers to run Caradence. Each has its own privacy commitments and processes data on our behalf:
- AWS / Amazon Lightsail — server hosting (United States)
- Anthropic, OpenAI, Google — AI relays, only when you trigger AI features and only when you use the cloud option
We'll update this list when it changes.
HIPAA and medical data
Caradence is a logistics tool for caregivers. It is not a HIPAA-covered entity and we are not a healthcare provider. You should not enter protected health information on behalf of anyone other than yourself or someone you are caring for, and the service should not be used by clinical organizations subject to HIPAA without first speaking with us.
Changes to this policy
We'll update this page when our practices change and bump the "Last updated" date. For significant changes we'll notify you by email or with an in-app banner before they take effect.