CareForce logo
Log In

Privacy Policy

Protecting the trust of every care relationship.

We engineered CareForce to uphold the confidentiality, integrity, and availability of sensitive health information while enabling modern, data-driven care operations.

Effective date: November 5, 2025

Introduction

CareForce Cloud, Inc. ("CareForce", "we", "us", or "our") operates the careforce.cloud website and CareForce platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, share, and safeguard information within our Services.

CareForce is a back-office workforce management platform designed for care organizations. We currently process employee, contractor, and operational data (scheduling, credentialing, compliance tracking). We do not currently process Protected Health Information (PHI) or patient data. This policy applies to all users of our website and platform.

Information we collect

  • Contact and account data: name, work email, role, organization, phone number, and communication preferences.
  • Authentication data: credentials, OAuth tokens (from Google, Microsoft, or other providers), and session information.
  • Employee and operational data: employee names, roles, certifications, training records, scheduling information, and compliance documentation supplied by you or integrated systems.
  • Usage data: product telemetry, device information, IP address, browser type, pages visited, and log information to maintain reliability and security.
  • Cookies and tracking: We use cookies, web beacons, and similar technologies to enhance user experience and analyze platform usage.
  • Communication data: emails, support tickets, and feedback you provide to our team.

How we use information

  • Deliver, maintain, and secure the CareForce platform and related services.
  • Authenticate users and manage access controls through OAuth and other secure methods.
  • Provide customer support, training, implementation assistance, and account management.
  • Improve and enhance functionality through analytics and usage data.
  • Comply with legal, regulatory, and contractual obligations.
  • Send service announcements, updates, and security notifications.
  • Prevent fraud, abuse, and unauthorized access to our Services.
  • Conduct research and analytics to improve our products and services.

Google OAuth & third-party authentication

CareForce uses Google OAuth 2.0 to provide secure, streamlined authentication. When you choose to sign in with Google, we receive limited information from Google (email, name, profile picture) as authorized by you. We do not store your Google password and cannot access your Google account beyond what you explicitly authorize.

Your use of Google OAuth is also governed by Google's Privacy Policy and Terms of Service. We recommend reviewing those policies to understand how Google handles your data.

We may integrate with other third-party authentication providers (Microsoft, Okta, etc.). Each integration follows the same privacy principles: we only collect data you authorize, and we never store passwords.

Cookies and tracking technologies

We use cookies and similar technologies (web beacons, pixels, local storage) to:

• Remember your preferences and login information

• Understand how you use our platform to improve functionality

• Measure the effectiveness of our marketing and communications

• Prevent fraud and enhance security

You can control cookie settings through your browser. However, disabling cookies may limit your ability to use certain features of our Services. We do not use cookies to track you across unrelated third-party websites.

Data sharing & third parties

We do not sell, rent, or trade your personal information. We may share information with:

• Service providers who assist us in operating our platform (hosting, analytics, payment processing, email delivery)

• Business partners with whom you have authorized integrations

• Legal authorities when required by law or to protect our rights and safety

• Your organization's administrators if you are an employee or contractor

All service providers are contractually obligated to maintain confidentiality and use data only for the purposes we specify.

Data protection & security

CareForce implements industry-standard security measures to protect all data in our platform. We encrypt data in transit (TLS 1.2+) and at rest (AES-256), maintain role-based access controls, and monitor access through audit trails.

We conduct regular security assessments and vulnerability management to maintain a secure platform.

Currently, CareForce does not process Protected Health Information (PHI) or patient data. If and when we expand to process PHI in the future, we will implement HIPAA-compliant safeguards and execute Business Associate Agreements (BAA) as required by law.

Data retention & deletion

We retain information as required to deliver Services, fulfill legal obligations, and support audit readiness. Retention policies are configurable to align with your organizational requirements.

When you delete your account, we will remove your personal information within 30 days, except where we are required to retain it for legal, regulatory, or contractual purposes.

Backup copies may be retained for up to 90 days for disaster recovery purposes but will not be accessible for normal operations.

Your privacy rights

Depending on your jurisdiction and the data you have provided, you may have rights including:

• Right to access: Request a copy of the personal information we hold about you

• Right to correction: Request that we correct inaccurate or incomplete information

• Right to deletion: Request that we delete your personal information (subject to legal and contractual obligations)

• Right to data portability: Request your data in a portable, machine-readable format

• Right to opt-out: Opt out of marketing communications

To exercise these rights, contact privacy@careforce.cloud with your request. We will respond within 30 days or as required by applicable law. Note that your organization may have contractual obligations to retain certain employee or operational data.

International data transfers

CareForce operates primarily in the United States. If you are located outside the US, your information may be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence.

By using our Services, you consent to the transfer of your information to the United States. We implement appropriate safeguards to protect your information during international transfers.

Children's privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

Security measures

We implement security measures to protect your information:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

• Multi-factor authentication for account access

• Role-based access controls

• Regular security assessments and vulnerability management

• Incident response and breach notification procedures

• Employee training on data security

However, no security system is impenetrable. We cannot guarantee absolute security of your information. As we grow and expand our services, we will continue to enhance our security practices.

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Effective date" at the top of this policy and, where required, by sending you an email notification.

Your continued use of our Services after changes become effective constitutes your acceptance of the updated Privacy Policy.

Contact us

For questions regarding this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@careforce.cloud

Mailing Address: CareForce Cloud, Inc., 56 Broad Street, STE 14075, Boston, MA 02109

We will respond to your inquiry within 30 days.