Privacy Policy
Company: CareCore, Inc. ("CareCore," "we," "us," or "our") Last updated: June 27, 2026
This Privacy Policy describes how CareCore processes personal information that we collect through our websites, applications, creator storefronts, checkout flows, health-related intake flows, communications, and other services that link to this Privacy Policy (collectively, the "Service").
CareCore may collect, use, and share Consumer Health Data as described in our Consumer Health Data Privacy Policy. The Consumer Health Data Privacy Policy supplements this Privacy Policy and controls with respect to Consumer Health Data to the extent required by applicable law. Clinical Partners, pharmacies, laboratories, and other regulated healthcare parties may provide their own notices, consents, authorizations, terms, or HIPAA/state-law privacy materials. This Privacy Policy describes CareCore’s practices and does not replace any applicable Clinical Partner, pharmacy, laboratory, or healthcare-provider notice.
From whom we collect personal information
This Privacy Policy applies to personal information we collect from:
- Creators using CareCore to operate storefronts, content, community, product, or campaign surfaces.
- Customers who use CareCore-powered storefronts, intake flows, checkout flows, products, communications, or support channels.
- Visitors to CareCore websites, social media pages, and people who otherwise contact CareCore.
Personal information we collect
Depending on your interaction with the Service, we may collect:
- Contact data, such as name, email address, billing and mailing address, and phone number.
- Demographic data, such as city, state, country of residence, postal code, and age.
- Profile data, such as account credentials, profile details, photographs, creator biographies, preferences, and settings.
- Creator data, such as identity, tax, storefront, product, campaign, attribution, payout, and Stripe Connect onboarding information.
- Communications data, including messages, support requests, chat content, and related metadata.
- Transactional data, such as orders, subscriptions, product interests, checkout activity, payment status, refunds, chargebacks, authorization holds, fulfillment status, shipping status, and support history.
- Health-related data, including medical history, prescription or supplement history, lab results, intake answers, product interests, condition interests, requested treatments, prescription/pharmacy/fulfillment workflow status, adverse-event or side-effect support communications, and related information where you choose to provide it or authorize a workflow.
- AI feature data, including prompts, messages, uploaded files or records, lab reports, source information selected for an AI workflow, AI outputs, summaries, explanations, personalization outputs, and related metadata when you use or authorize AI-assisted features.
- Marketing data, such as communication preferences and engagement with CareCore communications.
- User-generated content, such as photos, images, comments, questions, messages, works of authorship, and associated metadata.
- Payment data needed to complete transactions. Payment card data is processed by payment processors such as Stripe.
- Device, browser, online activity, interaction, approximate location, log, cookie, pixel, SDK, and similar technical data, subject to this Policy and applicable consent choices.
- Inferences or derived information that we create from your use of the Service, such as preferences, routing or eligibility signals, personalization outputs, or other derived information where permitted by law and consistent with your choices.
Sources of personal information
We may collect personal information from:
- You, including through accounts, forms, questionnaires, purchases, uploads, messages, support requests, consent flows, and checkout or intake flows.
- Creators, when they use CareCore to operate storefronts or provide content, only to the extent permitted by law, our contracts, and the applicable user-consent flow.
- Clinical Partners, pharmacies, laboratories, fulfillment partners, or other healthcare-related vendors, where you have requested or authorized a workflow involving those parties and applicable law permits the exchange.
- Independent licensed clinicians, professional entities, pharmacies, pharmacy networks, electronic prescribing or pharmacy-fulfillment vendors, laboratories, diagnostics providers, fulfillment vendors, and other healthcare or operational vendors to support workflows you request or authorize.
- Service providers and processors that support hosting, security, customer support, analytics, payments, communications, identity verification, scheduling, fulfillment, audit, and compliance.
- Devices, browsers, cookies, pixels, SDKs, logs, and similar technologies, subject to the restrictions in this Policy and applicable consent choices.
- Information we create, derive, infer, or generate from your use of the Service, such as personalization outputs or eligibility/routing information.
How we use personal information
We may use personal information to:
- Provide, operate, maintain, secure, and improve the Service.
- Create and manage accounts, profiles, preferences, orders, subscriptions, communications, and support requests.
- Process purchases, payment authorizations, payments, refunds, chargebacks, shipping, fulfillment, tax, fraud-prevention, and dispute workflows.
- Support health-related intake, routing, eligibility, scheduling, prescription, pharmacy, laboratory, diagnostic, fulfillment, shipping, safety, support, and Clinical Partner workflows that you request or authorize.
- Provide AI-assisted features you request or authorize, such as organizing, summarizing, explaining, personalizing, or helping you navigate health-related information, lab results, records, messages, orders, and care context.
- Personalize your experience, recommend content or products, and display creator storefronts or health-related information, where permitted by law and consistent with your choices.
- Conduct internal or external research, scientific, clinical, health-outcomes, public-health, safety, quality, operational, product, model-development, model-evaluation, machine-learning, artificial-intelligence, measurement, analytics, market, business, user-experience, and commercial research and development; develop, test, evaluate, validate, improve, commercialize, and support CareCore Services, AI-assisted features, products, protocols, care-navigation workflows, content, and business operations; prepare aggregated, de-identified, anonymized, pseudonymized, or derived datasets and outputs; and support publications, collaborations, regulatory, quality, safety, product, and business activities, in each case where permitted by law and consistent with applicable notices, consents, authorizations, contracts, and choices.
- Communicate with you about your account, orders, Service updates, safety notices, product changes, policy changes, and support issues.
- Conduct quality, safety, security, fraud-prevention, debugging, analytics, compliance, audit, incident-response, and operational-reliability activities.
- Comply with legal, regulatory, tax, accounting, recordkeeping, safety, law-enforcement, professional, pharmacy, laboratory, payment, or dispute-resolution obligations.
- Create aggregated, de-identified, or anonymized information that does not identify you and is not reasonably linkable to you, subject to applicable law.
Tracking technologies
We and our service providers may use cookies, local storage, pixels, web beacons, SDKs, log files, and similar technologies to operate the Service, remember preferences, secure accounts, measure performance, understand usage, and support analytics and advertising activities where permitted by law.
Some tracking technologies may collect information about your device, browser, interactions with the Service, and activity over time. Where required, we will provide notice, obtain consent, offer choices, or restrict certain technologies. You may be able to limit some tracking through browser settings, device settings, privacy plug-ins, platform controls, or consent tools that we make available.
Advertising, pixels, and cross-context behavioral advertising
We do not use or disclose Consumer Health Data for interest-based advertising, retargeting, lookalike audiences, custom-audience matching, ad optimization, cross-context behavioral advertising, resale, or unrelated health profiling. If CareCore ever proposes an activity that applicable law treats as a sale or targeted-advertising disclosure of Consumer Health Data, we will obtain any separate consent or written authorization required by law before doing so.
We may use service providers to perform limited analytics, measurement, security, debugging, or operational functions, subject to applicable law, user choices, and contractual restrictions. Health-related pages and workflows may be subject to additional restrictions under our Consumer Health Data Privacy Policy.
Creator sharing
We may share limited personal information with creators when necessary for them to operate their CareCore storefronts, provide content you request, respond to support issues, understand aggregate storefront performance, comply with contractual obligations, or receive attribution and payout information.
We do not provide creators with clinical notes, prescription details, laboratory results, contraindications, medical history, or other clinical, prescription, or laboratory information by default. If a creator receives identifiable Consumer Health Data, the sharing must be limited to the purpose disclosed to you, supported by your consent or another legally appropriate basis, subject to role-based access controls and audit logging, and restricted by contract.
Creators may not use personal information or Consumer Health Data obtained through CareCore for independent health profiling, targeted advertising, retargeting, lookalike audiences, resale, downstream disclosure, or clinical referral/prescribing incentives.
Clinical Partners, pharmacies, laboratories, and healthcare privacy roles
If you request or authorize a workflow involving clinical consultations, prescription medications, laboratory testing, diagnostics, fulfillment, shipping, or related health services, we may collect from and share information with independent licensed clinicians, professional entities, pharmacies, pharmacy networks, electronic prescribing or pharmacy-fulfillment vendors, laboratories, diagnostics providers, and other healthcare vendors to support eligibility, scheduling, prescribing, dispensing, testing, fulfillment, shipping, safety, support, payment reconciliation, audit, and compliance. Pharmacy partners may include retail, mail-order, specialty, or compounding pharmacies depending on the treatment, location, availability, and applicable clinical or pharmacy determination.
These parties may have their own legal obligations and privacy notices, including obligations under HIPAA or state healthcare privacy laws. Depending on the workflow, CareCore may process information as an independent business, service provider, processor, business associate, technology vendor, support vendor, or other role under applicable law and contract. CareCore does not itself practice medicine, prescribe, dispense, compound, perform laboratory testing, diagnose, or provide clinical services.
AI, personalization, routing, eligibility, and inferences
We may use automated systems and AI-assisted tools to support personalization, routing, eligibility, safety, quality, support, care-navigation, coaching, summarization, explanation, research, product development, model evaluation, model development, analytics, and operational workflows that you request or authorize or that support the Services and Company business. These tools may process health-related information you provide or authorize us to receive, including lab results, medications, symptoms, health goals, health history, orders, messages, uploaded records, care context, AI prompts, AI outputs, and related metadata. We may use health-related information and AI feature data to provide, secure, support, evaluate, test, develop, research, improve, and commercialize CareCore Services, AI-assisted features, products, protocols, workflows, research programs, analytics, and business operations; conduct internal or external research, scientific, clinical, health-outcomes, safety, quality, operational, product, market, business, commercial, and model-related research; prepare aggregated, de-identified, anonymized, pseudonymized, or derived datasets and outputs; and support publications, collaborations, regulatory, quality, safety, product, and business activities, where permitted by law and consistent with applicable notices, consents, authorizations, contracts, and choices. We do not use Consumer Health Data, health-intake responses, Clinical Partner communications, product or medication names, laboratory results, AI prompts or outputs, or other health-derived information to train third-party provider models, for unrelated general-purpose model-development purposes, for targeted advertising, sale, or unrelated secondary purposes unless the information has been de-identified so it is no longer reasonably linkable to you, or unless you provide separate consent or authorization where legally permitted and required. Health-related inferences and AI-derived health outputs are treated as Consumer Health Data where required by applicable law.
Sensitive-data consent and minimization
We collect and process health-related personal information and Consumer Health Data only as reasonably necessary for the purposes described in this Policy, to provide, secure, support, improve, or comply with obligations related to the Service you request or authorize, or as otherwise permitted by law. Where applicable law requires consent for collection, use, sharing, or sale of Consumer Health Data or sensitive data, we will obtain the required consent or authorization. Where applicable law requires separate consent for collection and sharing, we will ask for those consents separately.
Sale / sharing language
CareCore does not sell Consumer Health Data. If CareCore ever proposes a sale of Consumer Health Data where legally permitted, we will first obtain a separate written authorization that satisfies applicable law. We do not disclose Consumer Health Data to third-party advertising platforms for valuable consideration or cross-context behavioral advertising unless you provide any separate consent or authorization required by applicable law.
Other sharing
We may share personal information with:
- Service providers and processors that host, secure, operate, support, analyze, communicate, process payments, prevent fraud, fulfill orders, conduct research, support AI-assisted features, and maintain the Service.
- AI service providers, analytics providers, infrastructure providers, research vendors, and other service providers that help us provide, secure, evaluate, test, develop, research, improve, and support the Service, AI-assisted features, products, workflows, and business operations.
- Research collaborators, academic or scientific collaborators, data partners, product-development partners, quality/safety partners, and other approved recipients where the disclosure is permitted by law and supported by any required notice, consent, authorization, contract, or other legal basis.
- Payment processors, including Stripe, which process payment data under their own terms and privacy notices.
- Clinical Partners, pharmacies, laboratories, diagnostics providers, fulfillment vendors, and healthcare vendors to support workflows you request or authorize.
- Professional advisors such as lawyers, auditors, insurers, banks, tax advisors, and compliance consultants.
- Business transaction recipients in connection with an actual or prospective merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to applicable law and appropriate protections.
- Authorities or required recipients where we believe disclosure is necessary to comply with law, legal process, professional obligations, safety obligations, or to protect rights, safety, security, and integrity.
- Third parties you designate or authorize.
Other sites and services
The Service may link to or interact with websites, applications, services, portals, pharmacies, laboratories, payment processors, Clinical Partners, creator properties, or other third parties that CareCore does not control. Their privacy practices are governed by their own notices and terms, not this Privacy Policy, except to the extent CareCore acts for them under a specific written agreement.
International data transfers
CareCore is based in the United States. If you access the Service from outside the United States or if service providers process information in other locations, personal information may be transferred to, stored in, or processed in the United States or other jurisdictions that may not provide the same level of protection as your home jurisdiction. We take steps designed to protect personal information as described in this Privacy Policy and as required by applicable law.
Your choices and rights
Depending on your location and the nature of your interaction with CareCore, you may have rights to access, confirm, delete, correct, receive, withdraw consent for, opt out of certain processing, or appeal certain decisions about personal information or Consumer Health Data. Deletion and withdrawal requests may be limited by clinical, pharmacy, laboratory, safety, legal, tax, accounting, fraud-prevention, dispute, regulatory, audit, or professional-record obligations. When required, we will instruct applicable service providers/processors to delete, restrict, or correct data and will document any exception.
You may opt out of marketing-related emails by following the unsubscribe instructions in those emails or contacting us. You may continue to receive service-related and other non-marketing messages. Operational or transactional text messages may be sent where permitted by law or with applicable consent. We will send marketing or promotional text messages only if you separately opt in or otherwise provide the consent required by applicable law.
Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, complete transactions, maintain security, satisfy clinical, pharmacy, laboratory, safety, legal, tax, accounting, fraud-prevention, dispute, regulatory, audit, or professional-record obligations, and exercise or defend legal claims.
Temporary operational logs, webhook payloads, and similar technical records from clinical, pharmacy, laboratory, fulfillment, payment, or other operational partners are retained only as long as reasonably necessary for operational support, security, audit, compliance, fraud prevention, dispute handling, safety, and legal purposes. CareCore may retain sanitized event metadata, identifiers, status timestamps, reconciliation records, and support notes needed for security, audit, support, compliance, fraud prevention, dispute handling, and operational reliability.
Security and incident notification
We use administrative, technical, and organizational measures designed to protect personal information and Consumer Health Data. No system is perfectly secure. Access to Consumer Health Data is limited to authorized personnel, service providers, processors, Clinical Partners, creators where approved for a documented Service function, research collaborators, professional advisors, or other approved recipients with a legitimate business, operational, research, legal, safety, support, or Service-related need and appropriate restrictions. Where a privacy or security incident triggers notification obligations under applicable law, including HIPAA, state breach-notification laws, state consumer health data laws, or the FTC Health Breach Notification Rule, we will provide notices as required by law and contract.
Children
CareCore is not intended for children under 18 years old. We do not knowingly collect personal information or Consumer Health Data from children without any consent required by law.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated Privacy Policy will be posted with a new effective date. If required by law, we will provide additional notice, obtain additional consent, or request re-acceptance.
Contact
CareCore, Inc. Email: legal@carecore.io Mail: 6704 Myrtle Ave, #1514, Glendale, NY 11385