Privacy Policy

Company: Care Core, Inc. ("CareCore," "we," "us," or "our") Effective date: May 13, 2026

This Privacy Policy describes how CareCore processes personal information that we collect through our websites, applications, creator storefronts, checkout flows, health-related intake flows, communications, and other services that link to this Privacy Policy (collectively, the "Service").

CareCore may collect, use, and share Consumer Health Data as described in our Consumer Health Data Privacy Policy. The Consumer Health Data Privacy Policy supplements this Privacy Policy and controls with respect to Consumer Health Data to the extent required by applicable law.

From whom we collect personal information

This Privacy Policy applies to personal information we collect from:

  • Creators using CareCore to operate storefronts, content, community, product, or campaign surfaces.
  • Customers who use CareCore-powered storefronts, intake flows, checkout flows, products, communications, or support channels.
  • Visitors to CareCore websites, social media pages, and people who otherwise contact CareCore.

Personal information we collect

Depending on your interaction with the Service, we may collect:

  • Contact data, such as name, email address, billing and mailing address, and phone number.
  • Demographic data, such as city, state, country of residence, postal code, and age.
  • Profile data, such as account credentials, profile details, photographs, creator biographies, preferences, and settings.
  • Creator data, such as identity, tax, storefront, product, campaign, attribution, payout, and Stripe Connect onboarding information.
  • Communications data, including messages, support requests, chat content, and related metadata.
  • Transactional data, such as orders, subscriptions, product interests, checkout activity, payment status, refunds, chargebacks, and fulfillment status.
  • Health-related data, including medical history, prescription or supplement history, lab results, intake answers, product interests, condition interests, protocol eligibility, and related information where you choose to provide it or authorize a workflow.
  • Marketing data, such as communication preferences and engagement with CareCore communications.
  • User-generated content, such as photos, images, comments, questions, messages, works of authorship, and associated metadata.
  • Payment data needed to complete transactions. Payment card data is processed by payment processors such as Stripe.
  • Device, browser, online activity, interaction, approximate location, log, cookie, and similar technical data.

Sources of personal information

We may collect personal information from:

  • You, including through accounts, forms, questionnaires, purchases, uploads, messages, support requests, and consent flows.
  • Creators, when they use CareCore to operate storefronts or provide content, only to the extent permitted by law, our contracts, and the applicable user-consent flow.
  • Clinical Partners, pharmacies, laboratories, fulfillment partners, or other healthcare-related vendors, where you have requested or authorized a workflow involving those parties and applicable law permits the exchange.
  • Service providers and processors that support hosting, security, customer support, analytics, payments, communications, identity verification, scheduling, fulfillment, and compliance.
  • Devices, browsers, cookies, pixels, SDKs, logs, and similar technologies, subject to the restrictions in this Policy and applicable consent choices.
  • Information we create, derive, infer, or generate from your use of the Service, such as personalization outputs or eligibility/routing information.

How we use personal information

We may use personal information to:

  • Provide, operate, maintain, secure, and improve the Service.
  • Create and manage accounts, profiles, preferences, orders, subscriptions, communications, and support requests.
  • Process purchases, payments, refunds, chargebacks, shipping, fulfillment, tax, fraud-prevention, and dispute workflows.
  • Support health-related intake, routing, eligibility, scheduling, pharmacy, laboratory, diagnostic, or Clinical Partner workflows that you request or authorize.
  • Personalize your experience, recommend content or products, and display creator storefronts or health-related information, where permitted by law and consistent with your choices.
  • Communicate with you about your account, orders, Service updates, safety notices, product changes, policy changes, and support issues.
  • Conduct quality, safety, security, fraud-prevention, debugging, analytics, compliance, and audit activities.
  • Comply with legal, regulatory, tax, accounting, recordkeeping, safety, law-enforcement, professional, or dispute-resolution obligations.
  • Create aggregated, de-identified, or anonymized information that does not identify you and is not reasonably linkable to you, subject to applicable law.

Advertising, pixels, and cross-context behavioral advertising

We do not knowingly disclose Consumer Health Data to third-party advertising platforms for interest-based advertising, retargeting, lookalike audiences, custom-audience matching, ad optimization, or cross-context behavioral advertising unless we have obtained consent or authorization required by applicable law and have implemented appropriate restrictions.

We do not intend to send health intake answers, symptoms, diagnoses, lab results, medication or prescription information, supplement history, condition interests, protocol eligibility, product/SKU health categories, creator-store health categories, health-related checkout events, or clinical/Rx/lab workflow events to advertising platforms.

We may use service providers to perform limited analytics, measurement, security, debugging, or operational functions, but we configure such tools to avoid collecting or disclosing Consumer Health Data where feasible and require appropriate contractual restrictions.

Creator sharing

We may share limited personal information with creators when necessary for them to operate their CareCore storefronts, provide content you request, respond to support issues, understand aggregate storefront performance, comply with contractual obligations, or receive attribution and payout information.

We do not provide creators with clinical notes, prescription details, laboratory results, contraindications, medical history, or other clinical/Rx/lab information by default. If a creator receives identifiable Consumer Health Data, the sharing must be limited to the purpose disclosed to you, supported by your consent or another legally appropriate basis, subject to role-based access controls and audit logging, and restricted by contract.

Creators may not use personal information or Consumer Health Data obtained through CareCore for independent health profiling, targeted advertising, retargeting, lookalike audiences, resale, downstream disclosure, or clinical referral/prescribing incentives.

Clinical Partners, pharmacies, labs, and HIPAA/PHI role map

Clinical Partners, pharmacies, laboratories, and healthcare vendors. If you request or authorize a workflow involving clinical consultations, prescription medications, laboratory testing, diagnostics, or related health services, we may share information with independent licensed clinicians, professional entities, pharmacies, laboratories, and healthcare vendors to support eligibility, scheduling, prescribing, dispensing, testing, fulfillment, safety, support, and compliance. These parties may have their own legal obligations and privacy notices, including obligations under HIPAA or state healthcare privacy laws. CareCore does not itself practice medicine, prescribe, dispense, perform laboratory testing, diagnose, or provide clinical services.

AI, personalization, routing, eligibility, and inferences

We may use automated systems to support personalization, routing, eligibility, safety, quality, support, and operational workflows. We do not use Consumer Health Data to train general-purpose AI models unless disclosed and permitted by applicable law and contract. Health-related inferences are treated as Consumer Health Data where required by applicable law.

Sensitive-data consent and minimization

We collect and process health-related personal information and Consumer Health Data only as reasonably necessary to provide, secure, support, improve, or comply with obligations related to the Service you request or authorize, or as otherwise permitted by law. Where applicable law requires consent for collection, use, sharing, or sale of Consumer Health Data or sensitive data, we will obtain the required consent or authorization.

Sale / sharing language

CareCore does not sell Consumer Health Data unless we obtain a separate written authorization that satisfies applicable law. We do not disclose Consumer Health Data to third-party advertising platforms for valuable consideration or cross-context behavioral advertising unless permitted by law and supported by any required consent or authorization.

Other sharing

We may share personal information with:

  • Service providers and processors that host, secure, operate, support, analyze, communicate, process payments, prevent fraud, fulfill orders, and maintain the Service.
  • Payment processors, including Stripe, which process payment data under their own terms and privacy notices.
  • Professional advisors such as lawyers, auditors, insurers, banks, tax advisors, and compliance consultants.
  • Business transaction recipients in connection with an actual or prospective merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to applicable law and appropriate protections.
  • Authorities or required recipients where we believe disclosure is necessary to comply with law, legal process, professional obligations, safety obligations, or to protect rights, safety, security, and integrity.
  • Third parties you designate or authorize.

Your choices and rights

Depending on your location and the nature of your interaction with CareCore, you may have rights to access, confirm, delete, correct, receive, withdraw consent for, or appeal certain decisions about personal information or Consumer Health Data. Deletion and withdrawal requests may be limited by clinical, pharmacy, laboratory, safety, legal, tax, accounting, fraud-prevention, dispute, or compliance obligations. When required, we will instruct applicable service providers/processors to delete or restrict data and will document any exception.

You may opt out of marketing-related emails by following the unsubscribe instructions in those emails or contacting us. You may continue to receive service-related and other non-marketing messages. Operational or transactional text messages may be sent where permitted by law or with applicable consent; marketing or promotional text messages require separate consent.

Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, complete transactions, maintain security, satisfy clinical, pharmacy, laboratory, safety, legal, tax, accounting, fraud-prevention, dispute, regulatory, or audit obligations, and exercise or defend legal claims.

Security

We use administrative, technical, and organizational measures designed to protect personal information and Consumer Health Data. No system is perfectly secure.

Children

CareCore is not intended for children under 18 years old. We do not knowingly collect personal information or Consumer Health Data from children without any consent required by law.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated Privacy Policy will be posted with a new effective date. If required by law, we will provide additional notice or obtain additional consent.

Contact

Care Core, Inc. Email: legal@carecore.io Mail: 6704 Myrtle Ave, #1514, Glendale, NY 11385