Last updated: 15 April 2026
Careoo (“we”, “us”, or “our”) is committed to protecting your privacy and the security of your health information. This Privacy Policy explains what personal and health data we collect when you use the Careoo application, how we use it, and the steps we take to keep it safe.
By creating an account and using Careoo, you agree to the practices described in this policy. If you do not agree, please do not use the service.
When you register, we collect your email address and a hashed password. We do not store your password in plain text.
Careoo allows you to photograph medical documents — prescriptions, pathology reports, appointment letters, and discharge summaries. These images are uploaded to and stored in our secure cloud storage. We process each image using an AI vision model (OpenAI GPT-4o) to extract structured health information such as:
We collect limited usage data to operate and improve the service, including session tokens, feature interactions (e.g. checklist toggles), and push notification subscriptions.
If you enable push notifications, we store your browser's push subscription endpoint. This is used solely to send you medication and appointment reminders.
We use your data only to provide, maintain, and improve the Careoo service:
We do not use your health data for advertising, sell it to third parties, or use it to train AI models.
When you upload a medical document photo, the image is sent to OpenAI's API for structured data extraction. This processing occurs under OpenAI's data usage policies for API customers. OpenAI does not use API-submitted data to train their models by default. Extracted structured data is stored in our database; original images are stored in our secure file storage.
AI extraction is automated and may not be perfectly accurate. Always verify critical health information against the original document. Careoo is a personal organisation tool and is not a substitute for professional medical advice.
When you generate a share link, a temporary read-only token is created that allows anyone with the link to view a summary of your health record for up to 24 hours. After 24 hours the link expires automatically. You are responsible for deciding who you share this link with. Do not share it with untrusted parties.
Your data is stored using Supabase (Postgres database and file storage), hosted on infrastructure that employs encryption at rest and in transit (TLS). We use industry-standard security practices including:
While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your data.
Careoo uses the following third-party services to operate:
Each provider has their own privacy policy and data processing agreements. We encourage you to review their policies.
We retain your data for as long as your account is active. If you wish to delete your account and associated data, please contact us at the address below. We will action deletion requests within a reasonable timeframe.
Depending on your jurisdiction, you may have rights including:
To exercise these rights, contact us at the address below.
Careoo is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. Your continued use of Careoo after changes are posted constitutes acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy or your data, please contact us at:
Careoo
contact@careoo.app