CRMO Care Privacy Policy

At a Glance

CRMO Care is operated by Flarepath Health, Inc. ("Flarepath Health," "we," "our," or "us"). CRMO Care is a wellness and information management platform that helps individuals and families organize health-related information and track symptoms and treatment progress.

Key points:

• You control your data (view, edit, delete; request export)
• We do not sell your data to anyone — ever
• We never share data with marketers or advertisers
• All research and registry participation is opt-in only
• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Row-level database security ensures complete data isolation between users
• Business Associate Agreements (BAAs) with all AI and data processing vendors
• PHI-free logging — no health data in system logs or error tracking
• We do not provide medical advice, diagnosis, or treatment
• Voice recordings retained per user preference; you can delete at any time
• International users welcome during Beta (GDPR-aligned principles applied)
• CRMO Care is not a HIPAA Covered Entity; we implement HIPAA-aligned safeguards

1. Scope and Definitions

This Privacy Policy describes what information we collect, how we use and share it, how we protect it, and your rights and choices.

Not a healthcare provider: CRMO Care is not a healthcare provider, medical device, or HIPAA-covered entity. We nonetheless apply HIPAA-aligned privacy, security, and de-identification safeguards to protect your information.

HIPAA Alignment Statement: CRMO Care is HIPAA-aligned and actively working towards full HIPAA compliance. While we are not legally required to comply with HIPAA as a non-covered entity, we voluntarily implement HIPAA-grade administrative, technical, and physical safeguards. We maintain Business Associate Agreements (BAAs) with all vendors who process Protected Health Information (PHI), and we follow HIPAA de-identification standards for research data sharing. Our goal is to meet or exceed HIPAA Security Rule requirements as we scale.

Key Definitions

Account Roles and Access

CRMO Care supports different roles for managing health information:

Caregiver Authority: Any Account Holder who provides Personal Data on behalf of a Dependent, or who grants any other user access to the Dependent's data, warrants that they have legal authority to do so. CRMO Care may request proof of authority and/or identity before providing access to Personal Data.

2. Data We Collect and How We Use It

2.1 Account Information

We collect:

• Name or display name
• Email address and password (hashed; never stored in plain text)
• Email-based one-time passcode (OTP) tokens used for two-factor verification at login

Purpose: To create and manage your account, authenticate logins, and provide technical support.

2.2 Wellness and Input Data

We collect:

• Symptom logs, activity data, mood or pain entries, medication schedules, flare-up frequency, sleep quality, or other wellness-related inputs
• PROMIS (Patient-Reported Outcomes Measurement Information System) assessment scores and responses, including pain interference, fatigue, mobility, and global health domains
• Optional caregiver or child profile information that you enter
• Optional wearable or portal data that you connect (e.g., WHOOP, Apple Health)

Purpose: To generate charts, insights, and personal summaries to help you understand patterns in your wellness. You may delete any record you have entered at any time through your account settings or by contacting us.

2.2a Apple Health / HealthKit Integration (iOS Only)

If you grant permission, CRMO Care reads the following data types from Apple HealthKit on your iOS device:

Important HealthKit details:

• CRMO Care requests read-only access — we never write data back to Apple Health
• HealthKit data is queried live from your device and stored in your CRMO Care account to enable trend tracking and health reports
• You can revoke HealthKit access at any time in your iOS Settings → Privacy & Security → Health → CRMO Care
• HealthKit data is subject to the same encryption, row-level security, and de-identification standards as all other health data in CRMO Care
• If you opt into research participation, HealthKit-derived metrics may be included in de-identified research datasets (you can exclude wearable data in your granular sharing preferences)

2.2b Visit Companion (Appointment Recording)

CRMO Care includes a Visit Companion feature that allows you to audio-record clinical appointments with your care team. When you use this feature, we collect:

• Audio recording of the appointment (stored encrypted; requires your explicit start action)
• AI-generated transcript of the appointment audio (processed via OpenAI Whisper with BAA)
• Structured summary of the appointment, including key discussion points and follow-up questions
• Clinician permission confirmation (the app prompts you to confirm you have obtained consent from your clinician before recording)

Important Visit Companion details:

• Recording requires your active initiation — the app never records passively in the background
• You are responsible for obtaining consent from all parties before recording, as required by applicable law
• Audio is processed through BAA-covered AI endpoints only
• You may delete any Visit Companion recording and its transcript at any time
• Audio recordings are never shared with researchers; only de-identified structured summaries may be included in research data (if you opt in)

2.3 Voice Recordings and Transcriptions

If you use our voice journal feature, we collect:

• Voice recordings captured via the voice journal feature
• Transcribed text derived from voice recordings (using OpenAI Whisper with Business Associate Agreement for HIPAA compliance)
• Extracted structured data (e.g., symptoms, pain levels, medications, triggers, mood)

Why we collect it: Hands-free entry and accessibility; converting spoken updates into structured, searchable wellness information.

AI Processing Safeguards:

• Business Associate Agreement (BAA) in place with OpenAI for HIPAA compliance
• Voice recordings processed through BAA-covered endpoints only
• Minimal necessary PHI principle applied to AI prompts (IDs and metadata only, not full names/DOB)
• AI processing logs contain no PHI (only request IDs, latency, and error codes)
• User review and editing required before any AI-structured data is saved
• Voice recordings and transcripts never stored in non-BAA-covered analytics tools

Retention and Your Control:

• Voice recordings and transcripts may be retained for quality improvement but can be deleted upon request at any time
• Default retention: recordings are kept unless you request deletion
• You can delete specific recordings or all voice data from account settings or by contacting info@crmo-care.app
• You can review, edit, and correct all AI-extracted data before saving
• Transcription quality validated before clinical use

2.4 AI Chat Interactions

We collect:

• Chat queries and messages you send to the AI assistant
• AI-generated responses and recommendations
• Context about your health data used to personalize responses

Purpose: To provide personalized health insights, answer questions about your data, and improve the AI assistant's accuracy and helpfulness.

Usage: Chat interactions are logged for quality improvement and debugging. De-identified chat data may be used for research purposes if you opt into the Research Databank. AI processing involves third-party language models that comply with HIPAA-aligned security standards.

Important: AI-generated insights are for informational purposes only and do not constitute medical advice. Always consult healthcare professionals for medical decisions.

No Automated Decision-Making: CRMO Care does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users. We also do not access, use, or disclose your Health Records to assert any type of claim against you.

Health Reports and Doctor Reports are not AI-generated: Monthly health recaps and doctor-facing reports are generated directly from your logged data — aggregated, formatted, and presented with no AI interpretation or processing. What you see in these reports is exactly what you entered.

2.5 Connected Portal and Medical Record Data (Right of Access)

If you choose to use CRMO Care to connect your health provider portals or request copies of your records under the HIPAA Right of Access, you authorize CRMO Care to act as your personal health record tool for the limited purpose of retrieving your information and displaying it within your private account.

We collect:

• Copies of medical records you request under your HIPAA Right of Access
• Basic demographics from provider systems (name, age, lab summaries, visit data, etc.)

Purpose: To help you consolidate your own records in one place.

Important Note: CRMO Care acts at your direction when processing your own medical records obtained through your Right of Access. We are not acting as a Business Associate in this capacity, but rather as your personal agent helping you organize your own data. All imported data remains your property and can be deleted or exported at any time. CRMO Care does not modify or interpret medical records and is not responsible for their accuracy.

2.6 Technical and Usage Data

We collect:

• Device type and operating system (e.g., iPhone model, iOS version)
• App version and build number
• Crash logs and error reports (with PHI scrubbing via Sentry)
• Basic feature usage metrics (e.g., screen views, button interactions, feature engagement)
• Session duration and timestamps
• Push notification tokens (used solely to deliver in-app reminders and alerts; never used for marketing)
• Biometric authentication method in use (Face ID or Touch ID on iOS; fingerprint on Android) — we store only a boolean indicating whether biometric auth is enabled, not any biometric data itself

Why we collect it: Reliability, debugging, security monitoring, and product improvement.

We do not collect advertising identifiers, third-party advertising analytics, or location data. CRMO Care does not currently use location services. A future feature to help users find nearby healthcare providers may request location access — if and when that feature is introduced, it will require your explicit permission and this policy will be updated in advance.

First-party analytics only: Feature usage metrics are sent directly to CRMO Care's own backend — we do not use any third-party analytics vendors such as Mixpanel, Amplitude, Google Analytics, or similar services. Your usage data never leaves our infrastructure for analytics purposes.

PHI protection: Error logs are scrubbed of protected health information before being sent to our error tracking service (Sentry). Feature usage metrics are anonymized and never include health content.

Push notification content is PHI-free: Notifications never include health information that could be exposed on a lock screen. For example, medication reminders say "It's time for your scheduled medication" — not the medication name or dosage. Health details are only visible after the app is unlocked and opened.

AI Training: CRMO Care data is never used to train general-purpose AI models. Our AI vendors (including OpenAI) are contractually prohibited from using your data for model training under our Business Associate Agreements.

2.7 Communications and Feedback

We collect:

• Your name, email, and message content
• Optional usability or feature feedback

Purpose: To improve app design, troubleshoot issues, and enhance user experience. We may anonymize and aggregate feedback for internal analysis.

Feedback Usage: We may use quotes from your feedback — without using your name or identifying information — in reports, articles, case studies, or promotional materials to demonstrate the app's impact. If you do not want us to use quotes from your feedback, please let us know when you submit your feedback or email info@crmo-care.app.

2.8 Free-Text and Notes Security Guidance

CRMO Care allows you to enter free-text notes in voice journals, symptom descriptions, and other fields. While we protect all data with encryption and access controls, we recommend:

• Do not include highly sensitive identifying information in free-text fields (e.g., full names of healthcare providers, specific addresses, Social Security numbers, insurance ID numbers)
• Use general descriptions rather than specific identifiers where possible
• Remember that free-text content may be reviewed by AI for structuring purposes

This guidance helps maintain an additional layer of privacy protection for your most sensitive information.

3. Data Storage and Security

Infrastructure

CRMO Care uses U.S.-based infrastructure, including:

• Supabase (database/auth/storage — SOC 2 Type II certified)
• OpenAI (voice transcription and text processing — Business Associate Agreement in place)
• Sentry (error tracking and monitoring — PHI scrubbed before transmission)
• Expo (mobile app development and push notifications)
• Vercel (web hosting and deployment)

All service providers that process Protected Health Information (PHI) are covered by Business Associate Agreements (BAAs) to ensure HIPAA-aligned protection of your data.

Security Controls

We use administrative, technical, and operational measures, including:

• Encryption in transit: TLS 1.3
• Encryption at rest: AES-256
• Row-Level Security (RLS): Database-level access controls ensure every query is automatically filtered by user_id and child_id; no user can access another user's health data
• Database queries fail-closed (deny by default) if RLS is misconfigured
• Access controls: Role-based permissions and multi-factor authentication
• Secure credential storage: Device secure storage (iOS Keychain / Android Keystore)
• PHI-free logging: Application logs contain only user IDs, child IDs, session IDs, and metadata — never names, DOB, symptoms, medications, or clinical notes
• Error tracking (Sentry): Configured with PHI scrubbing — no health data in error messages or breadcrumbs
• Audit trails: Comprehensive logging for access and modifications with 7-year retention
• Vulnerability management: Periodic assessment and remediation
• Incident response: NIST-aligned procedures with 72-hour breach notification

Voice Processing Security

• Voice recordings uploaded to encrypted storage (AES-256 at rest)
• Transcribed via Supabase Edge Functions calling OpenAI Whisper (BAA-covered endpoint)
• Structured using OpenAI models with minimum-necessary principles (IDs and metadata only, not full names/DOB)
• Retained per user preference; you can delete recordings at any time from account settings
• Quality-validated before clinical use
• Users can review, edit, and correct all AI-extracted data before saving
• Never sent to non-BAA-covered services or analytics tools

Environment Separation

We maintain strict separation between development, staging, and production environments:

• Development and staging environments use only synthetic or anonymized data
• No real PHI ever used for testing, development, or demos
• Database schema changes deployed via tested migrations with rollback capability
• Sandbox endpoints for AI, payment, and email services in non-production environments
• Separate database projects and credentials for each environment
• Production database credentials never used in development or staging

Note: These controls are designed to align with HIPAA-grade safeguards; CRMO Care is not itself a HIPAA-covered entity.

4. How We Share Data

4.0 Our Data Sharing Commitments

We Will Never:

• Sell your identifiable data to any third party under any circumstances
• Share your data with marketers or advertising companies
• Use your data for advertising or targeted marketing purposes
• Share data with data brokers or commercial data aggregators
• Enroll you in research without your explicit, informed opt-in consent

We Will Always:

• Require your consent before any data sharing (except as required by law)
• Ensure all research partners sign Data Use Agreements
• Share only de-identified data for research purposes (unless you consent to clinical trial participation)
• Maintain transparent records of all data sharing activities
• Notify you of material changes to data practices

"CRMO Care shares de-identified, aggregated insights or study datasets under explicit consent and formal agreements. All sharing is for approved medical and scientific research purposes only. Research and registry participation is always opt-in."

4.1 Service Providers (Vendors)

We share information with vendors who provide essential services:

• Supabase — database hosting (PostgreSQL), authentication, and file storage (SOC 2 Type II; BAA in place)
• OpenAI — voice transcription (Whisper) and AI chat/structuring (BAA in place; prohibited from using your data for model training)
• Sentry — error tracking and monitoring (PHI scrubbed before transmission; no health data sent)
• Expo — mobile app development and push notification delivery
• Vercel — web hosting and frontend deployment
• Google Cloud — infrastructure hosting (Business Associate Agreement in place)
• Apple HealthKit — read-only access to health metrics on iOS (data stays on-device until you sync; governed by Apple's privacy framework in addition to ours)
• iOS Keychain / Android Keystore — device-level secure storage for authentication tokens and session credentials (no data leaves the device through these services)

All service providers that process Protected Health Information (PHI) are covered by Business Associate Agreements (BAAs). These providers process data only as needed to deliver the Service and may not use it for their own purposes.

4.2 With Your Consent

We share information when you explicitly choose to:

• Export your data
• Share information with a connected service
• Authorize sharing through specific app features
• Opt into research participation (see Section 5 below)

4.3 Legal Requirements

We may disclose information when required to comply with valid legal process (e.g., subpoenas, warrants, court orders).

Our Commitment to Notify You:

If we are required to disclose your Health Records or other information because we have received a civil or criminal subpoena, court order, search warrant, or other legal demand:

• We will notify you within three (3) business days of receiving such a demand, except where prohibited by applicable law
• This notice gives you an opportunity to object, seek a protective order, or pursue other legal remedies available to you
• We will comply with the law while advocating for your privacy interests to the extent possible

Note: This commitment applies to standard legal process. In cases involving immediate threats to safety, national security matters, or where notification is legally prohibited, we may be unable to provide advance notice.

Government Request Transparency: Since CRMO Care was founded, we have received zero government requests for user information. We will update this disclosure annually and notify users if this changes.

5. Research Participation (Optional)

CRMO Care may invite users to contribute data to rare disease research. Participation is completely voluntary and opt-in only.

Two research pathways exist:

• Clinical Trial Participation: Uses coded identifiers with controlled re-identification capability (ICH GCP-aligned)
• General Research Sharing: Fully anonymized data for observational studies

What Data May Be Shared

• Patient-reported outcomes (symptom logs, pain levels, activity data)
• Voice recording transcripts (audio files are not shared; only de-identified transcripts)
• De-identified AI chat interactions (queries and insights)
• Clinical records obtained through your Right of Access
• Treatment logs and medication schedules
• Wearable device data (if connected)

Clinical Trial Participation (Pathway A)

• Uses coded participant identifiers (subject IDs) with controlled re-identification capability
• Requires separate trial-specific informed consent (see Beta User Agreement Section 12A)
• Data retention follows protocol-specific regulatory requirements
• Supports safety monitoring, protocol compliance, and regulatory submissions
• Withdrawal requests processed according to trial-specific requirements; some data may be retained for trial integrity

General Research Sharing (Pathway B)

• All data fully de-identified using HIPAA Safe Harbor or Expert Determination standards
• 18 PHI identifiers removed (name, address, dates, etc.)
• No re-identification capability exists for this pathway
• Small cohorts aggregated to prevent re-identification
• Researchers must sign Data Use Agreements
• All data exports logged and auditable

Your Rights

• You can opt out at any time without affecting your app usage
• Withdrawal prevents future data sharing
• Previously shared anonymized data cannot be withdrawn from completed studies
• You can request deletion of your identifiable data
• Clinical trial participation has separate withdrawal procedures detailed in trial-specific consent

Research Transparency

Active Research Projects: We will publish descriptions of all active research projects that use CRMO Care data within the App. This allows you to understand exactly how your data is being used if you opt into research participation.

Re-identification Consent: If any research initiative requires re-identifying your data (linking de-identified data back to your identity), the study will require an additional, specific opt-in consent from you. General research consent does not authorize re-identification.

Granular Sharing Preferences

You can control what types of data are shared for research purposes:

• Symptom logs and patient-reported outcomes
• Medication and treatment history
• Voice transcripts (audio recordings are never shared)
• AI chat interactions
• Imported medical records
• Wearable device data (if connected)

You can adjust these preferences at any time in your account settings without affecting your overall research participation status.

Minimum Necessary Standard

We commit to sharing only the minimum amount of data necessary to accomplish the intended research purpose. Researchers receive only the data elements required for their specific approved study — never your complete health record unless specifically justified and consented.

Understanding De-identified Data and Ownership

Important: We believe in complete transparency about what happens when data is de-identified:

• Once your data is de-identified (all identifying information removed), it is no longer linked to you
• De-identified data that has been shared with external researchers cannot be retrieved or recalled
• This is an inherent property of de-identification — it protects your privacy by permanently breaking the link to your identity
• Your control point is consent: You decide whether your data enters the de-identified pool
• You can stop future sharing at any time, but this does not affect data already shared

For more information, see the CRMO Care Research Databank Proposal and Beta User Agreement (Version 2.7, Section 11a and Section 12).

5a. International Users

CRMO Care welcomes users from outside the United States. CRMO is a global condition, and we believe all affected families should have access to quality symptom tracking and care management tools.

International Participation During Beta

During the Beta testing period, international users may participate in CRMO Care without geographic restriction. This helps us understand the global CRMO community and build a more inclusive platform.

For International Users:

• Your data is stored on U.S.-based infrastructure and governed by U.S. law
• We apply GDPR-aligned principles to all users, regardless of location:
  • Data minimization — We collect only data necessary for the service
  • Purpose limitation — We use data only for stated purposes
  • Right to erasure — You can request deletion of your data at any time
  • Right to access — You can request a copy of all data we hold about you
  • Right to rectification — You can correct inaccurate data
  • Right to data portability — You can export your data in a standard format
• Research participation remains opt-in and may be subject to your local regulatory requirements
• Clinical trial participation may be limited by your country's regulatory framework

Data Transfers

When you use CRMO Care from outside the United States:

• Your data is transferred to and processed in the United States
• We implement appropriate safeguards including encryption and access controls
• Future versions may implement Standard Contractual Clauses or other transfer mechanisms as required

Country-Specific Limitations

Post-Beta, international availability will depend on:

• Local data protection law requirements
• Regulatory approvals for research activities
• Availability of local support resources

We will provide advance notice if international access changes after the Beta period.

5b. Business Model Transparency

We believe you deserve to know how CRMO Care operates and generates revenue:

Current Model (Beta):

• CRMO Care is currently free to individual users
• We believe patients and families should never have to pay to access and organize their own health information
• During Beta, we are funded by founder investment and grants

Future Research Revenue Model:

• If you consent to share de-identified data for research, CRMO Care may receive licensing fees from research organizations
• These fees help cover our costs in maintaining the platform and preparing data for research
• CRMO Care will only share data with researchers from users who have explicitly consented

Benefit Sharing Commitment:

• We are exploring models to share a portion of research licensing fees with contributing users and patient advocacy organizations
• Any benefit sharing program will be transparent and disclosed in advance
• Participation in benefit sharing will be optional and will not affect your ability to use the app
• We will update this policy as benefit sharing models are finalized

What We Will Never Do:

• Charge users to access their own health data
• Require research participation to use the app
• Share identifiable data without explicit consent
• Sell data to marketers or advertisers
• Use Health Data for marketing or advertising purposes — We do not use personally identifiable health information for marketing, advertising, or promotional purposes under any circumstances

Consequences of Not Providing Data: You are not obligated to provide any Personal Data. However, if you choose not to provide certain information, we may not be able to provide you with some or all of our Services. For example, without account information we cannot create your account, and without health data we cannot generate symptom tracking insights.

6. Children's Privacy

CRMO Care is intended for adults and caregivers acting on behalf of minors. CRMO primarily affects children and adolescents, so this section is particularly important.

Age Requirements

• Under 13: Children under 13 cannot create accounts independently. A parent or guardian must create the account and manage the child's profile. All caregiver access is set and controlled by the system — the child cannot modify caregiver permissions.
• Ages 13–17: When a patient turns 13, they gain the ability to control which caregivers can see their health data and at what level. See "Teen Caregiver Access Control" below.
• 18 and older: Adults may create and manage their own accounts. All caregiver access is automatically revoked at age 18 — the adult must explicitly re-grant access to any caregiver they choose.

Caregiver Responsibilities

Caregivers may:

• Create child/dependent profiles
• Enter wellness data, medications, and treatments
• Manage appointments and care team information
• Import/manage information they are legally authorized to access
• Invite additional caregivers to a patient's profile

No independent accounts for children under 13: We do not knowingly allow minors under 13 to create accounts independently.

If you believe a child's information was entered without authorization, contact info@crmo-care.app for resolution or deletion.

Multiple Caregivers — Data Visibility

A patient's profile can be shared with multiple caregivers (for example, two parents, a grandparent, or a school nurse). All caregivers on a patient's profile have equal access to all of that patient's health data unless access has been restricted.

For patients under 13: The primary caregiver — the account holder who created the patient profile — controls who has access. Secondary caregivers cannot add or remove other caregivers.

For patients 13 and older: The patient themselves controls each caregiver's access level (full, limited, or revoked) independently of the primary caregiver.

Sensitive situations (custody, separation): If you are in a situation where you need to restrict another caregiver's access to a dependent's health data and are unable to do so through the app, contact info@crmo-care.app and we will assist you directly.

Teen Caregiver Access Control (Ages 13–17)

When a patient turns 13, CRMO Care presents a one-time onboarding screen explaining their new privacy rights. No access changes are made automatically — existing caregiver access remains in place unless the teen explicitly changes it.

Once a teen acknowledges this screen, they can manage each caregiver's access level individually from Settings → Caregiver Access. Three levels are available:

Key details:

• Teens can set different access levels for different caregivers (e.g., Full for a parent, Limited for a grandparent)
• Changes take effect immediately and are logged in an audit trail the teen can review
• Caregivers receive an in-app notification when their access level changes, but are not told the previous or new level — only that it changed
• A caregiver whose access is revoked cannot reinstate their own access; only the teen can do so
• All historical data entered before the teen took control remains accessible based on the current access level — there is no retroactive hiding of data

At Age 18 — Full Ownership Transition

When a patient turns 18, all caregiver access is automatically set to revoked. The adult patient must explicitly re-grant access to any caregiver they want to continue sharing data with. This transition is checked on login.

7. Your Rights and Choices

We want to make sure you are fully aware of all your data protection rights. You are entitled to the following:

Specific Actions You Can Request:

• Access a copy of your personal data
• Export your data in a standard electronic format (JSON, CSV)
• Correct inaccurate data
• Delete your account and associated data
• Delete specific voice recordings or all voice data
• Delete AI chat history
• Opt in or opt out of research participation
• Adjust granular sharing preferences for research data

To exercise these rights: Email info@crmo-care.app

Response timeline: Within 30 days after identity verification (may be extended by an additional 30 days for complex requests, with notification).

Identity Verification: For certain requests — particularly data access, deletion, or requests involving dependent profiles — we may need to verify your identity before fulfilling the request. Verification may include confirming access to the email address associated with your account, answering security questions, or for requests involving dependents: proof of legal authority.

Consent Withdrawal Processing:

• Research consent withdrawals are processed within one (1) business day of receipt
• Withdrawal prevents any new data from being shared with researchers
• Previously shared de-identified data cannot be recalled from external researchers
• Account deletion requests are processed within 30 days

Appeal Rights: If we deny any of your data rights requests, you have the right to appeal our decision. To appeal, contact info@crmo-care.app with "Appeal" in the subject line. We will respond to appeals within 30 days.

Non-Discrimination: CRMO Care will not discriminate against you for exercising any of your data protection rights. Exercising your rights will not affect your access to the app or quality of service.

8. Data Retention

We retain your data only as long as necessary to operate the Service and comply with legal obligations:

8.1 Deceased User Data

Because CRMO Care users may include individuals with serious or chronic conditions, we have policies for handling data when a user passes away:

• We may retain Health Records and account data after learning of a user's death
• If retained, we will honor data sharing preferences expressed by the user prior to death
• A Personal Representative or legally authorized family member may request: access to the deceased user's data, export of records, or deletion of the account and associated data
• Research participation preferences expressed before death will be honored unless a legal representative requests otherwise

To make a request regarding a deceased user's account, contact info@crmo-care.app with appropriate documentation of legal authority.

8a. Cookies and Tracking Technologies

Mobile App

The CRMO Care mobile app does not use cookies. We use secure authentication tokens stored in your device's secure storage (iOS Keychain / Android Keystore) to maintain your session.

Website

Our website may use the following types of cookies:

• Strictly Necessary Cookies: Required for the website to function (e.g., authentication, security). Cannot be disabled without breaking core functionality. Do not store personally identifiable information.
• Analytics Cookies (Optional): Help us understand how visitors use our website. Collected data is aggregated and anonymized. You can opt out via your browser settings or our cookie consent tool.

We Do Not Use:

• Advertising or marketing cookies
• Third-party tracking for ad targeting
• Cookies that share data with advertisers

Managing Cookies: You can disable non-essential cookies through your browser settings. Disabling cookies may affect some website functionality. Cookie preferences do not affect the mobile app.

9. Your State Privacy Rights

Residents of certain U.S. states have specific privacy rights under state law. This section applies to residents of California, Virginia, Colorado, Connecticut, and Texas.

We Do Not Sell or Share Your Data

CRMO Care does not sell your personal information to any third party. CRMO Care does not share your personal information for cross-context behavioral advertising. Because we do not engage in these activities, there is nothing to opt out of — but we state this explicitly as required by applicable law.

Right to Limit Use of Sensitive Personal Information

Health data is classified as sensitive personal information under California (CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA) law. CRMO Care already limits its use of your health data to providing and improving the Service. If you wish to formally invoke this right, contact privacy@crmo-care.app.

Rights Available to State Residents

Appeal Rights

If we deny a rights request, you may appeal by emailing privacy@crmo-care.app with "Appeal" in the subject line. We will respond within 45 days. If your appeal is denied, you may contact your state's Attorney General:

• California: California Privacy Protection Agency — cppa.ca.gov
• Virginia: Virginia Attorney General — ag.virginia.gov
• Colorado: Colorado Attorney General — coag.gov
• Connecticut: Connecticut Attorney General — portal.ct.gov/ag
• Texas: Texas Attorney General — texasattorneygeneral.gov

We will respond to verified rights requests within 45 days. For complex requests, we may extend this by an additional 45 days with notice.

10. Your Responsibilities and Consent

By using CRMO Care, you acknowledge and agree that:

• You have the lawful right to submit any information you enter
• You will not enter another person's health information without proper authorization
• Voice recordings and transcripts persist until you request deletion
• The app is for wellness tracking and information management — not diagnosis or treatment
• You understand the distinction between clinical trial participation and general research

11. Beta Program Terms

If you participate in the CRMO Care Beta:

• Additional terms apply under the CRMO Care Beta User Agreement (Version 2.7, effective January 16, 2026)
• Beta Agreement Section 12 distinguishes clinical trial participation (Section 12A: pseudonymized data with re-identification capability) from general research sharing (Section 12B: fully anonymized data)
• Beta data may be reset, migrated, or anonymized
• Features may be incomplete or experimental
• Functionality may change without notice
• The app is provided "as is" and may contain bugs
• Beta data is treated as non-clinical and will not be part of any medical record

12. Medical Disclaimer

CRMO Care is not a healthcare provider, diagnostic tool, or medical device. Information in the app is for wellness tracking and informational purposes only.

• Do not rely on CRMO Care for diagnosis or treatment decisions
• Consult qualified healthcare professionals for medical questions
• For emergencies, call 911

13. Changes to This Policy

We may update this Privacy Policy as our services evolve.

If we make material changes:

• We will notify you by email and/or in-app notice
• The revised policy will include an updated Effective Date
• Continued use after notice means you accept the updated policy

You can view the current policy in the app under Menu → Legal.

14. Contact

CRMO Care has designated a Privacy Officer to handle privacy questions and data protection requests.

Privacy Officer:

Martin W. Walsh, Founder & Security Officer
Email: privacy@crmo-care.app

General inquiries and access requests:

info@crmo-care.app

Security inquiries:

security@crmo-care.app

Response Commitment: We will acknowledge privacy inquiries within 24 hours and provide a substantive response within 30 days. If we need additional time for complex requests, we will notify you.