CareCru Inc. and its affiliates (“CareCru”) are committed to protecting the privacy of all individuals who:

The following definitions apply to this Privacy Policy:

It is CareCru’s policy to respect the privacy of all Users of the Services, Patients of CareCru’s Clients and Website Viewers.  This Privacy Policy has been established to help Users, Website Viewers, and Patients understand our commitment to protecting privacy and personal data, and this Privacy Policy describes how and when CareCru collects, uses and shares User Information, Patient Information, and Website Viewer Information.

CareCru’s Privacy Policy for Users and Patients forms part of its wider terms of agreement found in its Agreement with its Clients.  If you are a User, the terms of the Agreement are available upon request from CareCru or your employer.  If you are a Patient and have questions about your dental practice’s Agreement with CareCru, please contact your dental office.  CareCru’s Privacy Policy for Website Viewers forms part of its wider terms of service and is available at

While most of this Privacy Policy relates to User Information and Website Viewer Information, we also provide some information about how our Clients choose to collect and use Patient Information through the Services.

Data Collected and Used by CareCru

CareCru collects User Information (such as registration and account information) from our Clients and Users of the Services for our own purposes, such as to provide and administer the Services.  CareCru also collects Website Viewer Information (such as hardware and software type used) for our own purposes.  We are the data controller for these types of information.

We also process Patient Information on behalf of our Clients as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our Clients give us through the Services (including, for example, first name, last name, phone number, and insurance information).  Our Clients control how their Patient Information is collected and used by them.  Thus, our Clients are the data controller of their Patient Information.

User Information

User Information Received or Collected by CareCru

When a User first registers for a CareCru account and uses the Services, we collect some User Information such as:

CareCru also automatically collects and receives certain information from User’s computer or mobile device, including the activities User performs on our Website, the Platforms and the Applications, the type of hardware and software User is using (for example, User’s operating system or browser), and information obtained from cookies (see “Cookies and Related Technologies” section below).  For example, each time User visits the Website or otherwise uses the Services, we automatically collect User’s IP address, browser type, device type, access times, the web page from which User came, the regions from which User navigates the web page, and the web page(s) User accesses (as applicable).

How We Use User Information

CareCru uses User Information for the following general purposes:

We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services.  We may share this type of aggregated statistical data so that third parties CareCru works with may also understand how often the Services are used, so that they, too, may provide Users with an improved experience.

When We May Share User Information

We may share any User Information we have collected with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:

Access by User’s System Administrator

Users should be aware that any administrator of the Client, under which User was provided his/her User account, may be able to:

Website Access

When a User access the Services via the Website, the Website Viewer Information provisions below also apply.

Patient Information  

Patient Information Received or Collected by CareCru

CareCru’s Services include Dental Practice Automation tools.  By their nature, CareCru’s Services enable our Clients to bring together and optimize the communications with their Patients.  The Services help our Clients manage contact with their Patients, marketing and advertising, soliciting patient reviews, engaging and attracting new patients, scheduling appointments, publishing messages, and analyzing success rates for scheduling appointments and reminding patients about their appointments, and other activities.  It is solely our Clients’ responsibility to obtain consent to collect the Patient Information provided to CareCru through the Services and to share the Patient Information with CareCru.

Information collected by CareCru on behalf of its Clients and provided by CareCru’s Clients can include Patient Information of all types, including, but not limited to, the following categories:

The management, disclosure, and sharing of Patient Information by Clients and Users must be done in compliance with required laws in the jurisdiction within which User and User’s organization are governed along with industry standards that govern Patient Information such as the Health Information Portability & Accountability Act (HIPAA) and other equivalent local laws.

How We Use Patient Information

CareCru uses Patient Information for the following general purposes:

When We May Share Patient Information

We may share Patient Information disclosed and shared with CareCru by our Clients with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:

Information Collected From Children Under The Age Of 13

Because of the nature of the Services we provide, we may collect information from Patients under the age of 13 either from our Clients or directly from Patients on behalf of our Client.  The following types of information may be collected from Patients under the age of 13:

CareCru uses Patient Information collected from Patients under the age of 13 for the same general purposes as identified above for Patient Information.

CareCru will not require a Patient under the age of 13 to disclose more information than is reasonably necessary for the performance of CareCru’s Services.  CareCru’s Client is required to obtain advanced written consent from the Patient’s parent or legal guardian for the collection of the Patient Information by the Client or by CareCru on behalf of the Client, the use and disclosure of the Patient Information to CareCru and the use and disclosure of the Patient Information by CareCru.  In the advanced written consent, a legal guardian or parent of a Patient under the age of 13 can provide consent for the collection and use of information by CareCru, but withhold consent for disclosure of the Patient’s Information by CareCru.  Also, CareCru will require its Clients to obtain further advanced written consent from the legal guardian or parent of a Patient under the age of 13 if CareCru makes changes to its use and disclosure of the Patient Information.

A parent or legal guardian of a Patient under the age of 13 can request that their child’s information be removed from CareCru’s Services or refuse further collection of their child’s information by sending an email to

Website Viewer Information

Website Viewer Information Received or Collected by CareCru

When a Website Viewer visits CareCru’s website, we collect some Website Viewer Information such as:

Demo Requests and Mailing Lists: If a Website Viewer chooses to subscribe to any of CareCru’s social media feeds, sign-up for any electronic newsletter or other mailing lists, or send a contact request such as a demo request, we collect the Website Viewer’s name, email address, phone number, organization, and any message, as provided by the Website Viewer.

How We Use Website Viewer Information

CareCru uses the Website Viewer Information for the following general purposes:


When We May Share Website Viewer Information

We may share Website Viewer Information with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:


By visiting the Website or using any of the Services, Users and Website Viewers agree to be bound by the terms of this Privacy Policy.  By consenting to a CareCru Client’s sharing of Patient Information with CareCru, Patients agree to be bound by the terms of the current Privacy Policy.

User Information:  By obtaining a UserID, using any of the Services, or submitting any User Information via the Services, User consents to the collection, transfer, storage, disclosure, and use of the User Information in the manner set out in this Privacy Policy.  If User does not consent to the use of User Information in these ways, please stop using the Services.

Patient Information:  By submitting Patient Information through the Services, User and Client are representing that a Patient or if a Patient is under the age of 13, the Patient’s legal guardian or parent consents to the collection, transfer, storage, disclosure and use of Patient Information in the manner set out in this Privacy Policy.  It is solely our Clients’ responsibility to inform its Patients or the Patient’s legal guardian or parent if the Patient is under the age of 13 of CareCru’s Privacy Policy and obtain each Patient’s or Patient’s legal guardian or parent’s written consent to the collection, transfer, storage, disclosure and use of their information by CareCru.  If a Patient or a Patient’s legal guardian or parent does not consent to the use of Patient Information in these ways, please do not submit, transfer or disclose that Patient’s Information to CareCru through the Services.

Website Viewer Information:  By using the Website, Website Viewer consents to the collection, transfer, storage, disclosure, and use of the Website Viewer Information in the manner set out in this Privacy Policy.  If Website Viewer does not consent to use of Website Viewer Information in these ways, please stop using the Website.

Information Gathered by CareCru’s Website, and Applications and Platforms

Cookies and Related Technologies

CareCru uses tracking technology (“cookies”) on the Website, in the Applications, and in the Platforms, including mobile application identifiers and a unique CareCru UserID to help us recognize Users across different Services, to monitor usage and web traffic routing for the Services, and to customize and improve the Services.  By visiting the Website or using the Services, User and Website Viewers agree to the use of cookies in User’s and Website Viewer’s browser and HTML-based emails.  Cookies are small text files placed on User’s and Website Viewer’s device when User or Website Viewer visits a website, in order to track use of the site and to improve the user experience.

Session Cookies

The Services use “session cookies”, which improve the user experience by storing certain information from User’s current visit on User’s device, such as log-in information.  These enable us to remember User’s log-in session so User can move easily within the Website or the other Services.  Without these session cookies, CareCru cannot provide the Services to the User.  These session cookies have limited functionalities and expirations, and User will be required to re-enter User’s CareCru log-in information after a certain period of time has elapsed to protect User against others accidentally accessing User account contents and related User Information. CareCru also uses session cookies to track the number of visits by a particular User or Website Viewer to a page and to store items from a webpage.

Do Not Track Mechanisms

At this time, CareCru is unable to universally respond to a “Do Not Track” or other “opt-out” mechanism that has been activated by a User or Website Viewer, such as via the User’s or Website Viewer’s web browser, and, except as otherwise provided herein, CareCru does not alter its policies if a User or Website Viewer activates the same.

Third-Party Service Providers

Subject to obligations consistent with this Privacy Policy, we may also disclose information, including User Information, Patient Information, and Website Viewer Information to third parties, such as our affiliates, agents, contractors, and service providers in order to facilitate the functioning of the Services or to perform tasks that are integral to the Services, such as processing transactions, fulfilling requests for information, or providing support services or other tasks, from time to time.  Information may also be transferred from CareCru to the third parties in control of the Supported Platforms, but only to the extent required in order for the Services to function properly.

As discussed above, the various Services allow our Clients and Users to connect to other third-party services, including “Supported Platforms” such as email management and social media, telephone callout services, and so forth for patient management optimization.  When our Clients link to Supported Platforms or a third-party service through CareCru, our Clients can collect, process, share and access such third-party services and Supported Platform via their CareCru account (subject to the terms of the license agreements with the Supported Platforms and other third-party services).  In this way, our Clients can obtain, use and analyze information from Supported Platforms and third-party services of their choosing, and can also create, input, submit, post, transmit, store, view, display or share Patient Information through the functionality in the Services as allowed.

The Services by their nature allow our Clients to connect to their accounts for our Services through the APIs of our various Supported Platforms or with applications developed by third parties that CareCru does not own or control (“Third-Party Apps”).  These Third-Party Apps may include the following categories of services:

This Privacy Policy does not cover any information or other content Users can view via the Services on Supported Platforms or information that Users provide to Third-Party Apps accessed via the Services but which was not posted using the Services.  While we attempt to facilitate access only to those Supported Platforms and Third-Party Apps that share our respect for privacy, we cannot and do not take responsibility for the content or privacy policies of any Supported Platforms or Third-Party Apps.  We encourage Users to carefully review the privacy policies of any Supported Platforms or Third-Party Apps, including those that Users or Clients integrate with the CareCru Services.  We also encourage Users and Clients to notify Patients of the privacy policies of any Supported Platforms or Third-Party Apps which Users or Clients choose to use in connection with the CareCru Services.


Certain User Information and Patient Information, most notably CareCru log-in details, is encrypted during transmission using Transport Layer Security (“TLS”).  In addition, CareCru uses third-party vendors and hosting partners such as Amazon Web Services to provide the necessary hardware, software, networking, storage, and related technology required to run the Services.  These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.

When payments are processed via credit card, CareCru uses third-party vendors that are PCI-DSS Compliant.  At no point does CareCru have access to a User or Client’s credit card information.

We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure.  This includes the use of HTTPS with TLS, which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.

Submission of information over the Internet is never entirely secure.  We cannot guarantee the security of information Users submit via the Services while it is in transit over the Internet or other networks and any such submission by CareCru is at User’s and Client’s own risk, and this risk is specifically disclaimed in our Client Agreements.

Users should log out of User’s accounts at the end of every session and do not leave a logged-in account unattended for any period of time, particularly if a User uses a shared computer or device.

As a user of the Services, User agrees to never share User’s password with other users either inside of User’s organization or outside.  If it is found that a User has done so, User’s account will be immediately deactivated and the Services may become unavailable until such time that an investigation is completed.  This provision is also important and one of many requirements for compliance with HIPAA Security Rules.

Information Storage and International Transfers

CareCru Inc., the entity which provides the Services, is a Canadian company with its head office located in Vancouver, British Columbia; however, we provide the Services to organizations all over Canada and the United States.

The Services are mainly provided from our offices in Canada.  However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever the Client or User is located in Canada or the United States, to the location where our Supported Platforms are storing the same data (which is, in most cases, in the United States).  In addition, CareCru uses third-party service providers (such as managed hosting providers, card processors, sub-processors of Patient Information and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services.  These third party providers may process, or store, the same User Information, Patient Information, and Website Visitor Information on servers outside of Canada or the US.

By using any of the Services or the Websites, or submitting or collecting any User Information or Patient Information via the Services, User or Website Viewer authorizes CareCru and its authorized service partners to use and process Patient Information, User Information, and Website Viewer Information in these countries.  Please be aware that the privacy protections and the rights of authorities and Government agencies to access User Information, Patient Information and Website Viewer Information in some of these countries may not be equivalent to those in your country.

Data Retention

Communications Website Viewers and Users have with CareCru, such as via or, will be kept indefinitely, pursuant to our document retention policy (described below).

If a Client terminates its account with CareCru, CareCru will delete the Client’s associated User Information and associated Patent Information pursuant to its contractual requirements with Client.

Our document retention policy provides that CareCru generally retains data for the period of their immediate or current use unless longer retention is necessary to comply with contractual or legal requirements.  However, data storage periods are based on CareCru’s assessment of its needs and might include retaining some data for historical reference and retaining some documents because CareCru has insufficient organizational resources available to dedicate to their review and destruction, and/or other pertinent factors.

Updating or Removing Your Information

Clients, Users, and Patients may opt out of receiving promotional communications from CareCru by using the unsubscribe link within each email or within the account settings menu or by emailing us to have your contact information removed from our promotional email list or registration database.  Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed.  Even after you opt-out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding the Services.  You can opt-out of some notification messages in the User’s account settings.

Clients and Users may choose to correct, update, access, or delete the information they have submitted to us by sending an email requesting changes to  Users may also correct, update, access, or delete the information provided on the account management section of the Services.

California Privacy Rights

When California Clients, Users and Patients provide personal information to a business, they have the right to request certain disclosures if that business shares personal information with third parties for the third parties’ direct marketing purposes.  Once per calendar year the Client, User or Patient may request that the business provide a list of companies with which it shares personal information for those companies’ direct marketing purposes and a list of the categories of personal information that the business shares.  Clients, Users or Patients may request information about our compliance with this law by contacting us at

Any such inquiry must include “California Privacy Rights Request” in the first line of the description and include name, street address, city, state, and ZIP code.  Please allow thirty (30) calendar days for a response.  Also, we are only required to respond to one request per Client, User or Patient each year, and we are not required to respond to requests made by means other than through the email address above.

Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

This policy establishes procedures that reflect the principles in PIPEDA. In summary, the principles are:

Several provincial statutes have also been deemed substantially similar to PIPEDA. Under paragraph 26(2)(b) of PIPEDA, the Governor in Council can exempt an organization, a class of organizations, an activity or a class of activities from the application of PIPEDA with respect to the collection, use or disclosure of personal information that occurs within a province that has passed legislation deemed to be substantially similar to the PIPEDA. For more information, please visit the website for the Office of the Privacy Commissioner of Canada.

Changes to CareCru’s Privacy Policy

CareCru may modify or replace its Privacy Policy from time-to-time.  The most recent version of the Privacy Policy is available at and is effective as of the date indicated below.  Please check the Privacy Policy periodically for changes.

We will also notify Users via email or other direct electronic communication method of any substantive changes that, in our sole discretion, materially impact use of the Services or the treatment of User Information and/or Patient Information.  If we make any such changes, we will place a notice of changes on this page.  It is the Client’s sole responsibility to provide its Patients with a copy of CareCru’s current Privacy Policy and to notify its Patients of any modifications or changes to CareCru’s Privacy Policy.

Website Viewers can see any changes to the Privacy Policy through our notice of changes on this page.  Use of the Services or Website following CarCru’s posting of any changes to the Privacy Policy constitutes User’s and Website Viewer’s acceptance of those changes.  Users continued use of the Services for managing a particular Patient’s Information following the posting of any changes to the Privacy Policy also constitutes confirmation that the Client has received the appropriate Patient’s acceptance of those changes.

Contacting CareCru

Any questions about this Privacy Policy or inquiries about the information gathered, collected or shared or any changes to this information, should be directed to CareCru at: Email:


Privacy Policy Effective Date:  October 1, 2018