CareCru Inc. and its affiliates (“CareCru”) are committed to protecting the privacy of all individuals who:
CareCru collects User Information (such as registration and account information) from our Clients and Users of the Services for our own purposes, such as to provide and administer the Services. CareCru also collects Website Viewer Information (such as hardware and software type used) for our own purposes. We are the data controller for these types of information.
We also process Patient Information on behalf of our Clients as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our Clients give us through the Services (including, for example, first name, last name, phone number, and insurance information). Our Clients control how their Patient Information is collected and used by them. Thus, our Clients are the data controller of their Patient Information.
When a User first registers for a CareCru account and uses the Services, we collect some User Information such as:
CareCru also automatically collects and receives certain information from User’s computer or mobile device, including the activities User performs on our Website, the Platforms and the Applications, the type of hardware and software User is using (for example, User’s operating system or browser), and information obtained from cookies (see “Cookies and Related Technologies” section below). For example, each time User visits the Website or otherwise uses the Services, we automatically collect User’s IP address, browser type, device type, access times, the web page from which User came, the regions from which User navigates the web page, and the web page(s) User accesses (as applicable).
CareCru uses User Information for the following general purposes:
We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of aggregated statistical data so that third parties CareCru works with may also understand how often the Services are used, so that they, too, may provide Users with an improved experience.
We may share any User Information we have collected with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:
Users should be aware that any administrator of the Client, under which User was provided his/her User account, may be able to:
When a User access the Services via the Website, the Website Viewer Information provisions below also apply.
Patient Information Received or Collected by CareCru
CareCru’s Services include Dental Practice Automation tools. By their nature, CareCru’s Services enable our Clients to bring together and optimize the communications with their Patients. The Services help our Clients manage contact with their Patients, marketing and advertising, soliciting patient reviews, engaging and attracting new patients, scheduling appointments, publishing messages, and analyzing success rates for scheduling appointments and reminding patients about their appointments, and other activities. It is solely our Clients’ responsibility to obtain consent to collect the Patient Information provided to CareCru through the Services and to share the Patient Information with CareCru.
Information collected by CareCru on behalf of its Clients and provided by CareCru’s Clients can include Patient Information of all types, including, but not limited to, the following categories:
The management, disclosure, and sharing of Patient Information by Clients and Users must be done in compliance with required laws in the jurisdiction within which User and User’s organization are governed along with industry standards that govern Patient Information such as the Health Information Portability & Accountability Act (HIPAA) and other equivalent local laws.
CareCru uses Patient Information for the following general purposes:
We may share Patient Information disclosed and shared with CareCru by our Clients with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:
Information Collected From Children Under The Age Of 13
Because of the nature of the Services we provide, we may collect information from Patients under the age of 13 either from our Clients or directly from Patients on behalf of our Client. The following types of information may be collected from Patients under the age of 13:
CareCru uses Patient Information collected from Patients under the age of 13 for the same general purposes as identified above for Patient Information.
CareCru will not require a Patient under the age of 13 to disclose more information than is reasonably necessary for the performance of CareCru’s Services. CareCru’s Client is required to obtain advanced written consent from the Patient’s parent or legal guardian for the collection of the Patient Information by the Client or by CareCru on behalf of the Client, the use and disclosure of the Patient Information to CareCru and the use and disclosure of the Patient Information by CareCru. In the advanced written consent, a legal guardian or parent of a Patient under the age of 13 can provide consent for the collection and use of information by CareCru, but withhold consent for disclosure of the Patient’s Information by CareCru. Also, CareCru will require its Clients to obtain further advanced written consent from the legal guardian or parent of a Patient under the age of 13 if CareCru makes changes to its use and disclosure of the Patient Information.
A parent or legal guardian of a Patient under the age of 13 can request that their child’s information be removed from CareCru’s Services or refuse further collection of their child’s information by sending an email to
When a Website Viewer visits CareCru’s website, we collect some Website Viewer Information such as:
Demo Requests and Mailing Lists: If a Website Viewer chooses to subscribe to any of CareCru’s social media feeds, sign-up for any electronic newsletter or other mailing lists, or send a contact request such as a demo request, we collect the Website Viewer’s name, email address, phone number, organization, and any message, as provided by the Website Viewer.
How We Use Website Viewer Information
CareCru uses the Website Viewer Information for the following general purposes:
We may share Website Viewer Information with third parties, including a parent company, subsidiaries, joint ventures, or other companies under common control with CareCru:
The Services use “session cookies”, which improve the user experience by storing certain information from User’s current visit on User’s device, such as log-in information. These enable us to remember User’s log-in session so User can move easily within the Website or the other Services. Without these session cookies, CareCru cannot provide the Services to the User. These session cookies have limited functionalities and expirations, and User will be required to re-enter User’s CareCru log-in information after a certain period of time has elapsed to protect User against others accidentally accessing User account contents and related User Information. CareCru also uses session cookies to track the number of visits by a particular User or Website Viewer to a page and to store items from a webpage.
At this time, CareCru is unable to universally respond to a “Do Not Track” or other “opt-out” mechanism that has been activated by a User or Website Viewer, such as via the User’s or Website Viewer’s web browser, and, except as otherwise provided herein, CareCru does not alter its policies if a User or Website Viewer activates the same.
As discussed above, the various Services allow our Clients and Users to connect to other third-party services, including “Supported Platforms” such as email management and social media, telephone callout services, and so forth for patient management optimization. When our Clients link to Supported Platforms or a third-party service through CareCru, our Clients can collect, process, share and access such third-party services and Supported Platform via their CareCru account (subject to the terms of the license agreements with the Supported Platforms and other third-party services). In this way, our Clients can obtain, use and analyze information from Supported Platforms and third-party services of their choosing, and can also create, input, submit, post, transmit, store, view, display or share Patient Information through the functionality in the Services as allowed.
The Services by their nature allow our Clients to connect to their accounts for our Services through the APIs of our various Supported Platforms or with applications developed by third parties that CareCru does not own or control (“Third-Party Apps”). These Third-Party Apps may include the following categories of services:
Certain User Information and Patient Information, most notably CareCru log-in details, is encrypted during transmission using Transport Layer Security (“TLS”). In addition, CareCru uses third-party vendors and hosting partners such as Amazon Web Services to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.
When payments are processed via credit card, CareCru uses third-party vendors that are PCI-DSS Compliant. At no point does CareCru have access to a User or Client’s credit card information.
We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure. This includes the use of HTTPS with TLS, which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.
Submission of information over the Internet is never entirely secure. We cannot guarantee the security of information Users submit via the Services while it is in transit over the Internet or other networks and any such submission by CareCru is at User’s and Client’s own risk, and this risk is specifically disclaimed in our Client Agreements.
Users should log out of User’s accounts at the end of every session and do not leave a logged-in account unattended for any period of time, particularly if a User uses a shared computer or device.
As a user of the Services, User agrees to never share User’s password with other users either inside of User’s organization or outside. If it is found that a User has done so, User’s account will be immediately deactivated and the Services may become unavailable until such time that an investigation is completed. This provision is also important and one of many requirements for compliance with HIPAA Security Rules.
CareCru Inc., the entity which provides the Services, is a Canadian company with its head office located in Vancouver, British Columbia; however, we provide the Services to organizations all over Canada and the United States.
The Services are mainly provided from our offices in Canada. However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever the Client or User is located in Canada or the United States, to the location where our Supported Platforms are storing the same data (which is, in most cases, in the United States). In addition, CareCru uses third-party service providers (such as managed hosting providers, card processors, sub-processors of Patient Information and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services. These third party providers may process, or store, the same User Information, Patient Information, and Website Visitor Information on servers outside of Canada or the US.
By using any of the Services or the Websites, or submitting or collecting any User Information or Patient Information via the Services, User or Website Viewer authorizes CareCru and its authorized service partners to use and process Patient Information, User Information, and Website Viewer Information in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access User Information, Patient Information and Website Viewer Information in some of these countries may not be equivalent to those in your country.
Communications Website Viewers and Users have with CareCru, such as via https://carecru.com/contact or email@example.com, will be kept indefinitely, pursuant to our document retention policy (described below).
If a Client terminates its account with CareCru, CareCru will delete the Client’s associated User Information and associated Patent Information pursuant to its contractual requirements with Client.
Our document retention policy provides that CareCru generally retains data for the period of their immediate or current use unless longer retention is necessary to comply with contractual or legal requirements. However, data storage periods are based on CareCru’s assessment of its needs and might include retaining some data for historical reference and retaining some documents because CareCru has insufficient organizational resources available to dedicate to their review and destruction, and/or other pertinent factors.
Clients, Users, and Patients may opt out of receiving promotional communications from CareCru by using the unsubscribe link within each email or within the account settings menu or by emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt-out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding the Services. You can opt-out of some notification messages in the User’s account settings.
Clients and Users may choose to correct, update, access, or delete the information they have submitted to us by sending an email requesting changes to firstname.lastname@example.org. Users may also correct, update, access, or delete the information provided on the account management section of the Services.
When California Clients, Users and Patients provide personal information to a business, they have the right to request certain disclosures if that business shares personal information with third parties for the third parties’ direct marketing purposes. Once per calendar year the Client, User or Patient may request that the business provide a list of companies with which it shares personal information for those companies’ direct marketing purposes and a list of the categories of personal information that the business shares. Clients, Users or Patients may request information about our compliance with this law by contacting us at email@example.com.
Any such inquiry must include “California Privacy Rights Request” in the first line of the description and include name, street address, city, state, and ZIP code. Please allow thirty (30) calendar days for a response. Also, we are only required to respond to one request per Client, User or Patient each year, and we are not required to respond to requests made by means other than through the email address above.
This policy establishes procedures that reflect the principles in PIPEDA. In summary, the principles are:
Several provincial statutes have also been deemed substantially similar to PIPEDA. Under paragraph 26(2)(b) of PIPEDA, the Governor in Council can exempt an organization, a class of organizations, an activity or a class of activities from the application of PIPEDA with respect to the collection, use or disclosure of personal information that occurs within a province that has passed legislation deemed to be substantially similar to the PIPEDA. For more information, please visit the website for the Office of the Privacy Commissioner of Canada.
Please take a second to fill out the form below and we'll be in touch shortly.
You have successfully submitted the price request. Our team member will get in touch with you shortly.