Privacy Policy

Last updated: March 10, 2025


This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use our services (“Service”). It also explains your privacy rights and how various laws protect you. We are committed to safeguarding your data and follow industry best practices as well as all applicable privacy regulations. This includes compliance with healthcare privacy laws like the U.S. Health Insurance Portability and Accountability Act (HIPAA) and consumer data protection laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These laws provide strong protections and rights for individuals over their personal data​, and we incorporate their requirements into our privacy practices. By using our Service, you acknowledge that your information will be handled as described in this Privacy Policy.


Interpretation and Definitions

Interpretation

The words with initial letters capitalized have meanings defined under the conditions below. These definitions shall have the same meaning regardless of whether they appear in singular or in plural form.


Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Red Bear Care, LLC.
  • Cookies are small files placed on your computer, mobile device or any other device by a website, containing details of your browsing history on that website among other uses.
  • Country refers to: Texas, United States.
  • Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website (the Red Bear Care website and any related online services).
  • Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on Our behalf, to perform services related to the Service, or to assist Us in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to Red Bear Care, accessible at https://redbearcare.com.
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • HIPAA means the U.S. Health Insurance Portability and Accountability Act of 1996, a federal law that establishes national standards for the protection of certain health information​.
  • Protected Health Information (PHI) means individually identifiable health information that relates to an individual’s physical or mental health condition, the provision of health care, or payment for health care. PHI is protected under HIPAA’s Privacy Rule and includes health information such as medical records and billing information​.
  • GDPR means the General Data Protection Regulation, a comprehensive data protection law in the European Union that governs how personal data is processed and grants individuals extensive rights over their personal information​.
  • CCPA means the California Consumer Privacy Act of 2018, a state privacy law that gives California consumers rights to know about, access, delete, and restrict the sale of their personal information, among other protections​.


Collecting and Using Your Personal Data


Types of Data Collected

Personal Data

While using our Service or interacting with us, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable information we collect may include, but is not limited to:

  • Name and Contact Information: Your full name, email address, telephone number, and postal address. This information allows us to communicate with you and fulfill your requests (for example, to schedule services or respond to inquiries).
  • Health and Medical Information: If you or someone in your care becomes our client for home care or wellness services, we may collect relevant health information (such as medical conditions, medications, health history, and care plans) to provide appropriate care. This health information is considered Protected Health Information (PHI) and is handled in accordance with HIPAA’s strict privacy requirements.
  • Account Credentials: If you create an account with us, we may collect login credentials like username and password to identify and secure your account.
  • Payment and Billing Information: If you pay for services, we collect payment details (such as credit card information or insurance information) as needed to process transactions. We use secure payment processors to handle sensitive payment data.
  • Any Information You Provide Us: This includes information you submit through contact forms, referral forms, emails, or during phone calls. For example, if you fill out our contact form or send a message, we will collect the personal data you include in those communications.

We only ask for information that is relevant for the purpose at hand (such as providing care or responding to your requests). You may choose not to provide certain information; however, note that this may limit our ability to offer you some of our services or respond effectively to your needs.


Usage Data

Usage Data is collected automatically when using the Service. This data helps us understand how our Website and services are being used and to improve them.


Usage Data may include information such as your Device’s Internet Protocol address (IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. For example, when you visit our site, we may log which pages you viewed and for how long.


When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to: the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and other diagnostic data. We may also collect information that your browser sends whenever you visit our Website or when you access the Website by or through a mobile device.


Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on our Website and store certain information. Tracking technologies used may include cookiesbeaconstags, and scripts to collect and track information and to improve and analyze our Service. For instance, cookies allow us to remember your preferences and recognize you on subsequent visits.


The technologies we use include:

  • Browser Cookies: A cookie is a small file placed on your Device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Service. Unless you have adjusted your browser settings to refuse cookies, our Website may use cookies to enhance your experience. Cookies can be “persistent” (staying on your device after you close your browser) or “session” (deleted when you close your browser). For example, we use essential session cookies to enable core site functionality and security, and we use persistent cookies to remember your preferences (such as language or cookie consent choices).
  • Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as web beacons (also called clear GIFs, pixel tags, or single-pixel GIFs). These beacons allow the Company to count users who have visited certain pages or opened an email and to gather other related website statistics (for example, recording the popularity of specific content and verifying system integrity).


We use both session and persistent cookies for the purposes outlined in this Policy, such as: (a) Necessary Cookies to provide you with services on our Website and enable key features (for example, keeping you logged in to your account and preventing fraudulent use of accounts); (b) Preference Cookies to remember your preferences and provide a more personalized experience; and (c) Analytics Cookies to understand how visitors use our site and improve functionality (if applicable).


Your choices regarding cookies: You can manage or disable cookies through your browser settings. Most web browsers allow you to control cookies through their settings preferences. Please note that if you disable cookies, some features of our Service may become unavailable or not function properly. For more detailed information on the cookies we use and your options, please see our separate Cookies Policy or the Cookies section of this Privacy Policy. By using our Website without adjusting your browser settings to disable cookies, you consent to our use of cookies as described here.


SMS Disclosure

If you consent to receive SMS from Red Bear Care, you agree to receive Notifications, Alerts & Conversational Messages SMS from us. Reply STOP to opt-out; Reply HELP for support; Message & data rates may apply; Messaging frequency may vary.

SMS opt-in or phone numbers for the purpose of SMS are not being shared with any third party and affiliate company for marketing purposes


Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and improve our services: We use your information to perform our core services and business operations. This includes using personal and health information to deliver in-home care, home health, and wellness services you have requested. For example, we use your information to schedule caregiver visits, provide medical or therapeutic care, monitor your (or your loved one’s) condition, and ensure continuity of care. Under HIPAA, we are permitted to use and disclose PHI for treatment purposes (providing care to you), payment purposes (billing and processing payment for services), and our health care operations (administrative activities to support our services)​.
  • To maintain and monitor our Service: We use data to operate and maintain the functionality of our Website and services. For instance, we monitor usage of the site, diagnose technical issues, and analyze metrics to make sure the Service is working securely and effectively.
  • To manage your account: If you register an account with us, we use your information to manage your user account (e.g. setting up your login, authenticating you, and managing any user-specific settings or preferences). This allows you to access certain features or sections of our Service available only to registered users.
  • For the performance of a contract: When you purchase or engage our services, we process your personal data to fulfill that contract. This includes processing payments, communicating about your service agreement, and carrying out our obligations and responsibilities in providing care or other services you have requested.
  • To contact you: We may use your contact information to communicate with you. This can include sending you administrative emails, calling you in response to an inquiry, sending appointment reminders or scheduling updates, and sending SMS or push notifications if you have enabled them. We may contact you regarding updates to services, important safety or security information, or other notices necessary for the functioning of the Service.
  • To send you news and marketing communications: With your consent (or as otherwise permitted by law), we may use your information to send you newsletters, promotional materials, or information about services and events that we offer. For example, we might inform you of new wellness programs or special offers related to services similar to those you’ve inquired about or received in the past. You have the choice to opt out of receiving such marketing communications at any time (see “Your Privacy Rights” and FAQ sections for how to manage your preferences).
  • To manage your requests: If you contact us with questions, requests, or feedback (for example, asking about services or requesting support), we will use your information to respond to and fulfill those requests.
  • For business transfers: We may use and disclose your information as part of evaluating or executing a business transfer, such as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. In such transactions, personal data held by us about our users or clients may be among the assets transferred (see the Business Transfers section below for more detail).
  • For other purposes with your consent: We may use your information for purposes not listed here, but only with your explicit consent. For instance, if we ever wish to use a client testimonial or photo on our website, we would seek your consent. If we are processing your personal data based on consent, you have the right to withdraw that consent at any time.


We will not use your personal data for purposes that are incompatible with those described above without first updating this Privacy Policy or obtaining your additional consent as required. We do not use your data for any kind of automated decision-making or profiling that has legal or significant effects on you, unless explicitly stated and in compliance with applicable law.


Retention of Your Personal Data

We will retain your Personal Data only for as long as necessary to fulfill the purposes we collected it for, including to provide you services and to satisfy any legal, accounting, or reporting requirements. This means we retain your data for the duration of your relationship with us and thereafter for only as long as required by law or our legitimate business needs.


For example, we retain certain records to comply with healthcare laws and regulations, tax laws, or dispute resolution purposes. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, certain health records may be kept for a minimum period as required by law), to resolve disputes, and to enforce our agreements.


We also retain Usage Data for internal analysis purposes. Usage Data is generally kept for a shorter period, unless we need it to strengthen the security or improve the functionality of our Service, or we are legally obligated to retain it for longer.


If you request deletion of your data (see “Delete Your Personal Data” below), we will delete the information from our active systems and cease using it. However, we may keep a limited amount of information if required for legal compliance or legitimate business purposes (e.g. keeping a record that you opted out of communications, or retaining required medical records). When Personal Data is no longer necessary, we securely dispose of it or anonymize it.


Transfer of Your Personal Data

Our Company is based in the United States, and your information, including Personal Data, may be processed at our operating offices in the U.S. and in any other locations where the parties involved in processing are located. This means your information might be transferred to — and maintained on — computers or servers located outside of your state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in your jurisdiction.


If you are located outside the United States and choose to provide information to us, please note that we will transfer your data to the U.S. to process it. We take steps to ensure that appropriate safeguards are in place to protect your privacy when your data is transferred internationally. In particular, if you are in the European Economic Area (EEA) or United Kingdom, we will only transfer your personal data in compliance with GDPR requirements. This may include using European Commission-approved Standard Contractual Clauses or transferring data to jurisdictions that have been officially deemed to provide an adequate level of data protection.


Your submission of information to us, followed by our processing of it, will be understood as your consent to this transfer, if such consent is required by law. In any case, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We will not transfer your Personal Data to an organization or a country unless there are adequate controls in place to protect your information. These measures may include contractual obligations on the recipient of the data to safeguard your privacy (such as data processing agreements or international data transfer agreements), as well as technical measures like encryption and pseudonymization.


Delete Your Personal Data

You have the right to request deletion of the personal data we have collected about you. Our Service and processes provide you with the ability to delete certain information about yourself, and you can always contact us to request that we delete your personal information.

If you have an account on our Website, you may be able to delete or remove some personal data by logging into your account settings. For example, you can update or remove profile information you provided. In addition, you may contact us at any time to request access to, correction of, or deletion of any personal information you have provided to us.

When we receive a verified request to delete personal data, we will do so, unless an exception applies. Please note that we may need to retain certain information if we have a legal obligation or other lawful basis to do so. For instance, even if you request deletion, we might retain minimal information to demonstrate compliance with your request, to resolve disputes, or as required for legal compliance (e.g. retaining transaction records for financial auditing or maintaining medical records for the period mandated by health regulations). We will inform you if we are unable to delete certain data due to a legal requirement or other exception.


Disclosure of Your Personal Data

We do not disclose or share your personal data except in the circumstances described here and in accordance with applicable law. We do not sell your personal information to third parties for monetary consideration. Situations in which we may disclose personal data include:

  • Third-Party Service Providers: We may share your personal information with third-party service providers who perform services and functions on our behalf (see Third-Party Service Providers section below for details). For example, we might use a cloud hosting provider to store data or an email service to send communications. In such cases, the service providers are only given the information necessary to perform their specific task, and they are contractually obligated to protect your data and use it only for the purposes we specify.
  • Business Transactions: If the Company is involved in a merger, acquisition, financing, reorganization, bankruptcy or asset sale, your Personal Data may be disclosed and transferred to a buyer or successor entity as part of that transaction. We will provide notice to you (for example, via email or by posting on our site) before your Personal Data is transferred and becomes subject to a different privacy policy or terms.
  • Compliance with Law Enforcement and Legal Obligations: Under certain circumstances, we may be required to disclose your Personal Data in response to valid legal requests by public authorities (e.g. a subpoena, court order, or government demand). We may also disclose your information if we believe in good faith that such action is necessary to: (a) comply with a legal obligation or applicable law, (b) protect and defend the rights, property, or safety of the Company, our clients, or others, (c) investigate or prevent wrongdoing in connection with our services, (d) enforce our agreements and policies, or (e) protect against legal liability. For example, healthcare providers may be obligated by law to report certain information in instances of abuse or neglect​. Any disclosure for legal compliance will strictly follow the applicable laws and regulations, and we will limit the information disclosed to what is lawfully required.
  • Franchisor: We may share your information with our franchisor as required by our franchise agreement.


We are committed to ensuring any disclosure of your personal data is handled with care for your privacy. Where feasible and lawful, we will notify you if we must disclose your information in response to a legal demand. We also retain the right to challenge requests that we believe are invalid or excessive.



Security of Your Personal Data

We value the security of your personal data. We implement administrative, physical, and technical safeguards to protect your information from unauthorized access, use, alteration, and destruction​. These measures are designed to provide a level of security appropriate to the risk of processing your personal data. For example, we utilize encryption protocols to protect sensitive data during transmission and storage (electronic health records and financial information are secured using strong encryption standards)​. We employ access controls so that only authorized personnel with a legitimate need can access personal information. Our facilities and systems are secured to prevent unauthorized intrusion, and we continuously monitor for potential vulnerabilities and attacks.


We also train our staff on privacy and security best practices. All employees and contractors who handle personal data (especially health information) undergo privacy training to ensure they understand their obligations under HIPAA, GDPR, CCPA, and other applicable laws. Regular training and education promote consistent, compliant handling of protected health information and help reduce the risk of data breaches​. We maintain internal policies and incident response plans to address any potential privacy or security incidents swiftly and effectively.


Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable and industry-standard means to protect your Personal Data, we cannot guarantee its absolute security. However, we continuously update and improve our security practices to adapt to new threats and protect your data. If a security breach affecting your personal data occurs, we will follow all applicable breach notification laws to inform you and the proper authorities of the incident.


Third-Party Service Providers

We may employ third-party companies and individuals to facilitate our Service and to help us operate our business. These Third-Party Service Providers perform tasks such as web hosting, data storage, email delivery, analytics, payment processing, customer relationship management, and IT support on our behalf. We share your personal data with these providers only to the extent necessary for them to perform their functions and only for legitimate purposes consistent with those described in this Policy.


Examples of third-party providers we use include: website and database hosting services (to store our Website and data securely), email and SMS platforms (to send appointment reminders or newsletters), analytics tools (to help us understand usage of our Website), payment processors (to securely handle credit card transactions if you pay online), and cloud software providers (to manage client records or health information). These third parties are bound by contractual obligations to keep personal data confidential and to use it solely for the purpose of providing their services to us. We require that our service providers implement security measures to protect your data in line with this Privacy Policy and applicable laws.


If any third-party service provider processes Protected Health Information on our behalf (for example, a secure electronic medical records system or a billing service dealing with health insurance), we will have a formal Business Associate Agreement (BAA) in place with them as required by HIPAA. A BAA legally requires the service provider to safeguard PHI and to use and disclose it only as allowed by HIPAA and our agreement​. Similarly, for providers handling personal data of individuals in the EU/EEA, we ensure there are Data Processing Agreements or equivalent clauses in place to satisfy GDPR requirements for data processors.

We do not allow our third-party providers to sell, rent, or use your personal information for their own marketing or other independent purposes. If we stop using a third-party service provider, we require them to return or securely destroy any personal data of ours in their possession.


In summary, third-party service providers are only given access to the information necessary to perform services on our behalf, and they are obligated to protect your data. If you have questions about specific providers we use, you may contact us for more information.


Business Transfers

As our Company grows or undergoes changes, there may be instances where we transfer business ownership or assetsthat include personal data. If Red Bear Care is involved in a merger, acquisition, investment financing, reorganization, bankruptcy, receivership, or sale of all or a portion of the company, your personal data may be among the assets transferred to the new owner or successor entity.


In such a case, we will ensure that the acquiring party is contractually obligated to handle your personal information in a manner that is consistent with this Privacy Policy (unless you are notified of new terms and consent to them). We will provide you with notice before your Personal Data is transferred and becomes subject to a different privacy policy. This notice may be provided via email and/or a prominent notice on our Website.


Any entity that acquires us or part of our business will have the right to continue using your data, but only as set forth in this Privacy Policy (unless you are informed otherwise). If the new entity proposes to make material changes in how your data is used or disclosed, we will obtain any required consents from you.

Please be aware that in the event of bankruptcy or insolvency, personal data may be transferred to creditors or third parties as part of the business assets. However, even in such events, we will strive to protect the confidentiality of your personal information.


Our commitment to your privacy will continue to apply to your personal data even if ownership of the Company changes.


Franchisor

We may share your information with our franchisor as required by our franchise agreement. This may include personal data necessary for operational support, compliance with franchise standards, marketing initiatives, performance evaluations, and customer service enhancements. Our franchisor may use this information to ensure compliance with brand policies, improve service offerings, and manage the overall franchise network. Any information shared with the franchisor will be handled in accordance with their privacy policies and applicable laws.


HIPAA and Health Information Privacy

Red Bear Care provides home health and wellness services, which means we handle health-related information about our clients. We are classified as a covered entity under HIPAA, and we strictly comply with the HIPAA Privacy Rule to protect Protected Health Information (PHI). The HIPAA Privacy Rule establishes national standards to safeguard individuals’ medical information and gives patients rights over their health information​.


Use and Disclosure of PHI: In general, we only use or disclose your health information as permitted or required by HIPAA and other applicable laws. HIPAA allows us to use and disclose PHI for certain key purposes without your explicit authorization, notably for Treatment, Payment, and Health Care Operations (TPO)​. This means we may use your health information to provide you with medical or care services (treatment), to bill and obtain payment for those services, and for our internal operations that support treatment and payment (such as quality improvement, staff training, or licensing activities). For example, a caregiver may share relevant health information with your doctor to coordinate your care, or we may use your information to manage and improve our care services.


There are also instances where we may use or disclose PHI when required or permitted by law. For example, we might be obligated to report certain information to public health authorities or law enforcement if required by state or federal laws (such as reporting suspected elder abuse or communicable diseases)​. In such cases, we will only disclose the minimum necessary information and only to the extent that the law requires or allows.


For any use or disclosure of your PHI outside of the core uses listed above, we will obtain your written authorization. Uses and disclosures that typically require your authorization include, for instance, releasing your health information to a third party for marketing purposes or sharing detailed health records with a family member or other person not directly involved in your care (unless otherwise allowed by HIPAA). You have the right to refuse or revoke any authorization you give us. If you provide consent for a particular use of your PHI, you may later withdraw (revoke) that consent, and we will honor your decision going forward​. (Please note that we cannot undo any disclosures made while your authorization was in effect, but once you revoke it, we will stop the future use/disclosure of your PHI for that purpose.)


We adhere to the HIPAA “minimum necessary” rule, which means that when we use or disclose PHI or request it from others, we make reasonable efforts to limit the information to the minimum necessary to accomplish the intended purpose. Our staff are trained to handle PHI discreetly and to only access what they need to perform their duties.


Your HIPAA Privacy Rights: Under HIPAA, you have several important rights with respect to your Protected Health Information. These include the right to:

  • Access your PHI: You can request copies of the health and medical information we maintain about you in our designated record set (for example, care notes, service records, or billing records). We will generally provide access to this information within 30 days of your request (or as required by law), either electronically or in paper format, according to your preference. You also have the right to inspect your records in person. (There are some limited exceptions to what we can provide, such as psychotherapy notes or information compiled for legal proceedings, per HIPAA rules.)
  • Request amendments: If you believe that any health information we have about you is incorrect or incomplete, you have the right to request that we correct or update it. We may ask that your request be in writing and provide a reason. If we deny your request (for example, if we believe the information is accurate as is), we will provide an explanation, and you have the right to have your disagreement noted in the record​.
  • Receive an accounting of disclosures: You have the right to request a list (accounting) of certain disclosures of your PHI that we have made to third parties. This accounting will list, for a specified time period (up to the past 6 years), certain disclosures made for purposes other than treatment, payment, healthcare operations, and a few other exceptions. For example, if we disclosed information pursuant to a court order or to public health authorities, those could appear in the accounting. We will provide this report to you as allowed by law​.
  • Request restrictions: You have the right to ask us to restrict the use or disclosure of your PHI in certain situations. For example, you might request that we not share certain information with a particular family member or that we not use a certain piece of information for treatment purposes. We will consider all requests, and while we will try to accommodate reasonable requests, we are not required to agree to a requested restriction in most cases (except in specific situations, such as if you pay for a service fully out-of-pocket and request that we not disclose that information to your health insurer, we must comply with that restriction under HIPAA). If we do agree to a restriction, we will abide by it​.
  • Request confidential communications: You can request that we communicate with you about health matters in a specific way or at a specific location. For instance, you may ask that we contact you only at a certain phone number or send mail to an alternate address. We will accommodate reasonable requests for confidential communications as required by HIPAA​.
  • Revoke authorization: If you have given us an authorization to use or disclose your PHI for a purpose not otherwise allowed by law, you have the right to revoke (cancel) that authorization at any time, in writing. Once we receive your revocation, we will no longer use or disclose your PHI for the purposes covered by that authorization, except to the extent we have already taken action in reliance on it​.


We uphold all these rights for our clients. To exercise any of your HIPAA rights, you can contact us using the information in the “Contact Us” section below. We may need to verify your identity (and authority, if you are requesting on behalf of someone else) before fulfilling certain requests. There is generally no cost for exercising these rights, though if you request additional copies of records, we may charge a reasonable fee for copying or mailing. We will not retaliate against you or deny you services for exercising your HIPAA rights; your care and services will remain the same regardless of your privacy choices.


(These rights are provided under HIPAA regulations and our internal policies are designed to facilitate them​.)

If you believe your privacy rights have been violated, you also have the right to file a complaint. You can file a complaint with us (so we can address the issue) or directly with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). We will provide you with the contact information for OCR upon request. We encourage you to reach out with any concerns, and we will not penalize or retaliate against you for making a complaint.


GDPR Compliance (EEA and UK Users)

If you are located in the European Economic Area (EEA), United Kingdom, or another region with laws governing data collection and use that differ from U.S. law, the GDPR (and/or applicable UK data protection laws) provides you with specific rights and we are committed to ensuring compliance with those laws when we process your personal data.


Lawful Bases for Processing: We only process your personal data when we have a valid legal basis to do so under GDPR. This means that for each use of your data (see “Use of Your Personal Data” above), at least one of the following bases applies:

  • Performance of a contract: We process data to provide the services you have requested – for example, using your information to deliver care services or to manage your account is necessary to fulfill our contract with you.
  • Your consent: In some cases, we rely on your consent to process personal data – for instance, when sending marketing emails or, for EEA users, when placing non-essential cookies on your device. Where consent is the basis, you have the right to withdraw your consent at any time (with effect going forward).
  • Legitimate interests: We may process data as needed for our legitimate interests in running and improving our business and services – for example, improving our Service functionality or securing our systems – provided that these interests are not overridden by your data-protection rights and interests. We will not use this basis for processing if we determine that your privacy interests outweigh our business interests.
  • Legal obligation: In some situations, we need to process data to comply with a legal obligation – for example, retaining certain transaction records for tax purposes or health records to meet regulatory requirements.
  • Vital interests: Though unlikely to apply, we could process data to protect your vital interests or those of another person (for example, providing information to a hospital in a life-threatening situation).
  • Public interest: If ever applicable, we would process data in the public interest or under official authority, but this is generally not relevant to our private company services.


We will clearly inform you when we collect your data which basis applies, especially when we ask for consent (you’ll have a free choice).


Your Rights under GDPR: If you are an individual in the EEA or UK, you have extensive rights under the GDPR regarding your personal data. These include the right to:

  • Be Informed: You have the right to be informed about how we collect and use your personal data, which is one reason we provide this detailed Privacy Policy. We strive for transparency in our communications.
  • Access Your Data: You can request confirmation of whether we are processing your personal data, and if so, request a copy of the personal data we hold about you (commonly known as a “data subject access request”). We will provide you with a copy of your data in a commonly used electronic format, or in another format if reasonably requested​.
  • Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. Upon your request, we will rectify any inaccurate information about you without undue delay​.
  • Erasure (Right to be Forgotten): You have the right to request deletion of your personal data when it is no longer needed for the purposes for which it was collected, or if you withdraw consent (where applicable) or object to processing and we have no overriding legitimate grounds to retain it. We will honor valid requests for erasure unless we are legally required or permitted to retain the data (for example, if we must keep certain records for compliance or if the data is needed to establish or defend legal claims.
  • Restriction of Processing: You can ask us to restrict or pause the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data, or you want us to preserve data while you believe processing is unlawful but do not want it erased, or you have objected to processing and await verification of overriding grounds. When processing is restricted, your data will only be stored by us and not otherwise processed until the restriction is lifted (except for certain exceptional purposes such as legal claims)​.
  • Data Portability: You have the right to receive personal data that you have provided to us in a structured, commonly used, machine-readable format, and the right to have that data transmitted to another data controller where technically feasible. This right applies when processing is carried out by automated means and is based on your consent or on a contract (for example, if you provided us data and want to port it to another service provider)​.
  • Object to Processing: You have the right to object to our processing of your personal data in certain situations. In particular, you can object to processing carried out for our legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for those purposes immediately. If you object on other grounds (e.g., processing based on legitimate interests), we will evaluate your request and will no longer process the data unless we demonstrate compelling legitimate grounds for the processing that override your rights and interests, or if processing is needed for legal claims​.
  • Not be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you​. (Note: Red Bear Care does not engage in automated decision-making or profiling in any manner that would infringe this right. We do not make solely automated decisions about you with legal or significant impact.)
  • Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time​. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other lawful bases. For example, if you consented to receive our newsletter, you can unsubscribe at any time, and we will stop sending it.
  • Complaint to a Supervisory Authority: You have the right to lodge a complaint with your country’s data protection authority (Supervisory Authority) if you believe we have infringed your data protection rights. We would appreciate the chance to address your concerns first by contacting us directly, but you are free to contact the Supervisory Authority at any time.


We facilitate all of these rights for data subjects in the EEA/UK. To exercise your GDPR rights, please contact us (see “Contact Us” section). We may need to verify your identity to ensure that personal data is not disclosed to an unauthorized person. We will respond to your request without undue delay and within one month of receipt of the request. If your request is complex or if we have received numerous requests, this period may be extended by an additional two months, but we will inform you of the extension and the reasons for it within the initial one-month period​. We will not charge you a fee for making a request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.


We also commit to transparency and fair processing of your data. If we ever intend to further process personal data for a new purpose that is not compatible with the purposes for which it was originally collected, we will provide you with information on that new purpose and any other relevant information, and obtain your consent if required.


CCPA Compliance (California Residents)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The CCPA gives consumers (California residents) more control over their personal information that businesses collect. We are committed to complying with the CCPA and extending its core principles of transparency and control to our users.


Categories of Personal Information: In the past 12 months, we have collected the categories of personal information described in the “Types of Data Collected” section of this Policy. For a quick recap, this may include identifiers like name, contact details, and IP address; characteristics of protected classifications (if you provide health-related information, which could relate to medical conditions); internet or other electronic network activity information (through usage data and cookies); and in some cases, professional or employment-related information (if you apply for a job with us). We collect these categories of information for the business and commercial purposes outlined in “Use of Your Personal Data.” We do not sell your personal information (as “sell” is defined under CCPA), and we do not share it for cross-context behavioral advertising without your consent.


Your Rights under CCPA: As a California resident, the CCPA (as amended by CPRA) provides you with the following rights regarding your personal information:

  • Right to Know: You have the right to know what personal information we collect, use, disclose, and share about you​. This includes the right to request that we disclose the specific pieces and categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it. Upon verifiable request, we will provide this information for the 12-month period preceding your request (and you may request such disclosure up to twice in a 12-month period).
  • Right to Delete: You have the right to request that we delete any personal information we have collected from you and retained, subject to certain exceptions​. Once we receive and confirm a verifiable deletion request from you, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. For example, we may retain information needed to complete a transaction you requested, to comply with a legal obligation (such as maintaining medical records or tax records for the required period), to detect security incidents, or other purposes permitted by CCPA. We will inform you of any such exceptions that apply to your request.
  • Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information by a business, or the sharing of your personal information for cross-context behavioral advertising​. However, as noted, we do not sell your personal information and do not share it for behavioral advertising in a way that is covered by the CCPA’s opt-out provisions. If in the future we ever consider selling personal data, we will provide a clear “Do Not Sell or Share My Personal Information” link on our website and honor any opt-out preferences (including any global privacy control signals from your browser, such as the GPC).
  • Right to Correct: Effective January 1, 2023, you have the right to request that we correct inaccurate personal information that we maintain about you​. If you believe any of your information is incorrect, please let us know and upon verification, we will correct it as required.
  • Right to Limit Use of Sensitive Information: If we collect “sensitive personal information” (as defined by CCPA) about you, you have the right to direct us to limit the use of that information to those uses which are necessary to provide the services. Sensitive personal information includes things like account login credentials, precise geolocation, health information, etc. We only use sensitive information (such as health data) to provide our services or as otherwise permitted by law, and we do not use or disclose sensitive information for purposes other than those allowed by CCPA. If at any time you wish to exercise this right to limit (in the event we use sensitive data for additional purposes), we will honor that request​.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for exercising any of your CCPA rights​. This means we will not deny you our services, charge you different prices, or provide a different level of quality of service just because you exercised your rights under CCPA. (Keep in mind that if you ask us to delete your information, and that information is necessary to provide you a service, we may not be able to continue providing that service. But we will never punish you for making a request.)
  • Shine the Light: Separately from CCPA, California’s “Shine the Light” law (Civil Code § 1798.83) allows users who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes. However, Red Bear Care does not disclose personal information to third parties for their direct marketing purposes without consent. If you have questions about this, you can contact us.


Exercising Your California Privacy Rights: If you are a California resident and wish to exercise the rights listed above (Right to Know, Delete, Correct, or Limit Use of Sensitive Info), you may submit a request to us through the contact methods listed in the “Contact Us” section of this Policy. Please indicate that you are a California resident making a “CCPA request.” We will need to verify your identity to process certain requests – this may involve asking you to provide additional information or to log into your account (if applicable) so we can match your identity with our records. For requests to know or delete, California law requires us to obtain a verifiable consumer request from you or your authorized agent.


If you designate an authorized agent to make requests on your behalf, we will take steps to verify the agent’s authorization and may also require confirmation from you that the agent is permitted to act on your behalf.

We will respond to your request within 45 days as required by CCPA. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing. Our response will explain the actions we took on your request. For data access requests, we will either provide the information requested or explain if we cannot fulfill part or all of your request (due to an exemption, for example). For deletion requests, we will confirm which parts of your data we have deleted and if any exceptions apply.


As noted, we do not sell personal information, so the right to opt-out of sale is not applicable in our case. We also do not offer financial incentives for your data that would require explicit opt-in consent under CCPA.

We will not discriminate against you for exercising any of your CCPA rights. In the unlikely event you feel any aspect of our service has changed because you exercised your rights, please notify us immediately so we can address it.


Children’s Privacy

Our Service is not directed to anyone under the age of 13, and we do not knowingly collect personally identifiable information from children under 13 years of age. If you are under 13, please do not use our Website or send us personal information. In the event we learn that we have inadvertently collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete such information from our records. If you are a parent or guardian and you discover that your child under 13 has provided us with personal information, please contact us so that we can delete their information.


For teenagers between 13 and 18, our policy is that they should only use our services with the involvement of a parent or guardian. If we need to rely on consent as a legal basis for processing a minor’s information and your jurisdiction requires parental consent, we will require a parent’s or guardian’s consent before we collect and use that information.


We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and other applicable laws protecting children’s privacy. If you have any concerns about your child’s personal data, please contact us using the information provided in the Contact Us section.


Links to Other Websites

Our Service may contain links to other websites that are not operated by us (for example, informative blog posts may link to external resources, or we may provide links to partner organizations). If you click on a third-party link, you will be directed to that third party’s site. We strongly encourage you to review the Privacy Policy of every website you visit, as we are not responsible for the privacy practices of other sites.


We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. This Privacy Policy applies solely to information collected by Red Bear Care through our own Service. If you follow links to other sites, those sites may collect your information under their own policies.


Changes to this Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Privacy Policy on this page and update the “Last updated” date at the top. If the changes are significant, we will notify you of the update by additional means, such as by sending an email notification or by placing a prominent notice on our website prior to the change becoming effective.


We encourage you to review this Privacy Policy periodically for any updates. Your continued use of our Service after the updated Privacy Policy has become effective will signify your acceptance of those changes. If you do not agree with changes to the Privacy Policy, you should stop using the Service and contact us if you wish to have your data removed.


Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights or make requests regarding your personal data, you can contact us by using the following information:

  • By phone: (832) 930-6689
  • By mail: Red Bear Care, 2503 South Blvd, Houston, TX 77098, USA
  • By email: [Please call us or use the contact form on our Website to request email contact]

(We provide an email or secure form for privacy inquiries on our Website. Please visit our Contact page to submit an inquiry, and include “Privacy” in your message.)


We will respond to your inquiries or requests as promptly as possible, and no later than required by applicable law. Your feedback and questions are welcome.



Frequently Asked Questions (FAQ)

Q: What personal information do you collect about me?
A: We collect information needed to serve you and run our business. This includes basic contact information (like your name, email, phone number, and address) that you provide when inquiring about our services or signing up. If you become a client, we also collect relevant health and medical information about you or the person in your care so that we can provide proper home care or health services – for example, medical conditions, medications, and care preferences (this is considered protected health information). We collect usage data automatically when you use our website (such as your IP address, browser type, and pages visited) to help improve our site. We may also gather any other information you choose to give us (for instance, details you share in a message or on a form). We do not collect sensitive personal details that aren’t necessary, and we explain our data collection in more detail in our Privacy Policy’s “Types of Data Collected” section.


Q: How do you use my information?
A: We use your information only for legitimate and intended purposes. Primarily, we use it to provide you with services– for example, using your health information to develop a care plan and using your contact info to communicate with you about scheduling or updates. We also use data to maintain and improve our services and website (such as monitoring site performance or troubleshooting issues). With your permission, we might use your contact info to send you newsletters or offers about our services (and you can opt out of these at any time). Additionally, we use information to respond to your requests (if you ask a question, we’ll use your info to answer), to manage any account you create with us, and to comply with legal requirements (like keeping necessary records). Rest assured, we do not use your personal data for unrelated purposes without your consent. We outline all the ways we use data in the Privacy Policy for full transparency.


Q: Do you share my information with others?
A: We do not sell your personal information to anyone. We only share your information in a few specific situations: (1) With service providers who work for us – for example, an IT hosting company that stores our database or an email service that sends out our newsletters. These providers are bound by contracts to only use your data for our needs and to keep it confidential. (2) With your healthcare providers or family, if applicable – if you are receiving care and there’s a need to coordinate with your doctor or inform an emergency contact, we will share information as needed and as allowed by law (and usually with your consent). (3) If required by law or for safety – for instance, if a court order or regulation requires us to report something, or if sharing information could protect someone’s health or safety, we will comply with the law (while trying to inform you whenever possible). (4) In a business transfer – if our company is ever merged with another or sold, your information might transfer to the new owners, but they would also be required to protect it in line with our Privacy Policy. Other than these scenarios, we do not give out your personal data. And in all cases, we only share the minimum necessary information and ensure that any third parties handle it with care and legal compliance.


Q: How do you protect my data?
A: We take data security very seriously. We have put strong security measures in place to safeguard your personal information​. This includes technical measures like encryption (we encrypt sensitive data and communications to prevent unauthorized access) and secure servers protected by firewalls. We also maintain strict administrative and physical controls – for example, only authorized staff can access your information, and they receive privacy training to handle it properly. We regularly update our systems and monitor our network for vulnerabilities or breaches. If we store health information electronically, we do so in compliance with HIPAA’s Security Rule, which means we use appropriate administrative, physical, and technical safeguards to ensure the confidentiality and integrity of that data. While no security system is perfect, we continuously work to protect your data and we have procedures to address any potential security incident swiftly. If you have specific questions about our security practices, we’re happy to discuss them with you.


Q: Are you HIPAA compliant? How does HIPAA protect my health information?
A: Yes, we are fully HIPAA compliant. HIPAA is a federal law in the U.S. that requires us to keep your health information private and secure. In practice, this means we only use your health information for purposes of treatment, payment, and healthcare operations – essentially, to care for you and run our healthcare services – or if required by law. We won’t disclose your medical details to anyone else (such as other family members, employers, or marketers) unless you give us written permission. HIPAA also gives you specific rights over your health data, like the right to get a copy of your care records, the right to request corrections to those records, and the right to know who else has seen your information. We have put in place all the safeguards that HIPAA mandates: for example, we train our staff on HIPAA rules, we secure our medical records, and we sign agreements with any partner who might handle your data to ensure they protect it too. In short, HIPAA sets the rules for how we must protect your health info, and we follow those rules strictly to maintain your confidentiality and trust.


Q: I live in the EU/EEA or UK – what are my rights under GDPR?
A: If you are in the EU, EEA, or UK, the GDPR grants you several key rights regarding your personal data. These include: the right to access your data (you can ask us to confirm if we have your data and request a copy), the right to rectification (you can ask us to correct any inaccurate or incomplete information about you), the right to erasure (the “right to be forgotten,” allowing you to request deletion of your data when it’s no longer needed or if you withdraw consent), and the right to restrict processing (you can ask us to limit how we use your data in certain circumstances). You also have the right to data portability, meaning you can request your data in a portable format to transfer to another service. Additionally, you can object to certain processing – for example, you can object to use of your data for direct marketing, and we will stop using it for that purpose. If we ever do any automated decision-making that significantly affects you (which we currently do not), you have the right not to be subject to such decisions without human intervention. Importantly, if we are relying on your consent to process data, you have the right to withdraw consent at any time. And finally, you have the right to lodge a complaint with your national Data Protection Authority if you feel we’ve mishandled your data. We facilitate all these rights. To exercise them, just reach out to us and we will guide you through the process – for example, we might ask for verification of your identity and then promptly fulfill your request, usually within one month as required by GDPR​.


Q: I’m a California resident – what are my rights under the CCPA?
A: California residents have special rights under the CCPA. In summary, you have the right to know what personal information we collect, why we collect it, and who we share it with. You can request that we provide you with a copy of the specific pieces and categories of personal information we have about you, as well as the categories of sources and third parties related to that information​. You also have the right to request deletion of your personal information that we have collected (with certain exceptions – for example, we might retain information required for legal or internal purposes)​. Additionally, the CCPA gives you the right to opt out of the sale of your personal information. However, as we mentioned, we do not sell your personal data, so this right is more about us informing you that we don’t do sales. With the updates from CPRA, you also have the right to correct inaccurate information we hold about you and the right to limit the use of any sensitive personal information. Lastly, you have the right not to be discriminated against for exercising any of these rights – meaning we won’t deny you services or charge you different prices because you made a privacy request. To exercise any of your CCPA rights, you (or your authorized agent) can contact us and let us know what you would like to do (whether it’s accessing data, deleting data, etc.). We’ll verify your identity and respond to your request, typically within 45 days as required. Our goal is to make it easy for you to have transparency and control over your data.


Q: How can I exercise my rights or opt out of certain uses of my data?
A: Exercising your rights is simple – just contact us! For example, if you want to access or delete your data, correct something, or opt out of marketing emails, you can reach out via phone or mail (see the Contact Us section above) or use any designated method we provide (such as an email address or web form for privacy requests). Let us know what you’re requesting (e.g., “I’d like a copy of my information” or “Please delete my account data”). We will likely need to verify your identity to make sure we’re acting on the request from the correct person – we may ask some questions or use existing information to confirm it’s you. Once verified, we’ll take action on your request and inform you of the outcome or ask if we need more information. If you want to opt out of marketing emails, the fastest way is usually to click the “Unsubscribe” link in any newsletter or promotional email we send you; that will remove you from our mailing list. You can also tell us directly, and we will mark your preferences in our system (please note you might still receive essential service communications, like appointment reminders or policy updates, as those aren’t promotional). For cookies, you can adjust your browser settings to reject non-essential cookies, and if our site has a cookie consent banner, you can use that to manage preferences. If you are in California and wanted to opt out of any hypothetical “sale” of data, you could enable the Global Privacy Control (GPC) in your browser and we would honor it – again, we don’t sell data, so you’re opted out by default. In short, just communicate with us about what you want to do regarding your data, and we will help make it happen. There is no charge for making a request, and we’ll respond within the timeframes the law requires (usually within 1 month for GDPR requests, 45 days for CCPA requests, etc.). We’re here to assist you and ensure you have control over your personal information.


Q: Do you sell or rent my personal information to third parties?
A: No, we do not sell your personal information to third parties. We don’t exchange your data for money with any outside company – period. We also don’t rent out your information. The personal data you entrust to us is used strictly for the purposes of serving you (as explained in our policy) and for our internal needs. In a few cases, we might share data with third parties, but that’s only to help us run our operations (for example, giving information to a secure payment processor to bill your credit card, or using a cloud service to store records) – and those parties are not allowed to use your info for anything other than providing services to us. Under the CCPA’s broad definition of “sell,” even things like sharing data for targeted advertising could count as a sale, but we do not engage in that kind of data sharing either. If our practices change in the future, we would update our Privacy Policy and provide appropriate notices and opt-out mechanisms. But as of now, you can be assured that we do not sell your personal information to anyone.


Q: Will this Privacy Policy change, and if so, how will I know?
A: We may update this Privacy Policy from time to time to keep up with new laws or changes in how we operate. If we make any important (material) changes in the way we handle your personal data, we will let you know. We typically notify users of significant changes by posting a prominent notice on our website or by sending an email notification. The “Last updated” date at the top will always reflect the date of the latest changes. Minor updates (like clarifying wording) may be made without a special notice, so we encourage you to check this Policy periodically. If you continue to use our services after a Privacy Policy update, that will indicate your acceptance of the new terms. Of course, if any change required getting your consent (for example, if we ever wanted to use your data for a new purpose that requires consent), we would obtain that from you. We take your privacy seriously, so we won’t surprise you with changes – we aim to be transparent and keep you informed. If you ever have questions or concerns about a change in our Policy, please contact us and we’ll gladly explain.


Q: How can I contact you if I have a privacy question or complaint?
A: You can reach out to us through any of the contact methods provided in the Privacy Policy (see the Contact Us section above). The easiest way is to call us at (832) 930-6689 or send a letter to 2503 South Blvd, Houston, TX 77098, USA. If you prefer to communicate electronically, you can use the contact form on our website (our “Contact Us” page) to send us a message – just mention that it’s regarding privacy. Currently, we handle privacy inquiries via phone and mail to ensure we verify identity properly, but we can initiate an email conversation if needed once you reach out. When you contact us, please describe your question or issue in detail. For example, if you believe there’s been a misunderstanding about your data or you want to complain about something specific, let us know what happened and what you would like us to address. We will investigate and respond to any privacy complaints as soon as possible. Your trust is extremely important to us, and we will work to resolve any concerns to your satisfaction. Additionally, if you feel we have not adequately addressed your privacy-related complaint, you have the right to contact regulatory authorities (such as the Department of Health & Human Services for HIPAA issues, or your state’s Attorney General, or your country’s Data Protection Authority). However, we genuinely welcome the opportunity to resolve the matter directly with you first. Please don’t hesitate to get in touch for any reason – whether it’s a question about understanding this Policy, or a request regarding your data, or feedback about our privacy practices. We are here to help and listen.