REGISTER NOW

PRIVACY POLICY

Effective Date: October 16, 2025

Entity: Caryfy, LLC (“Caryfy,” “we,” “us,” or “our“)

Website: CareBusinessAdvisor.com

1. OVERVIEW AND SCOPE

This Privacy Policy explains how Caryfy collects, uses, discloses, protects, and manages Personal Data in connection with the CareBusinessAdvisor.com website and Services (the “Platform” or “Services“).

By accessing or using the Platform, you acknowledge that you have read and understand this Privacy Policy. This Policy is incorporated into and forms part of the Terms of Use.

1.1 Applicability

This Policy applies to:

  • Clients — individuals and entities that subscribe to Services or create accounts;
  • Visitors — anyone accessing the Platform website;
  • Prospective Clients — individuals requesting information about Services.

This Policy does not apply to third-party websites, applications, or services linked from the Platform.

2. INFORMATION WE COLLECT

2.1 Information Provided Directly

When you use the Platform, create an account, or contact us, we may collect:

  • Account Information: Name, email address, phone number, company name, job title, address;
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors);
  • Communication Data: Content of emails, messages, and customer support inquiries;
  • Subscription Data: Tier of service, subscription start/end dates, usage of Services.

2.2 Information Collected Automatically

When you visit the Platform, we automatically collect:

  • Technical Data: IP address, browser type and version, operating system, device type, device identifiers;
  • Usage Data: Pages visited, time spent on pages, links clicked, features accessed, searches performed;
  • Cookies and Similar Technologies: Cookie identifiers, tracking data (see Section 10);
  • Location Data: Approximate geographic location based on IP address (if applicable).

2.3 Information from Third Parties

We may collect information from:

  • Payment Processors: Confirmation of successful transactions;
  • Affiliates and Sub-Processors: Data shared for service delivery;
  • Publicly Available Sources: Information used to verify your identity or improve our Services.

2.4 No Special Categories of Data

Caryfy does not intentionally collect sensitive Personal Data including race, ethnicity, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or health data, except as explicitly authorized by Users in writing. Any such data collected must comply with applicable law (e.g., GDPR Article 9).

3. LEGAL BASIS AND DATA ROLES

3.1 Data Roles

Depending on jurisdiction and context, Caryfy acts as:

  • Data Controller — when processing data for its own business purposes (e.g., marketing, account management);
  • Data Processor — when processing data on behalf of a Client (e.g., if a Client uses the Platform to manage client information).

3.2 Legal Bases for Processing

Caryfy processes Personal Data on the following legal bases:

  • Performance of Contract: Processing necessary to provide Services;
  • Legitimate Interests: Marketing, security, fraud prevention, analytics, service improvement;
  • Compliance with Law: Processing required by law, regulation, or legal process;
  • User Consent: Processing based on explicit opt-in for specific purposes (e.g., marketing emails).

4. HOW WE USE INFORMATION

4.1 Service Delivery

We use Personal Data to:

  • Provide, maintain, and improve Services;
  • Create and manage user accounts;
  • Process payments and manage billing;
  • Deliver educational and advisory content;
  • Provide customer support and respond to inquiries;
  • Send transactional communications (e.g., account confirmations, service updates).

4.2 Analytics and Improvement

We use data (including de-identified information) to:

  • Analyze Platform usage patterns and trends;
  • Evaluate and enhance Platform features and Services;
  • Conduct research and product development;
  • Monitor Platform security and performance.

4.3 Marketing and Communications

With Users’ consent (where required by law), we may use Personal Data to:

  • Send promotional emails about new features, events, or Services;
  • Conduct surveys and request feedback;
  • Communicate important updates or policy changes.

Users may opt out of marketing communications at any time via the “unsubscribe” link in emails or by updating account preferences.

4.4 Legal Compliance and Safety

We may use Personal Data to:

  • Comply with laws, regulations, and legal processes;
  • Enforce these Terms and other agreements;
  • Protect the rights, property, and safety of Caryfy, Users, and the public;
  • Detect, investigate, and prevent fraud, abuse, and security incidents.

4.5 No Marketing Use of Sensitive Data

Caryfy does not use Protected Health Information (PHI) or sensitive Personal Data for marketing purposes. If any Client submits such data, Caryfy will process it only for the authorized business purpose and in compliance with applicable law (e.g., HIPAA, GDPR).

5. DISCLOSURE OF INFORMATION

5.1 Sub-Processors and Service Providers

Caryfy engages trusted third-party service providers to support Service delivery, including:

  • Cloud hosting and storage providers;
  • Payment processors and payment gateways;
  • Customer support platforms;
  • Email and communication services;
  • Analytics providers.

Each Sub-Processor is bound by written agreements requiring appropriate data protection and confidentiality obligations.

5.2 Affiliates

Caryfy may share Personal Data with Affiliates (e.g., Caryfy subsidiaries, related entities) solely to:

  • Provide and support Services;
  • Conduct joint marketing or business operations;
  • Consolidate business information for operational efficiency.

Affiliate access is restricted to necessary purposes and governed by data protection agreements.

5.3 Legal Disclosures

Caryfy may disclose Personal Data:

  • As required by law, regulation, legal process, or governmental authority;
  • To protect Caryfy’s legal rights and the terms of service;
  • To respond to claims of illegal activity;
  • To enforce these Terms and other agreements;
  • To protect the safety and security of Users and the public.

5.4 Business Transfers

If Caryfy is involved in a merger, acquisition, bankruptcy, or sale of substantially all assets, Personal Data may be transferred as part of that transaction. Users will be notified of any such change and any choices they may have regarding their data.

5.5 No Sale of Data

Caryfy does not sell Personal Data to third parties for their marketing purposes. Aggregated and de-identified data may be used for analytics and business intelligence without user consent.

5.6 User Consent and Direction

We may disclose Personal Data if a User authorizes or directs us to do so, or consents to disclosure.

6. SECURITY MEASURES

6.1 Technical and Organizational Safeguards

Caryfy implements industry-standard administrative, technical, and physical safeguards to protect Personal Data, including:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Access controls and user authentication;
  • Regular security assessments and penetration testing;
  • Firewalls and intrusion detection systems;
  • Employee training and confidentiality agreements;
  • Incident response and breach notification procedures.

6.2 Limitations

While Caryfy implements robust security measures, no system is 100% secure. Users acknowledge that:

  • Perfect security cannot be guaranteed;
  • Unauthorized access may occur despite safeguards;
  • Users are responsible for maintaining the confidentiality of account credentials.

7. DATA RETENTION AND DELETION

7.1 Retention Periods

Caryfy retains Personal Data only as long as necessary to fulfill the purposes described in this Policy or as required by law:

Account and Service Data:

  • Retained while the account is active and for thirty (30) days after account termination or deletion request;
  • Backup copies retained for an additional thirty (30) days for recovery purposes.

Communications and Support Data:

  • Retained for up to two (2) years for service improvement and compliance.

Payment and Billing Data:

  • Retained for at least seven (7) years to comply with financial and tax regulations.

Cookies and Usage Data:

  • Retained per the cookie policy (see Section 10).

7.2 Data Deletion and Export

Users may:

  • Export Data: Request downloadable copies of account data in standard formats (e.g., CSV, PDF);
  • Delete Account: Request account deletion, which will remove Personal Data within sixty (60) days, except for data legally required to be retained.

Requests should be submitted to privacy@carebusinessadvisor.com.

7.3 Legally Required Retention

Notwithstanding the above, Caryfy may retain Personal Data longer if required by:

  • Tax, accounting, or financial regulations;
  • Legal holds or litigation;
  • Law enforcement requests;
  • Other applicable legal obligations.

8. YOUR PRIVACY RIGHTS

8.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

Access: Right to request confirmation of whether we process your data and to receive a copy of such data.

Correction/Amendment: Right to request correction of inaccurate or incomplete Personal Data.

Deletion: Right to request deletion of Personal Data, subject to legal exceptions (e.g., data required for contractual or legal obligations).

Restriction: Right to request that we limit or restrict processing of your data.

Data Portability: Right to request and receive your data in a portable, machine-readable format.

Withdrawal of Consent: Right to withdraw previously provided consent at any time without affecting the lawfulness of prior processing.

Objection: Right to object to processing based on legitimate interests, direct marketing, or automated decision-making.

Appeal: Right to lodge a complaint with a relevant data protection authority.

8.2 GDPR-Specific Rights (EU Residents)

If you are a resident of the European Union, you have rights under the General Data Protection Regulation (GDPR), including those listed in Section 8.1. You also have the right to lodge a complaint with your local data protection authority.

8.3 CCPA-Specific Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to Know: What personal information we collect and how we use it;
  • Right to Delete: Request deletion of personal information;
  • Right to Opt-Out: Opt out of the “sale” or “sharing” of your personal information (note: Caryfy does not sell personal information);
  • Right to Correct: Request correction of inaccurate information;
  • Right to Limit: Limit our use and disclosure of your information;
  • Right to Non-Discrimination: Freedom from discrimination for exercising your rights.

8.4 Exercising Your Rights

To exercise any of the above rights, please submit a request in writing to:

Data Protection Officer

Email: privacy@carebusinessadvisor.com

Include:

  • Your name and email address;
  • The specific right you are exercising;
  • A description of your request;
  • Proof of identity (if required).

We will acknowledge requests within seven (7) calendar days and respond within thirty (30) calendar days (or as required by applicable law). If we cannot fully comply, we will explain the reasons and any exceptions.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies

The Platform uses:

  • Essential Cookies: Required for authentication and basic Platform functionality;
  • Analytics Cookies: Collect data on Platform usage and performance (Google Analytics);
  • Preference Cookies: Remember user preferences and settings;
  • Marketing Cookies: Track interactions for targeted advertising and remarketing (if applicable).

9.2 Cookie Management

Most browsers allow you to refuse or delete cookies. However, disabling cookies may affect Platform functionality. For more information, visit allaboutcookies.org.

To opt out of Google Analytics, visit: https://tools.google.com/dlpage/gaoptout

9.3 Do Not Track

Some browsers include a “Do Not Track” feature. The Platform does not currently respond to DNT signals, but you may use browser settings to limit tracking.

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Location

Personal Data may be stored or processed in the United States or other jurisdictions where Caryfy or its Sub-Processors maintain facilities. These jurisdictions may have data protection laws different from your home country.

10.2 Transfers from the EU/UK

When transferring Personal Data from the European Union or United Kingdom to the United States or other non-adequate jurisdictions, Caryfy relies on:

  • Standard Contractual Clauses (SCCs): Entered into with Sub-Processors to ensure adequate safeguards;
  • Other lawful transfer mechanisms: As approved by EU and UK authorities.

By using the Platform, you consent to such transfers, subject to applicable law.

11. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, applications, and services. Caryfy is not responsible for:

  • The privacy practices of third-party services;
  • The accuracy, legality, or security of third-party content;
  • Interactions or disputes with third parties.

Users’ use of third-party services is governed by those services’ terms and privacy policies. Please review them carefully.

12. CHILDREN’S PRIVACY

12.1 Age Restrictions

The Platform is not directed to individuals under thirteen (13) years old. Caryfy does not knowingly collect Personal Data from children under thirteen.

12.2 Data From Minors

If we become aware that we have collected Personal Data from a child under thirteen without parental consent, we will:

  • Cease processing immediately;
  • Delete such data promptly;
  • Notify the user or parent/guardian.

For minors aged thirteen to eighteen (18), parents or guardians should review this Policy and supervise their child’s use of the Platform.

13. BUSINESS ASSOCIATE RELATIONSHIP

13.1 When Applicable

If a User is a HIPAA Covered Entity or Business Associate and uses the Platform to process Protected Health Information (PHI), Caryfy will enter into a Business Associate Agreement (BAA) governing PHI handling, safeguards, and breach notification.

13.2 Compliance

Caryfy will comply with all applicable HIPAA requirements, including the Privacy Rule, Security Rule, and Breach Notification Rule (45 C.F.R. Parts 160 and 164).

14. CONTACT INFORMATION

For privacy inquiries, data subject requests, complaints, or other privacy-related matters, please contact:

Caryfy, LLC — Privacy Officer

Email: privacy@carebusinessadvisor.com

Governing Law: State of Georgia, USA

Data Protection Authority: [For EU/UK residents, contact your local data protection authority]

15. CHANGES TO THIS PRIVACY POLICY

Caryfy may update this Privacy Policy from time to time to reflect changes in our practices, technology, law, or other factors. Material changes will be:

  • Posted on the Platform with a new “Effective Date”;
  • Communicated via email to registered Users;
  • Noted on this page with a description of the change.

Continued use of the Platform after updates indicates your acceptance of the revised Policy. We encourage you to review this Policy periodically.