Privacy Policy

CareX AI, Inc. ("CareX.ai," "we," "our," or "us") respects your privacy. This Privacy Policy describes how we collect, use, and protect information when you use the CareX.ai mobile application ("App").

Last Updated: 2026-02-02

1. Who We Are

CareX AI, Inc.
228 Hamilton Avenue, 3rd Floor
Palo Alto, CA 94301, USA

We build smartphone-based wellness tools that measure certain vital signs through the phone's front-facing camera and, when available, a BLE pulse oximeter.

2. Information We Collect

We designed CareX.ai to collect as little information as possible.

No personal identifiers: We do not ask for your name, email address, phone number, or login credentials.
No device or tracking data: We do not collect IP addresses, GPS location, browsing history, or device identifiers.
Vital sign signals only: The only data we process are camera-derived and sensor-derived signals used to estimate your vital signs.

Clarification: Camera / Face Data Used to Generate Vital Sign Signals

During a measurement session, the App accesses the device's front-facing camera to capture live video frames of your face in order to compute physiological signal features for vital sign estimation.

To locate the appropriate skin regions, the App may perform on-device face detection and/or facial landmark predictions to define and track regions of interest (ROIs) (for example, cheeks and forehead).

We do not store facial landmarks or face detection outputs. These are used transiently during the measurement session and discarded immediately after ROI placement/tracking.
We do not include face video frames, facial landmarks, or face detection outputs in debug logs, crash reports, or video/frame dumps.
We do not perform face recognition and we do not create or store a biometric identifier such as a face template, facial embedding, or "faceprint."

Clarification: Pulse Oximeter (PPG) Data (If Used)

If you connect a compatible pulse oximeter, the App may collect physiological sensor data such as: PPG waveform, pulse rate, SpO₂.

3. How Your Data Is Used

Spot-check measurements: We estimate your vital signs by processing derived feature signals on our servers. Only derived feature signals are transmitted to the server.
Result display: You can view your current and past measurements in the app.
Provider access: Results are securely transmitted to your healthcare provider at UCSF through its HIPAA-compliant JHE platform.
No commercial use: We do not sell, rent, or share your information with advertisers or other third parties.

4. Data Storage & Retention

No intermediate storage: We do not keep temporary logs or cached files beyond what is necessary for immediate processing.
Retention: Results remain available until you delete them or UCSF deletes them through its platform.
Deletion: If you delete a result, it is removed from our systems and UCSF's records according to UCSF's policies.

5. Security

We use Amazon Web Services (AWS) configured under HIPAA compliance to process signals. All transmissions are encrypted in transit and at rest.

6. Your Rights (California Residents)

As a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA):

Right to know what data we process.
Right to access your results through the app.
Right to request deletion of your results.
Right to opt out of any sale of personal information (note: we do not sell personal information).

Requests can be sent to info@carex.ai.

7. Children's Privacy

CareX.ai is not directed at children under 13. If you are under 13, please do not use the App.

8. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Updates will be posted within the App and on our website with a new "Last Updated" date.