Política de Privacidad

Tu privacidad nos importa. Aprende cómo protegemos tus datos.

Última actualización: January 5, 2026

ABACare Inc. ("ABACare," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ABA therapy practice management platform, including our website, web application, and mobile applications (collectively, the "Service").

1. Introduction

ABACare provides a comprehensive practice management platform for Applied Behavior Analysis (ABA) therapy providers. Given the sensitive nature of healthcare data, we take privacy and data protection seriously. This policy applies to all users of our Service, including Organization Owners, BCBAs, Aides, and Parents.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Organization name and details
  • Role within the organization
  • Password (stored in encrypted form)
  • Billing information (for paid subscriptions)

2.2 Patient Data

Organizations using our Service may enter patient information, including:

  • Patient names and demographic information
  • Diagnostic information and assessments
  • Treatment plans, goals, and targets
  • Session notes and data collection records
  • Progress reports and analytics

Important: Patient data may constitute Protected Health Information (PHI) under HIPAA. See Section 4 for details on our HIPAA compliance measures.

2.3 Usage Data

We automatically collect certain information when you use the Service:

  • Device information (type, operating system, browser)
  • IP address and approximate location
  • Pages visited and features used
  • Time spent on the Service
  • Error logs and performance data

2.4 Communication Data

When you contact us for support or other inquiries, we collect the content of your communications and any information you choose to provide.

3. How We Use Information

We use the information we collect to:

  • Provide the Service: Enable you to manage your ABA therapy practice, including patient management, treatment planning, scheduling, and data collection
  • Maintain and Improve: Monitor performance, fix bugs, and develop new features
  • Communicate: Send service-related notifications, respond to inquiries, and provide customer support
  • Billing: Process payments and manage subscriptions
  • Security: Detect, prevent, and respond to security incidents and unauthorized access
  • Analytics: Understand how the Service is used to improve user experience (using aggregated, de-identified data)
  • Legal Compliance: Comply with applicable laws and regulations

4. HIPAA Compliance

4.1 Protected Health Information

ABACare is designed to support healthcare organizations that are subject to the Health Insurance Portability and Accountability Act (HIPAA). We understand that patient data entered into the Service may constitute Protected Health Information (PHI).

4.2 Business Associate Agreement

If you are a Covered Entity or Business Associate under HIPAA, we will enter into a Business Associate Agreement (BAA) with you upon request. The BAA governs our handling of PHI and supplements this Privacy Policy.

4.3 Security Measures

We implement administrative, technical, and physical safeguards designed to protect PHI, including:

  • Encryption of data at rest and in transit
  • Role-based access controls
  • Regular security assessments
  • Employee training on privacy and security

4.4 Your Responsibilities

As a user of the Service, you are responsible for ensuring that your use complies with HIPAA requirements, including obtaining necessary patient authorizations and implementing appropriate policies within your organization.

5. Data Sharing

We do not sell your personal information. We may share information as follows:

5.1 Service Providers

We work with third-party service providers who assist us in operating the Service, including:

  • Cloud hosting providers (data storage and processing)
  • Payment processors (billing and subscription management)
  • Email service providers (transactional emails)
  • Analytics providers (aggregated usage analytics)

These providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Within Your Organization

Information you enter into the Service is accessible to authorized users within your organization based on their role and permissions. Organization Owners control user access and permissions.

5.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government requests
  • Protection of rights, property, or safety
  • Investigation of potential violations of our Terms

5.4 Business Transfers

If ABACare is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. Data Security

We implement comprehensive security measures to protect your information, including:

  • Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
  • Access Controls: Role-based access ensures users only see data they are authorized to access
  • Multi-Tenant Isolation: Each organization's data is logically isolated from other organizations
  • Authentication: Secure password requirements and session management
  • Monitoring: Continuous monitoring for security threats and anomalies
  • Backups: Regular encrypted backups with secure storage

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain your information as follows:

  • Active Accounts: We retain your data for as long as your account is active
  • After Termination: Following account termination, we retain data for 30 days to allow for data export, after which it may be permanently deleted
  • Legal Requirements: We may retain certain information longer if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements)
  • Backups: Backup copies may persist for a reasonable period according to our backup retention schedule

Healthcare organizations should consider their own record retention requirements under applicable laws and regulations.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You can access your account information through the Service. Organization Owners can export organization data.

8.2 Correction

You can update your account information through the Service. Contact us if you need assistance correcting information.

8.3 Deletion

You can request deletion of your account and associated data by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

8.4 Opt-Out

You can opt out of marketing communications by following the unsubscribe instructions in emails or contacting us. Note that you cannot opt out of service-related communications.

8.5 California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion.

9. Children's Privacy

The Service is designed for use by healthcare professionals and is not intended for direct use by children under 13. We do not knowingly collect personal information directly from children under 13.

Patient data for minors is entered and managed by authorized healthcare professionals and parents/guardians within the context of ABA therapy services. This data is subject to the same privacy protections as all patient data and is handled in accordance with applicable laws, including HIPAA and COPPA where applicable.

10. International Data Transfers

ABACare is based in Romania. Your data is primarily stored and processed within the EU/EEA.

If data needs to be transferred outside the EU/EEA (for example, to service providers), we ensure appropriate safeguards are in place.

By using the Service, you acknowledge that your information may be processed in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending email notification for significant changes (to the email associated with your account)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

ABACare Inc.

Privacy Team

Email: [email protected]

For HIPAA-related inquiries or to request a Business Associate Agreement, please contact us at the email address above.