top of page
Copy of Carium Gradient Background.png

Privacy Policy

We support healthcare providers in patient-centered digital enablement, step-by-step.


About Our Privacy Policy


Connections to Other Services


Types of Data We Collect


How We Keep Your Data Secure

About Privacy Policy

About Our Privacy Policy

Protecting Your Privacy

Privacy and trust are at the core of everything we do at Carium. We protect the privacy of the information that we collect, receive, or store for you. We use this information to provide services to you and others who support your health journey.  Learn More.

Communications & Opt-Out

We may send you communications about Carium’s services, offerings, or other topics. You can unsubscribe from these communications by following a link in the email or emailing us. Learn More.

Types of Data Collected

Types of Data We Collect

Information About You

Carium collects information and data about you so that you and members of your care team can better understand your health and get to know you. We collect “personal” and “non-personal” information both through interactions with you and passively in the background through your use of or access to our services. Subject to our legal obligations, you may request that Carium remove your information from our servers at any time. Learn More.


Personal Information 

Personal information is information about you that can be easily connected to you. It may include your name, address, email address, health records or history, birth date, and location. Your Personal information helps Carium to customize its services or may be used or shared through your use of the services. Learn More.


Non-Personal Information

Non-personal information covers a wide array of information that is much harder to connect to you. A lot of non-personal information is made up of web browsing or device information or activities that are collected automatically as you use your phone. Learn More.

Connections to Other Services

Connections to other Services

Be Aware

Carium’s website and services provide links to outside (“third-party”) websites or services.  If you go to any third-party site, the terms of their privacy policies — not ours — apply.  Carium may change the terms of this Privacy Policy at any time, but we will let you know if we do. You can also contact us by email or regular mail to ask questions or ask to remove your data. Learn More.

How We Keep Data Secure

How We Keep Your Data Secure

Technical Security

Carium uses industry-standard or above security protections in place to protect your information. We evaluate technical security issues on an ongoing basis, and make adjustments when appropriate. Learn More.


Laws that Apply

Carium follows privacy and security laws and regulations that apply to its operations, including the HIPAA. Carium’s services are intended for use only in the United States, and Carium does not currently have policies in place to comply with European privacy protections. Learn More.

Full Privacy Policy
What Informatin is Collected
Personal and Business Info
Non-Personal Info

Full Privacy Policy

This Privacy Policy sets out the privacy practices and policies of Carium®, Inc. (“Carium”, “our”, “we” and “us”) in connection with information, data, documentation, and any other materials relating to or about you (the “Content”), collected, stored, transmitted or maintained by you or Carium in connection with your use of or interaction with any website maintained or operated by Carium (the “Website”) and our services delivered through mobile, web, or other applications (the “Platform” together with the Website, the “Services”).


As our business changes, this Privacy Policy will also evolve.  To reflect our evolution, Carium may change this Privacy Policy at any time and without advance notice.  If you use any of the Services, you should check the Website or the Platform periodically for changes to this Privacy Policy.  Carium will use reasonable efforts to post a notice when changes are made, but may not always be able to post a notice.  If you continue to use the Services, your continued use will represent your acceptance of any changes that we may make, whether or not we were able to post an advance notice about the changes.


This Privacy Policy does not apply to your Content when it is in your possession, nor does this Privacy Policy cover your Content that may be displayed or visible on any device that you use to access the Services.


What Information Does Carium Collect and How are the Data Used?


Carium collects only the types of Personal and Non-Personal Information described below that are necessary for our legitimate business purposes, and we maintain appropriate safeguards to ensure the security, integrity, and privacy of this information.


Carium will retain your Content, Personal Information, and Non-Personal Information for as long as you use the Services and/or until you ask for your Content to be deleted.  While we will do our best to honor a request for deletion, we may be required to retain and use your Content as necessary to comply with legal, regulatory, and contractual obligations applicable to our operations, to resolve disputes, and to enforce our agreements.  For example, regulations may require us to retain healthcare related information for a specified period of time, or if we are holding information on behalf of your healthcare team’s organization that we contract with, then we may be required to comply with that organization’s retention requirements or the terms of our contract with the organization.  You acknowledge that when your Content and/or Personal Information is provided to third parties it is outside of Carium’s control and will be subject to each applicable third party’s policies covering privacy and use.


Personal and Business Information


When you use the Services, we may collect what is broadly called “personally identifiable information,” or “Personal Information.”  Personal Information is information that specifically identifies you.  Examples of Personal Information include name, email address, mailing address, phone number, date of birth, geographic area when any such information is linked to information that identifies a specific individual, gender, birthday, health history, health related data or recordings, and health records.  The Personal Information collected may also include “Protected Health Information” as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as each may be amended from time to time (“HIPAA”).  We will use Protected Health Information only as permitted by HIPAA, as our contract with your healthcare team’s organization allows, and/or as explained in this Privacy Policy.


The Platform may utilize GPS technology, IP address, other sensors such as nearby devices, Wi-Fi access points or cell towers, or other similar geolocation technology in order to determine your current location, if enabled or necessary for use of the Services.


Carium’s Platform may collect certain information automatically, including but not limited to: (i) the type of mobile device that you use, (ii) the unique device identification number of your mobile device, (iii) your mobile device’s IP address, (iv) the type of operating system running in your mobile device, (v) the type of internet browser that you utilize, (vi) information about your usage of the Platform, and (vii) identifying information about other devices that you connect to the Platform.


We may use the Content, Personal Information, and/or Non-Personal Information to (i) provide the Services to you, which includes providing the Content, Personal Information, and/or Non-Personal Information to your healthcare team and its organization as applicable, (ii) personalize your use of the Services, (iii) provide you with personalized analyses of your Content, (iv) communicate with you and respond to your requests, and related activities, (v) develop and deliver more impactful analyses by aggregating with other data, (vi) conduct research, (vii) improve or enhance the Services, and (viii) fulfill our contractual obligations to your healthcare team’s organization.  In engaging in any of the described uses, we may de-identify your Content, Personal Information, or Non-Personal Information.  To the extent that we may send promotional communication, you can opt-out of receiving promotional communications by following the unsubscribe instructions contained in a promotional communication.


By submitting your Content and Personal Information to us and by using the Services, you consent to our use of your Content and Personal Information as described in this Privacy Policy.  If you do not consent, you should not register with Carium and you should not use the Services.  Ultimately, we respect that you own, control, and determine how to share your Content and Personal Information.


Non-Personal Information


Certain Non-Personal Information about site visits is recorded by the standard operation of the Website, including but not limited to (i) IP address, (ii) domain server, (iii) type of device(s) used to access the Services, (iv) web browser(s) used to access the Services, (v) referring webpage or other source through which you accessed the Services, (vi) geolocation information, and (vii) other statistics and information associated with the interaction between your browser or device and the Services.  Non-personally identifiable information may be used to improve the design and content of the Services or to personalize your experience. 


Additional types of Non-Personal Information that we do or may collect are:




Carium may use cookies on its Website to make your experience easy and meaningful.  Cookies can also enable certain technical operations.  Cookies are files that web browsers place in a device’s memory and are used to tell us whether users and visitors have previously visited our Site.  Cookies can come in two general categories: (i) first party cookies that are served directly by Carium to your device or (ii) third party cookies that are served to your device by a third party on our behalf.  You may be able to refuse cookies in the settings of your web browser, but it is possible that certain features of the Service may not work if you delete or disable cookies or other tracking tools.  Usage of a cookie is not linked to any personally identifiable information while on the Website.


Social Media Cookies


These cookies are used when you use a social media sharing button or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter, or LinkedIn.  The social network will record that you have taken this action.  This information may be linked to targeting and/or advertising activities.


Web Beacons


“Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, newsletters, or special promotions that we send you.  The information collected by Web Beacons allows us to analyze how many people are using the Services, opening our emails, and for what purpose, and also allows us to make enhancements.


Website Analytics


We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity, and text that you type into the Site.  These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services.  We may use Google Analytics to provide such analytics services.  To the extent that we use Google Analytics and you would like to opt out of tracking by Google Analytics, you can do that here.


Mobile Device Identifiers


Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it.  Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and non-personally identifiable information.  Mobile device identifiers help Carium learn more about our users’ demographics and internet behaviors.


Log Files


Like many standard website servers, our web servers use log files.  Log files include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.  Log files are used to analyze trends, administer the site, track aggregated users' movement and gather broad demographic information.  The information collected through the log files is not linked to personally identifiable information.




We may collect your real-time geographic location in order to present relevant information from third parties with whom you may have authorized a connection.  If your location is collected and used to push content, the location information will not specifically identify you.  


Is Content Shared With Third Parties?


Carium shares your Content, Personal Information, and Non-Personal Information with your healthcare team and your healthcare team’s organization who sponsor your access to the Services (the “Sponsor”).  Through the Services, your Sponsor can view, send, and/or receive your Content and interact with you by utilizing various components of the Service.  You acknowledge that your Sponsor may integrate your Content, Personal Information, and/or Non-Personal Information into its records about you and any such integration will be subject to the Sponsor’s policies, including on privacy and use.


We may release your Content when we believe release is appropriate to (i) comply with applicable laws; (ii) enforce an agreement with Carium; or (iii) protect the rights, property, or safety of Carium, our users, or others.  A potential use may include exchanging Content, Personal Information, and/or Non-Personal Information with other companies and organizations for fraud protection.  Even though we will release your Content when required, we will evaluate each request and take reasonable steps to block a request that seeks sensitive information or could be used for purposes detrimental to you.


Carium does not sell your Content or Personal Information (whether or not de-identified) to any third parties, except as may be consented to or directed by you or as clearly set forth in this Privacy Policy, or other terms governing use of the Services.  If we use any subcontractors, each subcontractor that may be given access to your Content will be contractually obligated to maintain the confidentiality and privacy of all Content accessed, used, or stored.


As we continue to develop our business, we might sell or buy assets or engage in other strategic transactions. In such transactions, your Content may be transferred to: (i) a parent or subsidiary; (ii) an acquirer of our assets or equity; or (iii) a successor by merger.




We implement industry standard security measures to help protect against the loss, misuse, and/or alteration of the data under our control.  The security measures include system and network components, and application components.  When the Website is accessed using a compatible internet browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data are safe, secure, and available only to you.


Although we make good faith efforts to store data under our control in a secure operating environment that is not open to the public, we do not and cannot absolutely guarantee the security of your data.  If we become aware that your data have been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted or required by law.  Our notification could also be delayed by our contractual obligations.


Communications from Carium


Users who have provided contact information may occasionally receive email updates or information from Carium.  In order to respect our customers’ privacy, we present the option to decline these types of communications.  


If you provide your cellphone number, you also consent to receive text messages from Carium, which may include messages sent on behalf of your healthcare team or your healthcare team’s organization.  You may choose not to receive text messages even if you previously provided your cellphone number because it is not necessary to accept text messages to use the Services.  Text and data rates from your mobile carrier may apply when you agree to receive text messages and you should check your mobile plan or with your carrier to confirm the rates if you have any questions.  If necessary, we might share your cellphone number with a third party service provider solely to enable the sending of the text message.  We will not share your cellphone number with a third party for marketing purposes without getting your consent first.




Users who no longer wish to receive e-mail communications or other information from Carium may opt-out of receiving these communications by emailing us at using "unsubscribe" in the subject line or following the “unsubscribe” link in an email.  Users who longer wish to receive text messages can text STOP in response to any text message or email us at with a request to no longer receive text messages.


Removal or Modification


If you would like us to remove and/or modify your Personal Information and/or Non-Personal Information, you may make such request by sending an e-mail to or selecting the appropriate option in the Platform.  If you request deletion of your account, we may retain some information in our records after deletion of your account, including but not limited to any information or records that we are legally obligated to retain.  For a more complete explanation of potential retention requirements, please go back to the “What Information Does Carium Collect and How are the Data Used?” section in this Privacy Policy .  If you request modification of your information, we will review your request and determine if modification is required or permissible.  Additionally, it may be possible for you to modify your own information by logging into your account.  We will process your request within a reasonable time, if the request is for an action that we control.  


HIPAA Compliance


To the extent Carium and any of the Services are subject to any requirements of the Health Insurance Portability and Accountability Act and its implementing regulations, as all may be amended from time to time (“HIPAA”), we comply with those HIPAA requirements.  However, not every circumstance or use relating to the Services or our operations is subject to HIPAA.  Even where HIPAA does not apply, we abide by the terms of this Privacy Policy and respect your rights.


Children’s Privacy


Except as set out in the Terms of Use, do not use or access any part of the Services if you are under 18 years of age.  If you are a parent or guardian and discover that your child under 18 years of age has created an account on the Service, then you may alert us at, and we can take action to prevent access, unless you authorize use of the Service by the minor in one of the ways allowed by the Terms of Use. 


International Visitors


The Service is hosted in the United States and intended for use solely by individuals in the United States.  Carium does not currently direct its service outside of the United States and is not monitoring where you might be located.  If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.  Unless specifically stated, Carium does not direct the Services into any country outside of the United States. 


Links to Third Party Websites


The Website contains links to other sites.  Please be aware that Carium is not responsible for the privacy practices of any other website or the policies, content, and practices of other websites.  To the extent you visit a third-party site accessible through this Services, we encourage you to read the privacy policies of each and every website as those third-party privacy policies govern the collection and use of information provided when visiting those sites.  This Privacy Policy applies solely to information collected by the Services. 


Changes to this Privacy Policy


From time to time, we may change the terms of this Privacy Policy.  We will use reasonable efforts to notify you of changes by posting updated text in the Services.  Your continued use of the Services after any revisions are made, whether we are able to provide advance notification or not, constitutes your acceptance of those changes.  To ensure that you are aware of current privacy practices, we recommend that you check this site periodically.  


Contact Information


Any questions, comments or concerns regarding our Privacy Policy should be directed to the Privacy Officer by emailing questions to or by regular mail addressed to:


201 1st Street

Suite 211 

Petaluma, CA 94952

Attn: Privacy Officer


Effective Date: June 27, 2018

Updated: October 15, 2018

Updated: January 11, 2019

Updated: June 1, 2019

Updated: July 26, 2019

Updated: June 30, 2020

Updated: July 25, 2022

HIPAA Compliance
Links to Third Party Sites
bottom of page