# Privacy Policy **GuardianOx — guardianox.com** **Last Updated:** March 17, 2026 --- ## 1. Introduction GuardianOx ("we," "us," or "our") provides an AI-powered scheduling and communication platform for home care agencies. This Privacy Policy explains how we collect, use, protect, and share information when you use our services at guardianox.com and through our platform. We are committed to protecting the privacy of our clients, their caregivers, and the individuals they serve. This policy applies to all users of our platform, including agency administrators, caregivers, and family members who receive communications through our service. --- ## 2. Information We Collect ### 2.1 Account and Agency Information - Agency name and business contact information - Administrator names and email addresses - Billing information (processed through our payment provider) ### 2.2 Scheduling Data - Caregiver names and availability - Shift schedules, assignments, and changes - Client (patient) names associated with scheduled shifts - Scheduling preferences and constraints ### 2.3 Communication Data - Caregiver phone numbers (for SMS notifications) - Family member phone numbers (for family communication features) - SMS message content sent through our platform - Communication preferences and opt-in/opt-out status ### 2.4 Platform Usage Data - API access logs (timestamp, action performed) - Feature usage patterns - Error logs for troubleshooting --- ## 3. Information We Do NOT Collect or Store GuardianOx is a scheduling and communication tool. We do not collect, store, or process: - Clinical or medical records - Patient diagnoses or conditions - Medication information or treatment plans - Insurance or billing codes - Social Security numbers - Detailed health assessments or care plans Our platform is intentionally designed to minimize the scope of sensitive data we handle. We operate on a data minimization principle: we collect only what is necessary to provide scheduling and communication services. --- ## 4. How We Use Information We use the information we collect for the following purposes: - **Shift Scheduling:** Creating, managing, and communicating caregiver shift assignments - **SMS Communication:** Sending shift notifications to caregivers and updates to family members - **AI-Powered Assistance:** Using our AI system to optimize scheduling suggestions and generate communication summaries - **Reporting:** Providing agencies with operational reports on scheduling patterns and communication activity - **Service Improvement:** Analyzing aggregate usage patterns to improve our platform - **Support:** Responding to client inquiries and troubleshooting issues --- ## 5. How We Protect Information ### 5.1 Encryption in Transit All data transmitted between your systems and GuardianOx is encrypted using HTTPS with TLS 1.2 or higher. API communications are secured with the same standard. ### 5.2 Encryption at Rest Data stored in our systems, including our Redis data store, is encrypted at rest. ### 5.3 Access Controls - All API access requires authentication via API keys - Access is limited to authorized agency personnel - Internal access to production systems is restricted to essential personnel ### 5.4 Audit Logging All API calls are logged with timestamp, actor identity, and action performed. These logs are maintained for security monitoring and incident investigation. ### 5.5 Infrastructure Security Our platform is hosted on infrastructure with industry-standard security controls, including network isolation, regular patching, and monitoring. --- ## 6. Third-Party Services GuardianOx uses the following third-party services: ### 6.1 Twilio (SMS Delivery) We use Twilio to send and receive SMS messages. Twilio processes phone numbers and message content as necessary to deliver messages. Twilio's privacy practices are governed by their own privacy policy. Twilio is a HIPAA-eligible service, and we maintain a BAA with Twilio. ### 6.2 Groq (AI Processing) We use Groq's infrastructure for AI-powered scheduling assistance and communication generation. **No PHI is shared with Groq.** Prompts sent to Groq's AI models are constructed to contain only the operational context needed for scheduling and communication tasks, without individually identifiable health information. ### 6.3 Payment Processing Payment information is processed by our payment provider and is not stored on GuardianOx systems. We do not sell, rent, or trade any personal information or data to third parties. --- ## 7. Data Retention and Deletion ### 7.1 Active Accounts While an agency's account is active, we retain data necessary to provide our services, including scheduling history and communication logs. ### 7.2 Account Termination Upon termination of service, agencies may request deletion of their data. Upon receiving a written deletion request: - Active scheduling data is deleted within 30 days - Communication logs are deleted within 30 days - Backup copies are purged within 90 days - Audit logs may be retained for up to 12 months for compliance purposes ### 7.3 Data Export Agencies may request an export of their data at any time by contacting us. We will provide the data in a standard, machine-readable format within 30 days of the request. --- ## 8. Data Ownership All scheduling data, communication records, and other operational data entered into or generated through the GuardianOx platform remains the property of the subscribing agency. GuardianOx acts as a data processor on behalf of the agency. --- ## 9. HIPAA Compliance GuardianOx operates as a Business Associate under HIPAA when handling information that may constitute Protected Health Information. We enter into Business Associate Agreements with each client agency and maintain safeguards consistent with HIPAA Security Rule requirements. --- ## 10. Changes to This Policy We may update this Privacy Policy from time to time. When we make material changes, we will notify active clients via email at least 30 days before the changes take effect. The "Last Updated" date at the top of this policy reflects the most recent revision. --- ## 11. Your Rights and Choices ### 11.1 SMS Opt-Out Caregivers and family members may opt out of SMS communications at any time by replying STOP to any message received from GuardianOx. ### 11.2 Data Access Agency administrators may access and review all data associated with their account through the platform dashboard or by contacting us directly. ### 11.3 Data Correction If any information in our system is inaccurate, agencies may correct it through the platform or by contacting us. --- ## 12. Contact Us For questions about this Privacy Policy, data practices, or to exercise any data rights: **GuardianOx** Email: hello@guardianox.com Website: guardianox.com For HIPAA-related inquiries or to report a potential data concern, contact us at hello@guardianox.com with the subject line "Privacy Inquiry."