Privacy Policy

CareSync is operated by CareSync B.V. (“CareSync”, “we”, “us”), based in the Netherlands. We are the data controller for the personal data processed through the CareSync service at care-sync.nl.

For any privacy question or request, contact us at support@care-sync.nl.

We keep data collection to what we need to run the service:

• Account data: your email address and authentication details (passwords are hashed by our authentication provider — we never see them in plain text).
• Family & care data: the family name, care logs, appointments and notes you and your family members enter.
• Documents: any files you choose to upload to your family's document storage.
• Billing data: handled by Stripe. We store only a Stripe customer reference and your subscription status — never your full card number.
• Technical data: essential cookies that keep you signed in, and basic server logs used for security and reliability.

Care notes you record may include health information about your loved one. You decide what to write and who to invite into your family workspace. Please only record what is necessary and only invite people who should have access. CareSync is a coordination tool, not a medical record.

• To provide and operate the CareSync service and keep your family in sync.
• To authenticate you and secure your account.
• To process subscriptions and payments (via Stripe).
• To maintain, protect and improve the service.
• To send you essential service messages (we do not send marketing without your consent).

We process personal data on the following legal bases: performance of our contract with you (to provide the service); our legitimate interests (to secure and improve CareSync); your consent (where we ask for it); and compliance with legal obligations (such as keeping billing records).

We do not sell your personal data. We share it only with the service providers we rely on to run CareSync, under appropriate data-processing agreements:

• Supabase — database, authentication and file storage.
• Stripe — subscription payments.
• Cloudflare — content delivery and TLS/HTTPS.

We may also disclose data where required by law.

Some of our providers may process data outside the European Economic Area. Where they do, the transfer is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

We keep your data for as long as your account is active. If you delete your account, we delete or anonymise your personal data, except where we must retain certain records (for example, billing records) to meet legal obligations.

Under the GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, and the right to data portability. You may also withdraw consent at any time.

To exercise any of these rights, email support@care-sync.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

CareSync uses only essential cookies needed to keep you securely signed in. We do not use advertising or third-party tracking cookies.

CareSync is intended for adults coordinating care. It is not directed to children under 16, and we do not knowingly create accounts for them.

We may update this policy from time to time. When we do, we'll revise the “Last updated” date above and, where appropriate, let you know in the app.