Effective date: May 2026

Company: BehaCare

At BehaCare, we are committed to protecting the privacy and security of the personal and health information of our users. This Privacy Policy describes how we collect, use, share, and protect your information when you use our telehealth services specialized in behavioral health and dementia.

By using our website and services, you agree to the practices described in this policy. If you disagree with any part of this policy, we ask that you do not use our services.

1. Information We Collect

We collect different types of information to provide you with our telehealth services effectively and securely:

Personal Information

  • Full name
  • Email address
  • Phone number
  • Relationship to the patient (family member, professional caregiver, etc.)
  • Residential address (state, to verify service coverage)

Health Information

  • Behavioral observations shared during consultations
  • Relevant medical history provided by the user or caregiver
  • Previous diagnoses related to dementia or other neurocognitive conditions
  • Current medications, when relevant to the behavioral assessment
  • Consultation notes and behavioral intervention plans

Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited on our website and time spent
  • Referral source (how you found our site)

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience. Cookies help us understand how you interact with our site, remember your preferences, and improve our services. You can configure your browser to reject cookies, although this may affect the functionality of some parts of the site.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Providing telehealth services: delivering behavioral assessments, family guidance, and caregiver support through our virtual consultations.
  • Appointment communications: sending confirmations, reminders, and follow-ups related to your scheduled consultations.
  • Service improvement: analyzing usage patterns to improve the quality of our services, user experience, and website content.
  • Legal compliance: complying with applicable laws and regulations, including HIPAA regulations and state and federal health data protection laws.
  • Sending relevant resources: with your prior consent, sending you articles, guides, and educational resources related to behavioral management of dementia and caregiver support.
  • Responding to inquiries: addressing your questions, requests, and comments received through our contact forms, email, or WhatsApp.

3. Legal Basis for Processing

We process your information based on the following legal bases:

  • Consent: when you voluntarily provide your information by requesting our services, completing contact forms, or subscribing to our educational resources.
  • Legitimate interest: to improve our services, ensure the security of our platform, and communicate with you about matters related to your care.
  • Legal obligations: to comply with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), Department of Health and Human Services (HHS) regulations, and state health data protection laws.

4. Health Information Protection (HIPAA)

As a telehealth provider in the behavioral health field, BehaCare complies with the Health Insurance Portability and Accountability Act (HIPAA) and its associated regulations. This means that:

  • Protected Health Information (PHI) protection: all health information you share with us during consultations is classified as PHI and receives the highest level of protection under federal law.
  • Minimum necessary standard: we only access, use, and share the minimum amount of health information necessary to fulfill the specific purpose of each interaction.
  • Business Associate Agreements (BAA): all third-party service providers with access to protected health information are required to sign Business Associate Agreements ensuring their compliance with HIPAA standards.
  • Data encryption: all health information is transmitted and stored using enterprise-level encryption protocols, both in transit and at rest.
  • Incident notification: in the unlikely event of a data breach affecting your health information, we will notify you within the timeframes established by law.

5. Information Sharing

BehaCare does not sell, rent, or trade your personal or health information to third parties under any circumstances.

We may share your information only in the following situations:

  • Service providers: we share limited information with service providers that help us operate our platform, including:
    • Calendly (appointment scheduling)
    • Formsubmit.co (contact form processing)
    • Video conferencing platform (virtual consultations)
    These providers operate under strict contractual agreements and, when handling PHI, under Business Associate Agreements (BAA).
  • Legal requirements: when required by law, court order, subpoena, or other valid legal process.
  • Emergency situations: when necessary to prevent a serious and imminent threat to the health or safety of a person, in accordance with exceptions permitted by HIPAA.
  • With your consent: in any other situation, we will only share your information with your express written authorization.

6. Your Rights

As a user of our services, you have the following rights regarding your personal and health information:

  • Right of access: you may request a copy of the personal and health information we hold about you.
  • Right to correction: you may request the correction of any inaccurate or incomplete information.
  • Right to deletion: you may request the deletion of your personal information, subject to legal obligations for health record retention.
  • Right to portability: you may request that your information be transferred to another service provider in a structured and commonly used format.
  • Right to withdraw consent: you may withdraw your consent for the processing of your information at any time, without affecting the lawfulness of processing carried out previously.
  • Right to file a complaint: if you believe your privacy rights have been violated, you may file a complaint with the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services.

To exercise any of these rights, contact us through the means indicated in the Contact section at the end of this policy.

7. Data Security

We implement technical, administrative, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: we use SSL/TLS encryption to protect information transmitted between your device and our servers, as well as AES-256 encryption for stored data.
  • Secure platforms: our telehealth consultations are conducted through video conferencing platforms that meet HIPAA security standards.
  • Access controls: access to health information is restricted exclusively to authorized personnel who need that information for service delivery.
  • Security reviews: we conduct periodic assessments of our security practices and update our protocols as necessary to maintain the highest standards of protection.

Although we strive to protect your information, no data transmission or storage system is completely secure. If you have reason to believe your information has been compromised, contact us immediately.

8. Data Retention

We retain your information according to the following criteria:

  • Health records: we retain health records in accordance with applicable state and federal requirements, with a minimum retention period of seven (7) years from the last date of service, or as required by the applicable state legislation if the period is longer.
  • Non-health personal information: we retain this information as long as it is necessary for the purposes for which it was collected, or as required by our legal obligations.
  • Technical and cookie data: this data is retained for a maximum period of twenty-four (24) months and is deleted or anonymized at the end of that period.

Once information is no longer needed and there is no legal obligation to retain it, it will be securely deleted or irreversibly anonymized.

9. Third-Party Services

Our website and services use the following third-party tools and platforms:

  • Calendly: we use Calendly for scheduling appointments and consultations. When booking an appointment, your basic contact information is processed by Calendly in accordance with their own privacy policy.
  • Formsubmit.co: our contact form uses Formsubmit.co to process and deliver messages sent through the website.
  • WhatsApp: we offer communication through WhatsApp as a messaging channel. Messages sent through this channel are subject to WhatsApp's (Meta Platforms) privacy policies.
  • Video conferencing platform: telehealth consultations are conducted through a video conferencing platform that meets HIPAA requirements, with end-to-end encryption.

We recommend reviewing the privacy policies of these third-party services to understand how they handle your information. BehaCare is not responsible for the privacy practices of these external providers.

10. Minors

BehaCare services are not directed to individuals under eighteen (18) years of age. We do not intentionally collect personal information from minors. If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information, contact us immediately so that we can take the necessary steps to delete that information from our systems.

11. Changes to This Policy

BehaCare reserves the right to update or modify this Privacy Policy at any time. When we make significant changes, we will notify you through:

  • A prominent notice on our website
  • An email to the address we have on file, when applicable

The date of the last update will be reflected at the beginning of this policy. We recommend reviewing this page periodically to stay informed about how we protect your information.

12. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal and health information, you can contact us through the following means:

We are committed to responding to all privacy-related requests within a reasonable timeframe and in accordance with the deadlines established by applicable legislation.