Washington State Residents
This Consumer Health Data Privacy Policy (“Washington Policy”) supplements our general Privacy Policy and applies specifically to “consumer health data” (as defined under the Washington My Health My Data Act, RCW 19.373) of Washington State residents. If you are not a Washington resident, the general Privacy Policy governs our handling of your information.
Important: Care Planning Pro is not HIPAA compliant and is not designed for the storage or handling of Protected Health Information. Users should not enter sensitive health information into the Service. This policy describes how we handle consumer health data in the event that it is entered into the Service notwithstanding that limitation.
1. Who We Are
Care Planning Pro, LLC (“CPP,” “we,” “us,” or “our”) operates Care Planning Pro, a digital platform that helps families and professionals organize care-related information.
Care Planning Pro, LLC
300 Colonial Center Parkway, Suite 100
Roswell, GA 30076
United States
2. What Is Consumer Health Data
Under the Washington My Health My Data Act, “consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This includes, but is not limited to:
- individual health conditions, treatments, diseases, or diagnoses
- social, psychological, behavioral, and medical interventions
- health-related surgeries or procedures
- use or purchase of prescribed medication
- bodily functions, vital signs, symptoms, or measurements of the information described above
- diagnoses or diagnostic testing, treatment, or medication
- gender-affirming care information
- reproductive or sexual health information
- biometric data
- genetic data
- precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies
- data that identifies a consumer seeking health care services
- any information a regulated entity or small business, or their respective processor, processes to associate or identify a consumer with the data described above
3. Categories of Consumer Health Data We May Collect
Care Planning Pro is designed for general care coordination, not for the collection of consumer health data. However, because users may choose to enter health-related information into care profiles, we may receive the following categories of consumer health data from Washington residents who use the Service:
- Individual health conditions, diagnoses, or medical history entered by users
- Medications, dosages, and prescription information entered by users
- Provider names, appointments, and treatment information entered by users
- Symptoms, vital signs, or health observations entered by users
- Care-related notes, schedules, or journal entries entered by users
- Uploaded documents that may contain health information (e.g., medical records, care plans, legal documents referencing health status)
We do not collect biometric data, genetic data, or precise geolocation data. We do not use the Service to identify consumers seeking reproductive or gender-affirming care.
4. Sources of Consumer Health Data
Consumer health data in the Service comes from:
- Users who enter information directly into their accounts
- Users who upload documents containing health-related content
- Users who share care profiles with other users (who may then view or contribute information)
We do not acquire consumer health data from data brokers, public records, or third-party sources.
5. Purposes for Collecting and Processing Consumer Health Data
We process consumer health data only to provide the Service you have requested. Specific purposes include:
- Storing, organizing, and displaying information you enter into your account
- Enabling sharing of information with individuals you designate
- Providing AI-assisted features when you choose to use them
- Authenticating users and administering accounts
- Responding to your support requests
- Complying with legal obligations
- Detecting and preventing fraud, abuse, or security incidents
We do not use consumer health data to target advertising, to train AI models, or to identify consumers seeking specific types of health care.
6. Categories of Consumer Health Data We Share
We share consumer health data only with service providers necessary to operate the Service, and only to the extent necessary for them to perform services on our behalf. These providers currently include:
- Supabase (database, authentication, and file storage)
- Vercel (hosting and deployment)
- Stripe (payment processing — does not receive consumer health data)
- Anthropic (AI processing — receives inputs only when users use AI features)
- Proton Mail (email delivery — does not receive consumer health data from within the Service)
- GitHub (code management — does not receive consumer health data)
Providers may change at any time. Each operates under its own terms, privacy policies, and security practices.
We do not sell consumer health data. We have not sold consumer health data in the preceding twelve (12) months and do not intend to sell consumer health data in the future. We do not share consumer health data for cross-context behavioral advertising or for any other purpose that would constitute a “sale” under applicable law.
We may also disclose consumer health data if required by law, legal process, or governmental request, or to enforce our Terms of Service or protect the rights, property, or safety of Care Planning Pro, our users, or the public.
7. Your Rights Under the Washington My Health My Data Act
If you are a Washington resident, you have the following rights with respect to your consumer health data:
Right to Confirm and Access
You have the right to confirm whether we are collecting, sharing, or selling your consumer health data and to access that data.
Right to Deletion
You have the right to request deletion of your consumer health data. We will honor verified deletion requests within the timeframe required by applicable law (generally within 45 days). Deletion requests apply to our active systems; copies in backup systems will be removed in accordance with our routine backup rotation.
Right to Withdraw Consent
You have the right to withdraw consent to the collection, sharing, or processing of your consumer health data. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.
Right to Appeal
If we decline a request, you have the right to appeal. Appeal instructions will be included in any response declining a request.
Right to Submit a Complaint
You have the right to submit a complaint to the Washington State Attorney General’s Office. Contact information is available at atg.wa.gov.
8. How to Exercise Your Rights
To exercise any of the rights described above, contact us at:
Please include in your request:
- Your full name
- The email address associated with your Care Planning Pro account
- A clear description of the right you wish to exercise
- Confirmation that you are a Washington State resident
We will verify your identity before responding. We will respond to verified requests within the timeframes required by applicable law. There is no cost to exercise these rights, and we will not retaliate or degrade your service as a result of your request.
9. Consent
We collect and process consumer health data only after you have entered it into the Service yourself. By entering consumer health data into the Service, you affirmatively consent to our collection and processing of that data for the purposes described in Section 5.
You may withdraw consent at any time by ceasing to enter consumer health data and by requesting deletion of previously entered data. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal. Withdrawing consent may also limit or eliminate your ability to use certain features of the Service.
10. Data Security
We rely on third-party service providers to store and process information submitted to the Service. No system can be guaranteed to be completely secure. You are responsible for safeguarding your account credentials and for the security of the devices and networks you use to access the Service.
Please see our Security page for additional information about the infrastructure and responsibilities applicable to the Service.
11. Children
The Service is not intended for individuals under 18, and we do not knowingly collect consumer health data from individuals under 18. If we learn that we have collected consumer health data from an individual under 18, we will delete it.
12. Retention of Consumer Health Data
We retain consumer health data for as long as your account is active or as necessary to provide the Service. When you delete consumer health data or close your account, we delete that data in accordance with Section 7 (Right to Deletion) above, subject to legitimate retention obligations such as legal, tax, audit, or fraud-prevention purposes.
13. Changes to This Policy
We may update this Washington Policy from time to time. When we do, we will revise the Effective Date at the top of this page. We encourage you to review this Policy periodically. Material changes affecting how we process consumer health data will be announced through the Service or by email.
14. Relationship to Other Policies
This Washington Policy supplements our general Privacy Policy. Where there is a direct conflict between this Washington Policy and the general Privacy Policy with respect to consumer health data of Washington residents, this Washington Policy controls. For all other matters, including information that is not consumer health data, the general Privacy Policy applies.
This Policy does not modify your rights or our obligations under the Terms of Service, Refund Policy, or Security page, which continue to apply in full.
15. Contact Us
If you have questions about this Washington Policy or wish to exercise your rights under the Washington My Health My Data Act, contact us at: