1. Information the App Collects
Account & identity
- Name, email address, phone number, and mailing address
- Login credentials (username and password)
Employment & onboarding information (caregivers/staff)
- Social Security number or government ID and date of birth (for employment eligibility and background screening)
- Employment history, qualifications, and credentials
- Financial information for payroll, such as direct-deposit / bank account details
- Documents and photos you upload during onboarding (e.g., identification, certifications)
Location
- Precise location is collected only at clock-in and clock-out to support Electronic Visit Verification (EVV) as required by Ohio Medicaid and the 21st Century Cures Act. The App does not track your location continuously or in the background.
Health information
- Care/visit notes about clients that caregivers enter during or after a visit. This information is Protected Health Information (PHI) and is handled under our HIPAA Notice of Privacy Practices.
Technical & diagnostic data
- Limited technical information needed to operate and secure the App, such as app diagnostics/crash information and a device identifier used to deliver notifications.
2. How the App Uses Information
- To create and manage your account and authenticate you
- To schedule visits, record EVV clock-in/out, and document care
- To complete employee onboarding, background screening, and payroll setup
- To enable secure messaging and notifications between care-team members
- To meet Ohio Medicaid, EVV, HIPAA, and other legal and regulatory obligations
- To maintain the security, integrity, and proper functioning of the App
We do not use your information for advertising, and we do not sell your personal information.
3. How the App Shares Information
We do not sell or rent personal information. We share it only as follows:
- Service providers under contract that help us operate the App and our services, including cloud infrastructure (Google Cloud Platform / Firebase), our EVV aggregator (Sandata, on behalf of the Ohio Department of Medicaid), and payroll/HR providers. These providers are bound by confidentiality and data-protection obligations.
- Government programs and regulators as required for Medicaid billing, EVV, audits, and compliance (e.g., Ohio Department of Aging, Ohio Department of Medicaid, CMS/HHS).
- Legal requirements — when required by law, subpoena, or legal process, or to protect rights and safety.
- Business transfers — in connection with a merger, acquisition, or sale of assets.
4. Data Retention
We retain App data in accordance with Ohio Medicaid requirements (Ohio Administrative Code 173-39-02(A)(3)), HIPAA, and applicable employment/tax law. Key periods:
| Record type | Retention |
|---|---|
| Service-delivery records, EVV data, care/clinical notes, billing, incident reports, personnel and training records | 6 years |
| Care-team communications/messages that are part of a service or care record | 3 years (up to 6 years if part of a clinical/service record) |
| Background-check and OIG/SAM screening records | 10 years |
| Form I-9 records | 3 years after hire (or 1 year after separation, whichever is later) |
| Tax and certain corporate records | As required, up to permanent |
Personal data that is not subject to a legal retention requirement is deleted when you delete your account. See Delete Your Account & Data.
5. Data Security
- Encryption of data in transit (TLS/SSL)
- Encrypted, access-controlled storage with role-based permissions
- HIPAA-aligned administrative, physical, and technical safeguards
- Backups maintained in encrypted storage
No method of transmission or storage is 100% secure, but we use commercially reasonable measures to protect your information.
6. Your Rights & Choices
- Location permission: You control location access through your device settings; the App requests it only for EVV at clock-in/out.
- Access & correction: You may request a copy or correction of your personal information.
- Deletion: You may delete your account in the App (Profile → Delete My Account) or by contacting us. See our dedicated Account & Data Deletion page for what is deleted and what is retained.
7. Account & Data Deletion
You can request deletion of your account at any time in the App via Profile → Delete My Account, or by emailing Care@serenitycarepartners.com. This removes your App account, in-app profile, and access to the App, and deletes personal data we are not legally required to retain. Your sign-in is also the credential used to access our secure system of record (the ERP); for current employees and contractors, that credential is governed by your employment and is deactivated in accordance with your employment status (for example, upon separation). Records you create or send through the App that form part of a care, service, or employment record are retained as required by HIPAA, Ohio Medicaid, and employment/tax law, then securely destroyed at the end of the required period. Full details — exactly what is deleted and what is retained — are on our Delete Your Account & Data page.
8. Children's Privacy
The App is a workforce tool intended for users 18 and older. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Policy to reflect changes in our practices or for legal or regulatory reasons. We will post changes here with an updated "Last Updated" date.
10. Contact Us
Serenity Care Partners · Attn: Privacy Inquiries · Blue Ash, Ohio
Email: Hello@serenitycarepartners.com
Phone: (513) 400-5113