How we handle your information.

MapleCare is a business-to-business (B2B) platform. Our direct customers are home care agencies. When an agency uses MapleCare, that agency is the “controller” (or “business” under California law) of any personal information about its clients, caregivers, applicants, or referral partners that flows through our software. MapleCare acts as that agency's “processor” (or “service provider”).

This Privacy Policy primarily describes how we handle information collected directly by us — for example, when you visit our marketing site, request a demo, or correspond with our team. For information processed inside the platform on behalf of a customer agency, that agency's privacy notice and our Data Processing Addendum control.

We collect the following categories of personal information:

• Information you provide. Name, email, phone, agency name and location, EHR / scheduling system in use, agency size, role, and any free-text you include when you request a demo, fill out a contact form, schedule via Calendly, or email us.
• Account and customer information. If your agency becomes a customer, billing details, point-of-contact information, and configuration data you set up inside the platform.
• Automatically collected technical data. IP address, user-agent, referring URL, pages visited, time on page, device type, and approximate geolocation (derived from IP). Collected by our hosting provider and analytics tooling for security, abuse prevention, and basic traffic measurement.
• Cookies and similar technologies. Strictly necessary cookies for session management and security. We do not use third-party advertising or cross-site tracking cookies on this website.
• Communications. Records of emails, calls, demo conversations, and support tickets you exchange with us.

Sensitive personal information. We do not knowingly collect government IDs, financial account numbers, geolocation more precise than city, biometrics, racial or ethnic origin, religious beliefs, sexual orientation, or health information through the marketing website. Personal health information processed inside the platform is handled under our Data Processing Addendum and applicable Business Associate Agreement.

Children. The Services are directed to businesses, not consumers or children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, please contact us at hello@maplecare.ai

We use the information we collect to:

• respond to demo requests, sales inquiries, and other communications;
• operate, maintain, secure, and improve the Services;
• provision and bill customer accounts;
• send transactional emails (e.g., demo confirmations, account notices);
• detect, prevent, and respond to fraud, abuse, and security incidents;
• comply with legal obligations and enforce our agreements; and
• analyze aggregate usage to inform product decisions.

We do not use personal information for behavioral advertising or to build profiles for third parties.

We share personal information only as needed to operate the Services. The categories of recipients are:

• Service providers / subprocessors. Hosting (Amazon Web Services), email delivery, scheduling (Calendly), SMS / messaging infrastructure (Twilio), error monitoring, analytics, and customer-support tools. Each is bound by contract to use information only to provide services to us. A current list is available on request.
• Customer agencies. When you submit information about your agency, our team reviews and routes it within MapleCare. If you book a demo via Calendly, your booking details (including custom-question answers) appear in the Calendly account that hosts the event.
• Legal and safety. We may disclose information when required by law, to enforce our terms, to protect rights and safety, or in connection with a merger, financing, or acquisition (with notice to you where required).

We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We have not done so in the preceding twelve months.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of personal information described in this policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Information sharing to subprocessors that support our messaging operations (for example, Twilio for message delivery) is permitted solely to operate the Services and is governed by contract.

MapleCare uses SMS / text messaging to communicate with people who have given us their mobile number and consented to receive messages. The categories below cover the messaging program operated by MapleCare on this website and platform:

• How we get consent. When you submit a phone number through a form on this website (for example, a demo request), you check a consent box indicating that you agree to receive SMS messages from MapleCare related to your inquiry, account, scheduling, and service notifications. We do not enroll anyone in SMS without an affirmative opt-in.
• Types of messages you may receive. Demo confirmations and reminders, account and onboarding notifications, scheduling and shift-related operational alerts (for our customer agencies and their staff), two-factor authentication codes, and customer-support replies. We do not send marketing or promotional messages without separate, explicit consent.
• Message frequency. Frequency varies by use case. Operational alerts may be more frequent (per-shift or per-event); transactional messages are sent only as needed.
• Message and data rates. Standard message and data rates from your wireless carrier may apply.
• Opting out. Reply STOP to any message to unsubscribe. You will receive a one-time confirmation that you have been unsubscribed. You can re-subscribe at any time by contacting us.
• Help. Reply HELP to any message for assistance, or email hello@maplecare.ai. Supported carriers include AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, Boost, MetroPCS, Virgin Mobile, and other major U.S. carriers. Carriers are not liable for delayed or undelivered messages.
• Privacy of mobile information. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subprocessors that support our messaging program (for example, Twilio for message delivery and routing) is permitted solely to operate the messaging service. Mobile opt-in data and consent are not shared with any other third parties under any circumstances.

See our Terms of Service for the full SMS terms, including consent language and dispute resolution.

In the preceding twelve months, we have collected and disclosed the following categories of personal information for the business purposes described above:

• Identifiers (name, email, phone, IP address)
• Commercial information (agency name, role, EHR in use, agency size)
• Internet or network activity (browsing data, page views)
• Geolocation (approximate, from IP)
• Professional or employment information (job title, agency affiliation)
• Inferences drawn from the above (e.g., agency size category)

Categories of sources: directly from you; from our hosting and analytics providers; from your agency's authorized representatives; and from third-party tools you use to interact with us (e.g., Calendly).

Depending on where you live, you may have the following rights. Where the law applies, we honor these for all individuals — not only California residents:

• Right to know / access. Request a copy of the personal information we hold about you and the categories listed in Section 5.
• Right to delete. Request deletion of your personal information, subject to limited exceptions (e.g., to complete a transaction, comply with law, or detect security incidents).
• Right to correct. Request correction of inaccurate personal information.
• Right to limit use of sensitive personal information. We do not use sensitive information beyond the limited purposes permitted under CCPA/CPRA, so this generally does not apply, but you may request confirmation.
• Right to opt out of sale or sharing. We do not sell or share your information for cross-context behavioral advertising. Nothing to opt out of.
• Right to non-discrimination. We will not deny services, charge different prices, or provide a different level of service because you exercised a privacy right.
• Right to appeal. If we deny a request, you may appeal by replying to our denial. We will respond within sixty (60) days.

To exercise any right, email hello@maplecare.ai with the request and enough information for us to verify your identity. We will respond within forty-five (45) days, and may extend once by an additional forty-five (45) days where reasonably necessary, with notice. You may designate an authorized agent to make a request on your behalf; we may require the agent's written authorization and verify your identity directly.

California Civil Code §1798.83 permits California residents to request information about disclosure of personal information to third parties for those parties' direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

We retain personal information only as long as needed for the purposes described above and to comply with our legal obligations. Demo and contact-form submissions are typically retained for thirty-six (36) months unless a customer relationship develops, in which case we retain records for the duration of that relationship plus a reasonable period after for accounting, audit, and legal purposes. Server logs are retained for up to ninety (90) days.

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit, encryption at rest for stored data, access controls, audit logging, and routine security review. Subprocessor selection prioritizes vendors with mature security postures (SOC 2, ISO 27001, or equivalent attestations). No system is perfectly secure, and we cannot guarantee absolute security. If we learn of a security incident materially affecting your information, we will notify you and applicable authorities as required by law and without unreasonable delay.

We rely on a small set of trusted vendors to operate the Services. Each is bound by contract to use information only to provide services to us, to maintain appropriate safeguards, and to assist us with our legal obligations. The current list:

• Vercel — application hosting and edge delivery (United States)
• Supabase — managed Postgres and storage for lead and account data (United States)
• Resend — transactional email delivery (United States)
• Calendly — demo scheduling and booking flow (United States)
• Google (Workspace, Calendar, Meet) — calendar invites and video meeting links (United States)
• Twilio — SMS / messaging delivery for the platform’s messaging features (United States)

We periodically review and update this list. To request the current list, advance notice of changes, or copies of executed Data Processing Agreements, email hello@maplecare.ai.

MapleCare is an AI-native platform. Inside the platform, AI systems may help triage inbound calls, generate suggested matches for open shifts, draft first-pass interview questions, and surface compliance reminders. The system is designed to support — not replace — human judgment for any decision that materially affects a person (for example, a hire/no-hire decision, a clinical escalation, or a client-facing communication during a sensitive moment). A qualified human at the customer agency reviews and approves those decisions.

AI outputs may contain errors, omissions, or biases. Customer agencies are responsible for verifying outputs before relying on them and for ensuring their use of the Services complies with applicable employment, anti-discrimination, and consumer-protection laws (including state-level rules on AI in hiring such as NYC Local Law 144 and emerging California regulations).

Where applicable law grants rights with respect to automated decision-making (for example under CPRA or GDPR), you may request information about and meaningful human review of any decision that significantly affects you. Submit such requests via hello@maplecare.ai.

MapleCare is operated from the United States. If you access the Services from outside the U.S., you understand that your information will be processed in the U.S. and other countries where our service providers operate, which may have data protection laws different from those in your country.

Our website and platform may link to or embed third-party services (for example, Calendly, Google Meet, Google Calendar). Those services have their own privacy policies, and we are not responsible for their practices. Review their notices before providing information.

Some browsers transmit a “Do Not Track” (DNT) signal. There is no industry consensus on how to interpret it, and we do not use cross-site tracking on our marketing site. We do not change our practices based on a DNT signal.

We also recognize the Global Privacy Control (GPC) signal as a valid request to opt out of the “sale” or “sharing” of personal information for California residents under the CCPA/CPRA — though, as noted above, we do not currently sell or share personal information for cross-context behavioral advertising regardless of any signal.

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice (for example, by email or a notice on our website). Continued use of the Services after a change constitutes acceptance of the updated policy.

Questions about this policy or our privacy practices, or to exercise a right described above:

• Email: hello@maplecare.ai
• Mail: MapleCare, Inc., Attn: Privacy, California, USA

For CCPA/CPRA-specific requests, please put “California Privacy Request” in the subject line so we can route it correctly.