CareVirt

Provider Login
Guardian Login
Get Started Today

Privacy Policy

Privacy Policy | CareVirt

Effective Date: March 31, 2026 Last Updated: March 31, 2026

1. Introduction & Scope

CareVirt (“we,” “us,” or “the Platform”), a product of iChildBloom (Pvt) Ltd, provides digital infrastructure for specialized care centers. This policy governs how we process data within our SaaS environment, including Individualized Education Programs (IEPs), staff scheduling, and incident reporting.

2. Data We Collect (The “Need-to-Know”)

We categorize data into two distinct streams to ensure maximum security:

  • Administrative Data: Names, professional emails, and contact details of Center Administrators and Staff.
  • Protected Health & Care Data: Patient/Student names, Facesheets, customized assessments, IEP goals, and behavioral incident reports uploaded by the Center.

3. Data Ownership (Crucial for B2B Trust)

The Center remains the sole owner of all patient and staff data. * CareVirt acts strictly as a Data Processor.

  • We do not sell, rent, or trade any personal information to third parties or pharmaceutical companies.

4. How We Use Information

Data is processed exclusively to:

  • Automate IEP Generation: Using your center’s specific assessment inputs.
  • Optimize Scheduling: Managing staff assignments and attendance.
  • Security & Audit: Maintaining “Incident Reporting” logs for legal compliance at the center level.

5. Security Protocols (The “2026 Standard”)

We implement industry-standard encryption to protect sensitive disability care records:

  • Encryption at Rest: All patient files and assessments are encrypted using AES-256.
  • Access Control: Roles and Permissions ensure that only authorized staff (e.g., a Lead Therapist) can view specific sensitive profiles.
  • Database Isolation: Each center’s data is logically isolated to prevent cross-tenancy leaks.

6. Data Localization & Retention

As a Pakistan-based entity, we prioritize local data integrity.

  • Retention: Data is kept as long as the Center maintains an active subscription.
  • Deletion: Upon contract termination, all “Protected Health Data” is purged from our active databases within 30 days, unless a legal hold is required.

7. Disclosure to Third Parties

We only disclose information:

To essential service providers (e.g., secure cloud hosting) who are contractually bound to the same privacy standards.

If required by Pakistani Law or a valid court order.