CarryForward

Privacy Policy

Last Updated: January 11, 2026

Our Commitment to Your Privacy

At CarryForward, your privacy is our highest priority. We built this service with zero-knowledge architecture, meaning we cannot access your decrypted medical records even if we wanted to. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, password (hashed)
  • Profile Information: Family member names, relationships, dates of birth (encrypted)
  • Provider Information: Healthcare provider names and contact details (encrypted)
  • Medical Documents: Uploaded files (encrypted client-side before transmission)
  • Billing Information: Handled by Stripe; we never see your full credit card number

1.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent (via PostHog analytics)
  • Device Information: Browser type, operating system, device model
  • Log Data: IP address, timestamps, error logs (stored temporarily for debugging)

1.3 What We DO NOT Collect

  • Decrypted medical record contents (zero-knowledge encryption)
  • Your encryption keys or recovery phrase
  • Social security numbers (except last 4 digits, encrypted, if you choose to store them)
  • Geolocation data

2. How We Use Your Information

  • Provide and maintain the Service
  • Process payments and manage subscriptions
  • Send transactional emails (password resets, subscription notifications)
  • Improve the Service through analytics (anonymized where possible)
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Zero-Knowledge Encryption

How It Works

  1. When you sign up, you generate a 12-word recovery phrase on your device
  2. This phrase creates an encryption key that never leaves your device
  3. All sensitive data is encrypted in your browser before being sent to our servers
  4. We store only encrypted data; we cannot decrypt it without your key
  5. If you lose your recovery phrase, your data is permanently inaccessible (even to us)

4. Data Sharing & Third Parties

We use the following third-party services to operate CarryForward:

Supabase (Database & Storage)

Stores encrypted data. Data is hosted in the United States. See Supabase Privacy Policy

Stripe (Payment Processing)

Handles billing securely. We never see your full credit card number. See Stripe Privacy Policy

Resend (Transactional Email)

Sends password resets, receipts, and notifications. See Resend Privacy Policy

PostHog (Analytics)

Tracks usage patterns to improve the product. No PII is sent. See PostHog Privacy Policy

Vercel (Hosting)

Hosts the application. Logs are retained for 7 days. See Vercel Privacy Policy

We do not sell your data. We will never sell, rent, or trade your personal information or medical records to third parties.

5. Data Retention

  • Active Accounts: Data is retained as long as your account is active
  • Deleted Accounts: Data is deleted within 30 days of account deletion
  • Backups: Encrypted backups are retained for 30 days for disaster recovery
  • Logs: Server logs are retained for 90 days for security purposes

6. Your Rights

You have the right to:

  • Access: Request a copy of all data we have about you
  • Export: Download your medical records in standard formats (PDF, JSON)
  • Correct: Update inaccurate information at any time
  • Delete: Permanently delete your account and all associated data
  • Opt-Out: Unsubscribe from marketing emails (we send very few)
  • Portability: Take your data to another service

To exercise these rights, email support@carryforward.app.

7. FTC Health Breach Notification Rule

Important Legal Notice

CarryForward is not a HIPAA covered entity. However, we comply with the FTC Health Breach Notification Rule, which requires:

  • Notify affected users within 60 days of discovering a breach
  • Notify the FTC if the breach affects 500+ users
  • Notify prominent media outlets if the breach affects 500+ users in a jurisdiction
  • Maintain reasonable security measures (see our Security page)

8. Children's Privacy

CarryForward is intended for use by adults (18+) managing their own or their family members' medical records. We do not knowingly collect personal information from children under 13 without parental consent. Parents may create profiles for their children within their family account.

9. International Users

CarryForward is based in the United States and data is stored on servers in the United States. By using the Service, you consent to the transfer and processing of your data in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

Questions about privacy? We're here to help:

TAP-OS, LLC

Email: support@carryforward.app

← Back to Home