Skip to content

Security at Carelendr

Care coordination needs clear access, provenance, and accountability.

Carelendr is designed around minimum-necessary visibility and auditable healthcare operations. This page describes the security approach and does not claim certification or replace an organization’s own compliance duties.

Permissioned visibility

Caregiver data is intended to be visible through an entitled relationship and an appropriate sharing purpose. The product avoids unrestricted caregiver discovery by default.

Organization-scoped access

Protected provider operations are designed to derive organization context from the authenticated session and validate record ownership on access and mutation.

Minimum-necessary display

Provider views favor scoped readiness, permitted names, service areas, travel time, and consented context rather than precise home addresses or unnecessary documents.

Credential provenance

Where available, readiness records retain verification source, verification date, expiration, provider association, and whether a requirement is reusable or specific.

Auditable actions

Consequential AI-assisted actions are designed to show their proposed inputs and effects, require confirmation, and retain actor, time, outcome, and affected-record context.

Validated source data

Regulated or source-dependent facts fail closed. Utilization is not estimated, and scheduled time is not silently substituted for verified delivered time.

Operational boundaries

Unknown data

Shown as Unknown, Not connected, Incomplete, or Unreconciled.

AI actions

Reviewed before messages, invitations, offers, or record changes are sent.

Sensitive documents

Intended for authenticated, purpose-bound, expiring access when shared.

Analytics

Protected health information, credentials, transcripts, and tokens do not belong in client analytics.

Report a security concern

Do not include protected health information, credentials, passwords, or access tokens in an initial report. Describe the affected Carelendr surface, when you observed the issue, and a safe way to contact you.

Email the security contact