Permissioned visibility
Caregiver data is intended to be visible through an entitled relationship and an appropriate sharing purpose. The product avoids unrestricted caregiver discovery by default.
Security at Carelendr
Carelendr is designed around minimum-necessary visibility and auditable healthcare operations. This page describes the security approach and does not claim certification or replace an organization’s own compliance duties.
Caregiver data is intended to be visible through an entitled relationship and an appropriate sharing purpose. The product avoids unrestricted caregiver discovery by default.
Protected provider operations are designed to derive organization context from the authenticated session and validate record ownership on access and mutation.
Provider views favor scoped readiness, permitted names, service areas, travel time, and consented context rather than precise home addresses or unnecessary documents.
Where available, readiness records retain verification source, verification date, expiration, provider association, and whether a requirement is reusable or specific.
Consequential AI-assisted actions are designed to show their proposed inputs and effects, require confirmation, and retain actor, time, outcome, and affected-record context.
Regulated or source-dependent facts fail closed. Utilization is not estimated, and scheduled time is not silently substituted for verified delivered time.
Unknown data
Shown as Unknown, Not connected, Incomplete, or Unreconciled.
AI actions
Reviewed before messages, invitations, offers, or record changes are sent.
Sensitive documents
Intended for authenticated, purpose-bound, expiring access when shared.
Analytics
Protected health information, credentials, transcripts, and tokens do not belong in client analytics.
Do not include protected health information, credentials, passwords, or access tokens in an initial report. Describe the affected Carelendr surface, when you observed the issue, and a safe way to contact you.
Email the security contact