Privacy Policy

1. Information Stored on Our Platform

Customer Organizations may enter and store the following types of information using our platform. This data is controlled by and belongs to the Customer Organization, not AblePath.

1.1 Staff Information

• Account Information: Name, email address, phone number, date of birth, employee ID
• Employment Information: Job title, role, certifications, training records
• Identification: Driver's license number, Social Security Number (encrypted)
• Credentials: Professional certifications, background check status

1.2 Client Information (PHI)

• Name, address, date of birth, emergency contacts
• Care plans, preferences, and service notes
• Medication information and administration records
• Incident reports and health-related observations

1.3 Location Data

The platform collects precise location data only when staff clock in or clock out of a shift (for EVV compliance) or use mileage tracking. Location is not continuously tracked. This data is stored for the Customer Organization's use.

2. How Data Is Used

AblePath does not use Customer Organization data for our own purposes. We simply provide the platform. Customer Organizations use the platform to:

• Provide and coordinate caregiving services
• Track work hours and process payroll
• Verify visits for EVV compliance
• Manage medication administration records (MAR)
• Document and report incidents as required by law
• Send work-related notifications and messages
• Generate billing and service verification reports

AblePath only accesses Customer Organization data when necessary to provide technical support at the Customer Organization's request, or to maintain and improve the platform's functionality.

3. Data Security

We implement comprehensive security measures including: encryption of all data in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, secure password hashing, session management, and audit logging of all sensitive data access.

4. Data Sharing

AblePath does not sell, share, or disclose Customer Organization data to third parties. We are solely a platform provider.

Customer Organizations may use the platform to share data with:

• Regional Centers: For service verification and billing
• Healthcare Providers: As necessary for coordinated care
• Government Agencies: As required by law

Any such data sharing is initiated and controlled by the Customer Organization, not by AblePath. Customer Organizations are responsible for ensuring their data sharing practices comply with applicable laws and regulations.

5. HIPAA Compliance

AblePath provides a platform designed to support HIPAA Privacy and Security Rules. We implement appropriate technical safeguards to protect data stored on our platform. Customer Organizations using our platform to store Protected Health Information (PHI) are responsible for their own HIPAA compliance, including entering into appropriate agreements with their staff, clients, and business associates.

6. California Privacy Rights (CCPA/CPRA)

If you are a staff member or client of a Customer Organization using AblePath, your California privacy rights (including the right to know, delete, correct, and non-discrimination) should be directed to the Customer Organization that manages your data. They are the data controller and can fulfill these requests.

AblePath, as a platform provider, will cooperate with Customer Organizations to help fulfill valid privacy requests.

7. Data Retention

Data entered by Customer Organizations is retained on our platform until the Customer Organization deletes it or terminates their account. Customer Organizations are responsible for managing their own data retention policies in accordance with applicable laws and regulations.

8. Contact Us

For questions about your personal data: Please contact the Customer Organization (your employer or care provider) that manages your information. They control the data and can address your inquiries.

For questions about this Privacy Policy or the AblePath platform: