Cairn privacy
Privacy Policy
Draft MVP policy for test use. Counsel review is required before public launch.
What Cairn collects
Cairn stores account, membership, recipient, care-admin records, contacts, tasks, notes, document metadata, intake drafts, and audit events that you enter into the workspace.
How data is used
Data is used to organize caregiving information, prepare review-first drafts, show setup health, generate in-app summaries, and maintain an audit trail. Cairn is an organizer and memory aid, not a medical, legal, tax, or financial advisor.
AI processing
AI intake is review-first. The app redacts common PII before provider calls, does not ask AI to make final decisions, and stores extracted drafts for human review. Original intake media is discarded by default unless a future document-original option is explicitly chosen.
Your data rights
Account owners can download a structured JSON export and request account deletion. Deletion requests use a grace period before irreversible removal and can be cancelled while pending.
Security and access
Access is scoped by account membership, recipient authorization, Supabase Auth, and Postgres row-level security. Sensitive activity is audit-logged.
Incidents
If Cairn discovers a security incident involving user data, the response process will prioritize containment, investigation, user notice where required, and remediation.