CareRM
Privacy Notice

Privacy Notice

This notice describes how CareRM, Inc. (“CareRM,” “we,” “us”) collects, uses, and shares information about visitors to carerm.com and the people who submit our contact forms.

Effective: June 2026. Last updated: June 2026.

1. Scope

This notice covers the carerm.com marketing website and the contact forms hosted on it. It does not cover the CareRM product platform, which is governed by a separate customer agreement and Business Associate Agreement (BAA) executed at the start of each engagement.

This site is intended for business operators (DSO executives, practice owners, marketing leads at dental groups). It is not directed at patients and is not intended for individuals under 18.

2. Information we collect

We collect information in two ways:

2.1 Information you provide directly. When you submit a contact form on this site, we collect the name, email address, phone number, group or practice name, business type, and any topical interests you select. We use this information to schedule follow-up calls and route your inquiry to the right person on our team.

2.2 Information collected automatically. When you visit this site, we automatically collect:

  • Browser type, operating system, IP address, and user agent string
  • Pages visited, time spent, and referring URL
  • Marketing campaign parameters (UTM tags and click IDs) when present in the URL
  • A first-touch attribution cookie called crm_first_touch (90-day lifetime) recording the ad, campaign, or referrer that first sent you to the site
  • The Meta Pixel cookie (_fbp) and related browser storage used by Meta’s advertising platform

See Section 5 for how to opt out of automatic collection.

3. How we use information

We use the information described above to:

  • Respond to your inquiries and schedule follow-up conversations
  • Measure which marketing channels and campaigns produce qualified inquiries
  • Operate, secure, and improve the marketing website
  • Run paid advertising on Meta platforms (Facebook, Instagram) including conversion measurement, optimization, and audience building
  • Comply with legal obligations and respond to lawful requests

We do not sell your personal information. We do not share it with data brokers or other advertisers. We do not collect or process protected health information (PHI) on this marketing site.

4. How we share information

We share information with a small set of service providers and ad partners who help us operate this site and our marketing:

  • GoHighLevel (CRM). Form submissions are upserted into our customer relationship management platform as a contact record. Used for follow-up and pipeline management.
  • Meta Platforms (Facebook, Instagram). When tracking is enabled, the Meta Pixel and Meta Conversions API receive page-view and conversion events associated with your browser session. Identifiers we send (email, phone, name) are hashed using SHA-256 before transmission.
  • Vercel.Hosting and content delivery for this site. Standard server access logs are retained per Vercel’s policies.

We may also disclose information when required by law, to protect against fraud or abuse, or in connection with a merger, acquisition, or sale of business assets.

5. Cookies and tracking

We use a small number of cookies and similar technologies for analytics and advertising. Specifically:

  • crm_consent records your tracking preference (1-year lifetime)
  • crm_first_touch records the first ad or referrer that sent you to the site (90-day lifetime)
  • _fbp is set by the Meta Pixel for ad measurement (90-day lifetime)

Opt out at any time. Click Decline in the cookie prompt that appears on this site. Your choice is stored for one year. To revisit the prompt, clear the crm_consent cookie from your browser. After you opt out, we stop setting the attribution cookie, instruct Meta to stop processing events for your browser, and skip server-side conversion reporting for any forms you submit.

We honor the Global Privacy Control (GPC) signal as an opt-out where required by applicable state law.

6. Your rights and choices

Depending on your jurisdiction, you may have the following rights with respect to the personal information we hold:

  • Access. Request a copy of the personal information we have associated with your email address.
  • Correction. Request that we correct inaccurate information.
  • Deletion. Request that we delete the contact record we hold for you. We will action this within five business days for non-customer records.
  • Opt out of targeted advertising / data sharing. Decline tracking via the cookie prompt at any time, or email us with the address below.
  • Non-discrimination. We will not retaliate against you for exercising any of these rights.

To exercise any of these rights, email support@carerm.com from the address associated with your contact record. We will verify your identity before fulfilling the request.

7. California privacy rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information. We do share limited identifiers with Meta for cross-context behavioral advertising, which California law treats as “sharing.” You can opt out at any time using the cookie prompt described in Section 5.

8. Data retention

We retain contact records in our CRM for as long as you remain a prospect or customer, plus an additional 24 months for legitimate business purposes (lead nurture, win-back outreach, sales analysis). After that period, records are deleted or aggregated into anonymous statistics.

Cookie lifetimes are listed in Section 5. Server access logs held by Vercel are retained per their standard retention policy (typically 30 to 90 days).

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect the information we collect. Service providers (GoHighLevel, Meta, Vercel) are bound by contractual obligations to maintain appropriate security and confidentiality. Despite these measures, no system is fully secure, and we cannot guarantee the absolute security of information transmitted over the internet.

10. International users

This site is operated from the United States. If you access this site from outside the United States, you understand that your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

11. Children's privacy

This site is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us at the email below and we will delete it.

12. CareRM product platform (separate)

This notice covers the carerm.com marketing website only. The CareRM product platform sold to customers operates under a separate customer agreement, Business Associate Agreement, and product-level privacy and security documentation provided during contracting. Ask your CareRM contact for those documents during diligence.

13. Changes to this notice

We may update this notice from time to time. When we do, we will revise the “Last updated” date at the top. Material changes will be reflected in the cookie prompt or via email if we have a current address for you.

14. Contact us

Questions about this notice, requests under Section 6, or other privacy matters:

support@carerm.com

CareRM, Inc.