Privacy Policy

Empcare — by Sendosha LLC

www.emp.care

Effective Date: April 16, 2026

Sendosha LLC ("we," "us," or "our"), operating as Empcare, is committed to protecting the privacy and security of all information collected through the Empcare care home management platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data.

Given the nature of our Service, we handle highly sensitive personal information including protected health information, Social Security Numbers, and other confidential records. We take this responsibility seriously and have implemented safeguards designed to meet or exceed applicable federal and state requirements.

1. INFORMATION WE COLLECT

We collect and process the following categories of information through the Service:

Data CategoryTypes of Information
Patient InformationFull name, date of birth, Social Security Number, medical history, diagnoses, medication records, treatment plans, admission forms, LIC forms, emergency contacts, insurance information, photographs
Caregiver InformationFull name, contact information, Social Security Number, employment records, certifications, training records, background check documentation, schedule and shift records
Facility InformationFacility name, license numbers, addresses, operational records, compliance documentation, inspection records, capacity and occupancy data
Account InformationSubscriber name, email address, billing address, payment information, login credentials (encrypted)
Usage DataLogin timestamps, feature usage patterns, browser type, IP address, device information

We collect this information when Subscribers or their authorized users input it into the Service. We do not collect information directly from patients. All patient data is entered by care home operators (our Subscribers) or their authorized staff.

2. HOW WE USE YOUR INFORMATION

We use the information collected through the Service for the following purposes:

  • Service delivery: To provide, maintain, and improve the Empcare platform and its features
  • Documentation management: To generate, store, synchronize, and manage care home documentation including patient records, caregiver files, facility records, LIC forms, and admission forms
  • Account management: To manage Subscriber accounts, process payments, and provide customer support
  • Communication: To send service-related notifications, updates, and respond to inquiries
  • Compliance: To comply with applicable laws, regulations, and legal obligations
  • Security: To detect, prevent, and respond to security incidents, fraud, or technical issues

We do NOT use your information for: advertising or marketing to third parties, selling or renting data to any third party, automated decision-making or profiling of patients, or any purpose unrelated to the operation of the Service.

3. INFORMATION SHARING AND DISCLOSURE

We do not sell, rent, trade, or otherwise share your information with third parties except in the following limited circumstances:

  • Service providers: We may share data with trusted third-party service providers who assist in operating the Service (e.g., cloud hosting, payment processing), subject to contractual obligations to protect your data and use it only for the purposes we specify
  • Legal requirements: We may disclose information if required by law, regulation, subpoena, court order, or other governmental request
  • Safety: We may disclose information when we believe in good faith that disclosure is necessary to protect the safety of any person or to prevent illegal activity
  • Business transfer: In the event of a merger, acquisition, or sale of Sendosha LLC, your information may be transferred as part of that transaction, subject to the same privacy protections described in this policy

We will notify affected Subscribers before any material change in how their data is shared.

4. DATA SECURITY

Given the highly sensitive nature of the information we process, we implement the following security measures:

  • Encryption: All data is encrypted in transit (TLS 1.2 or higher) and at rest using industry-standard encryption algorithms
  • Access controls: Role-based access control (RBAC) ensures that users only see information appropriate to their role (e.g., caregivers see different data than care managers)
  • Authentication: Secure authentication mechanisms protect account access
  • Infrastructure: Data is stored on secure, access-controlled infrastructure with regular security monitoring
  • SSN protection: Social Security Numbers receive additional protections including restricted access, encryption at rest, and access logging
  • Incident response: We maintain procedures for detecting, responding to, and reporting security incidents

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected parties in the event of a data breach in accordance with applicable law.

5. DATA RETENTION

We retain your information for as long as your account is active or as needed to provide the Service. Upon termination of a Subscriber's account:

  • Data export: Subscribers may request an export of all their data in a standard, machine-readable format within thirty (30) days of termination
  • Deletion: Following the export period (or upon request), we will delete or de-identify Subscriber data from our active systems within sixty (60) days
  • Backups: Residual copies in encrypted backups will be purged in accordance with our backup rotation schedule, not to exceed one hundred eighty (180) days
  • Legal retention: We may retain certain information as required by applicable law, regulation, or legal obligation, even after account termination

6. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: The right to request a copy of the personal information we hold about you
  • Correction: The right to request correction of inaccurate or incomplete information
  • Deletion: The right to request deletion of your personal information, subject to legal retention requirements
  • Portability: The right to receive your data in a structured, commonly used, machine-readable format
  • Restriction: The right to request restriction of processing under certain circumstances

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by us
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights
  • The right to correct inaccurate personal information

To exercise any of these rights, contact us at the information provided in Section 10.

7. HEALTH INFORMATION AND HIPAA CONSIDERATIONS

The Empcare platform may process information that qualifies as Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). Sendosha LLC is committed to:

  • BAA availability: Entering into Business Associate Agreements (BAAs) with Subscribers where required under HIPAA
  • Minimum necessary: Applying the minimum necessary standard when accessing PHI for service operation and support
  • Safeguards: Implementing administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements
  • Breach notification: Providing notification of any breach of unsecured PHI in accordance with HIPAA Breach Notification Rule requirements

[NOTE FOR COMPLIANCE REVIEW: The applicability of HIPAA to Empcare's specific operations should be formally assessed by your compliance engineer. If Empcare is determined to be a Business Associate under HIPAA, a formal HIPAA compliance program, including policies, procedures, training, and risk assessments, must be established. This section should be updated to reflect the outcome of that assessment.]

8. COOKIES AND TRACKING

The Service may use cookies and similar technologies for:

  • Session management and authentication
  • Remembering user preferences
  • Analyzing service usage to improve performance

We do not use cookies for advertising or third-party tracking purposes.

9. CHILDREN'S PRIVACY

The Service may store records of patients who are minors. This information is entered and managed by authorized care home operators, not by minors directly. We do not knowingly collect information directly from children under 13. All minor patient data is subject to the same security and privacy protections described in this policy.

10. CONTACT INFORMATION

For privacy-related inquiries, data requests, or to exercise your rights under this policy, contact us at:

Sendosha LLC (operating as Empcare)

Email: software@servicewithaheart.com

Website: www.emp.care

We will respond to all verified requests within thirty (30) days.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify Subscribers of material changes by email or through the Service at least thirty (30) days before the changes take effect. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

Last updated: April 16, 2026

← Back to Home