Privacy Policy
‍

Last updated: March 2026

The protection of personal data of users of www.caresma.com and the Caresma application (collectively referred to as the “Platform”) is of high importance to us. This Privacy Policy explains how CARESMA Private Company, operating under the distinctive title “CARESMA”, collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the applicable Greek legislation, including Law 4624/2019.By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please refrain from using the Platform.We reserve the right to amend this Privacy Policy at any time. Any updates will be posted on this page and will become effective immediately upon publication.

1. Data ControllerThe Data Controller responsible for processing your personal data is:
CARESMA Private Company
Distinctive title: CARESMA
Address: 40 Zan Moreas Street, Athens, Attica, 11745, Greece

For any questions regarding this Privacy Policy or to exercise your rights under GDPR, you may contact us at:

Email: info@caresma.com

‍2. Personal Data We Collect
Depending on how you interact with the Platform, we may collect the following categories of personal data.

Account Information
When users create an account or interact with our services, we may collect:
- Full name
- Email address
- Mobile phone number
- Password

Care Recipient Information
To facilitate caregiving services through the Platform, the following information may be collected:
- Care recipient name
- Phone number

Communication Data
When using communication services within the Platform we may process:
- Chat messages
- Voice call metadata
- SMS communication records

Technical and Usage Data
When users access the Platform we may automatically collect certain technical data, including:
- IP address
- Browser type and version
- Operating system
- Device type
- Date and time of visits
- Navigation data within the Platform

3. How We Use Personal Data
We process personal data for the following purposes:
- To create and manage user accounts
- To provide caregiving-related services through the Platform
- To enable communication between users
- To provide notifications and service updates
-To improve the design, performance, and functionality of the Platform
- To generate analytics and statistical insights
- To respond to inquiries and support requests
- To comply with legal obligations

4. Legal Basis for Processing
Under the GDPR, we rely on the following legal bases for processing personal data:
- Performance of a contract – when processing is necessary to provide services requested by users
- Legitimate interests – for improving the Platform, ensuring security, and analyzing usage
- User consent – where required, such as for certain marketing communications or cookies
- Legal obligation – where processing is required by applicable law

5. Caresma Platform and AI Features
The Caresma Platform (website and application) provides digital tools designed to support communication and caregiving coordination between users.

Certain features of the Platform include AI-powered functionalities, such as:
- AI assistant support for care recipients
- Message summarization
- Scheduling assistance

These functionalities are powered by OpenAI API services.Caresma takes reasonable measures to avoid sending personal or sensitive health data to OpenAI systems and to minimize personal information contained in AI-processed content.AI-generated outputs are provided for assistance and informational purposes only and should not be interpreted as professional medical advice.

6. Third-Party Service Providers
To provide and improve our services, we work with trusted third-party service providers that may process data on our behalf.

These providers act as data processors and process data in accordance with contractual safeguards consistent with GDPR requirements.

Communication Services
Twilio Inc.
Used for:
- Voice calls
- Notifications
-Communication services within the Platform

AI Services
OpenAI
Used for:
- AI assistant functionality
- Message summarization
- Scheduling assistance

Analytics Services
We use analytics tools to understand how users interact with the Platform and to improve our services.

These services may include:
- Google Analytics
- Mixpanel
- Meta Pixel

These tools may collect anonymized or aggregated information about user interactions with the Platform.

Forms
We may use Typeform to collect information submitted through forms, such as inquiries, applications, or lead generation forms.

7. Data Sharing Between Users
In order to facilitate caregiving services, certain user information may be shared between:
- Caregivers
- Relatives of care recipients

‍This sharing occurs only to the extent necessary to enable communication and coordination of services through the Platform.

8. Cookies
The Platform uses cookies and similar technologies to improve user experience and analyze traffic.Cookies are small files stored on a user’s device when visiting a website.We use the following categories of cookies:

Essential Cookies
Required for the basic functionality and operation of the Platform.

Analytics Cookies
Used to understand how users interact with the Platform and improve performance.

Marketing Cookies
Used to understand engagement with our services and improve communication.

Users can configure their browser settings to refuse cookies or delete existing cookies. Please note that disabling certain cookies may affect the functionality of parts of the Platform.

9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.Personal data is typically retained for the duration of a user’s account and for a reasonable period thereafter to comply with legal obligations, resolve disputes, enforce agreements, or maintain security.Analytics data may be retained in aggregated or anonymized form.When data is no longer required, it is securely deleted or anonymized.

10. Data Security
We implement appropriate technical and organizational measures designed to protect personal data from:unauthorized accesslossmisusealterationunauthorized disclosureWhile we strive to protect personal data, no method of transmission over the internet or method of electronic storage can guarantee absolute security.

11. International Data Transfers
Personal data is primarily stored on servers located within the European Union.Where personal data is processed by third-party providers outside the EU, appropriate safeguards are implemented in accordance with GDPR requirements.

12. Children’s Data
The Platform is not specifically directed toward children.We do not knowingly collect personal data from individuals under the age of 16 without parental consent. If we become aware that personal data from a minor has been collected without appropriate consent, we will take steps to delete such information.

13. User Rights Under GDPR
Users have the following rights regarding their personal data:Right of accessRight to rectificationRight to erasure (“right to be forgotten”)Right to restriction of processingRight to data portabilityRight to object to processingRight to withdraw consent at any timeUsers may exercise these rights by contacting:info@caresma.comUsers also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

14. Disclosure to Authorities
Caresma will not sell or disclose personal data to third parties without user consent unless:required by lawrequested by competent authoritiesnecessary to protect legal rights or comply with legal obligations

15. Changes to this Privacy Policy
Caresma reserves the right to update or modify this Privacy Policy at any time. Updated versions will be posted on the Platform.Continued use of the Platform constitutes acceptance of the revised Privacy Policy.