We've rebranded! HF Health AI is now Caraly — same trusted platform, better name. Learn more →
Caraly

Privacy Policy

Last Updated: April 4, 2026

1. Introduction

Caraly ("we," "us," or "our") operates the Caraly platform at caraly.co (the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights regarding that information. By using the Service, you agree to the practices described in this policy.

Important notice: Caraly is an educational health information platform. We are not a covered entity under HIPAA, and the information you share with our AI specialists does not constitute a protected health record (PHR) under HIPAA. However, we treat all health-related data with the same level of care and security as if it were protected health information.

2. Information We Collect

We collect the following categories of information:

2a. Account Information

When you create an account via Manus OAuth, we receive your name and email address from the authentication provider. We store this information to identify your account and deliver the Service.

2b. Health-Related Conversation Data

When you chat with our AI specialists or use the Symptom Checker, we store the content of those conversations and symptom check results in our database. This data is used to provide the Service, maintain your conversation history, and improve the quality and safety of our AI responses. This data is associated with your account and is not sold or shared with third parties for advertising purposes.

2d. Payment Information

Subscription payments and one-time credit pack purchases are processed by PayPal. We do not store your full credit card number, bank account details, or PayPal credentials on our servers. We store only your PayPal subscription ID, plan tier, billing status, and transaction records necessary to manage your account. PayPal's privacy policy governs the handling of your payment credentials.

2e. Usage and Analytics Data

We collect anonymized usage data including page views, feature interactions, and session duration to understand how users engage with the Service and to improve it. This data does not identify you personally.

2f. Error and Diagnostic Data

We use Sentry to capture application errors and performance data. Error reports may include technical information about your browser, device, and the action that triggered the error. This data is used solely for debugging and improving the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process subscription payments via Stripe
  • Maintain your conversation history and symptom check records
  • Send transactional emails (welcome, payment receipts, usage limit notifications) via Resend
  • Detect and prevent fraudulent, abusive, or harmful activity
  • Enforce our Terms of Service and crisis safety protocols
  • Improve the accuracy, safety, and quality of our AI models and platform
  • Comply with applicable laws and regulations

4. Children's Privacy (COPPA)

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will delete that information promptly.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

  • Service providers: We share data with trusted third-party providers who help us operate the Service, including PayPal (payments), Resend (transactional email), Sentry (error monitoring), and our cloud infrastructure provider. These providers are contractually obligated to protect your data and may not use it for their own purposes.
  • Legal requirements: We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Caraly, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your account information and conversation history for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., payment records may be retained for up to 7 years as required by tax law).

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encrypted database storage for sensitive fields
  • Secure cloud infrastructure with access controls and audit logging
  • Session-based authentication with signed, HttpOnly cookies
  • Real-time error monitoring and anomaly detection via Sentry

No method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information (subject to legal retention requirements).
  • Portability: Request a machine-readable export of your data.
  • Opt-out of emails: Unsubscribe from non-transactional emails at any time using the unsubscribe link in any email we send.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking

9a. Session Cookie

We use a single session cookie to maintain your authenticated session. This cookie is HttpOnly, Secure, and is deleted when you log out or your session expires (after 30 days of inactivity).

9b. Analytics

Our analytics are anonymized and do not use cookies that track you across other websites. No personally identifiable information is collected through our analytics system.

9c. Advertising Cookies (Google AdSense)

With your consent, we use Google AdSense to display advertisements on the Service. Google AdSense may use cookies and similar tracking technologies to serve personalized ads based on your browsing activity across websites. These cookies are set by Google and are governed by Google's Privacy Policy.

AdSense cookies are only loaded after you explicitly accept cookies via the consent banner shown on your first visit. If you decline, no advertising cookies are set. You can change your preference at any time by clicking "Cookie Preferences" in the footer of any page.

To opt out of personalized advertising by Google, you may visit Google Ad Settings or install the Google Analytics Opt-out Browser Add-on.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, notify you by email or via a prominent notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Caraly — Helios Frontier

3512 Walstine Ln

Valdosta, GA 31605

United States

Email: [email protected]

Website: caraly.co

© 2026 Caraly™. All rights reserved.