Privacy
How Qarelog handles data during the closed beta.
Controlled Real-User Launch
Qarelog handles sensitive therapy-related information for therapists and caregivers during controlled launch. Organizations should approve who may use real client data and keep access limited to authorized users.
Data Collected
The app may process account details, role assignments, client profiles, therapy notes, assessments, goals, tasks, sessions, reports, audit events, and support messages needed to operate the service.
Roles and Access
Therapists, caregivers, managers, and super admins receive different access. Caregivers see assigned client basics and therapist-approved caregiver-facing summaries, reports, goals, recommendations, and home-support information. They do not receive the full internal clinical record.
AI Report Generation
AI-generated content is assistive and requires therapist review. AI drafts, unreviewed output, and internal therapist edits are not intended for caregiver visibility.
Retention, Export, and Deletion
Retention periods are set by the organization using Qarelog. Export and deletion requests should be routed through the organization administrator or support contact.
Security Practices
Qarelog uses role-based access, audit logging, Firebase security controls, session protections, caregiver approval workflows, and least-privilege sharing. Users should not share login credentials. No system can guarantee absolute security.
Ghana and US Considerations
Organizations should assess Ghana Data Protection Act obligations. US clinics should not use Qarelog for protected health information unless a HIPAA business associate agreement is in place.
Breach and Contact Process
Suspected privacy or security incidents should be reported to the organization administrator and Qarelog support immediately for triage and containment.