CareRenta
Book a demo

Privacy policy

Last updated: April 2, 2026

Who we are

CareRenta provides software that hospitals and care facilities use to rent their own medical equipment to patients. When our customers (healthcare providers) process protected health information (PHI) through CareRenta, we act as a Business Associate under HIPAA and a service provider under PHIPA, handling that data on our customers’ behalf and under a Business Associate Agreement (BAA).

Information we collect

Depending on how you interact with CareRenta, we may collect the following types of information:

  • Account information: Names, work email addresses, phone numbers, and role assignments for staff who use the platform.
  • Patient information (processed for our customers): Patient contact details, rental and consent records, and signatures captured during intake — handled as PHI on behalf of the provider.
  • Payment information: Cards are saved and processed by a PCI-compliant third-party payment processor; CareRenta stores tokens and metadata, never raw card numbers.
  • Website & technical information: IP address, browser and device details, and usage patterns collected through cookies and analytics on our marketing site.

How we use information

We use the information we collect to:

  • Provide and operate the CareRenta platform for our customers.
  • Process secure patient intake, signed consent, and equipment rentals on our customers’ behalf.
  • Enable billing, charges, and refunds through our payment processor.
  • Send service communications, reminders, and product updates.
  • Secure the platform, prevent abuse, and meet our legal and regulatory obligations.

Data protection & security

CareRenta is built to be HIPAA and PHIPA aligned from day one. We apply per-tenant envelope encryption of PHI (AES-256-GCM with managed keys), schema-per-tenant isolation, encryption in transit, multi-factor authentication, and full audit logging on every PHI access, charge, and consent action. No method of transmission or storage is ever 100% secure, but we hold ourselves to the controls our customers’ compliance teams require.

Sharing of information

We do not sell or rent personal information. We share data only:

  • With subprocessors that help us run the service — for example, our cloud infrastructure provider, our PCI-compliant payment processor, and our messaging providers — each under appropriate agreements.
  • With the healthcare provider on whose behalf the data is processed.
  • As required by law, regulation, or valid legal process.

Cookies & tracking

Our marketing website uses cookies and analytics to understand how visitors interact with our pages and to improve the experience. You can manage or disable cookies through your browser settings at any time. The CareRenta application itself uses only the cookies necessary to keep you securely signed in.

Data retention

We retain account and PHI data for as long as needed to provide the service to our customers and as directed by them under their BAA, and otherwise as required to comply with our legal obligations. On termination, customer data is deleted or returned in line with the agreement in place.

Your rights

Patients should direct requests about their personal or health information to the healthcare provider they received equipment from, as that provider controls the data. Where CareRenta acts as a controller (for example, staff account data or marketing contacts), you may, depending on your location:

  • Access the personal information we hold about you.
  • Request updates, corrections, or deletion of your data.
  • Opt out of marketing or non-essential communications.
  • File a complaint with a data protection authority.

Changes to this policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated date. We encourage you to review it periodically.

Contact us

If you have any questions about this Privacy Policy or how we handle data, please contact us at [email protected].