CareLinkCareLink HomeSign in

Privacy Policy

How CareLink Home collects, uses, and protects your personal and health information.

1. About this policy

CareLink Home is a subscription service operated by CareLink NZ Limited. It is designed to help families, whānau, and carers of people with intellectual disabilities record, manage, and share care information across a person's lifetime.

This policy explains how we collect, use, store, and protect personal information and health information when you use CareLink Home. CareLink NZ Limited is committed to compliance with the New Zealand Privacy Act 2020 and the Health Information Privacy Code 2020 (HIPC). For Australian residents, we also align with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy does not limit or exclude any rights you have under the Privacy Act 2020. More information is available from the Office of the Privacy Commissioner at privacy.org.nz. Australian residents may also contact the Office of the Australian Information Commissioner at oaic.gov.au.

2. Who this policy covers

This policy applies to everyone who uses CareLink Home:

  • Account owners — the person who creates and manages a CareLink Home account
  • Family members and whānau — people added by the owner to share access
  • Support workers/Carers — professionals granted time-limited access by the owner
  • Read-only viewers — anyone granted limited view access by the owner

3. What information we collect

Account information

  • Your name and email address
  • Your password (stored as a secure one-way hash — we never see your password)

Person profile

  • The full name, preferred name, and date of birth of the person being supported

Care records (entered by you)

  • Support notes and journal entries
  • Goals and progress milestones
  • Behaviour support records and incident notes
  • Health information: medications, appointments, conditions, and observations
  • Financial records: expenses and funding source tracking
  • Care plan: routines, preferences, and communication needs

Payment information

Subscription billing is handled by a third-party payment processor. We store your billing name, email, and the last four digits of your payment method for reference. We do not store full card numbers or CVV codes. Our payment processor is PCI-DSS certified.

Technical data

  • Session tokens and authentication state
  • IP address and device or browser information, used for security and fraud prevention
  • Audit log entries for sensitive actions such as access grants and data exports

4. Health information

CareLink Home processes health information about the person being supported. We treat this with the highest level of care under the Health Information Privacy Code 2020 (HIPC).

Health information you record in CareLink Home — including medications, diagnoses, appointments, and observations — is collected solely to support the care and wellbeing of the named person. It is not used for advertising, analytics, research, or any purpose beyond providing the service to you.

Health information is never disclosed to third parties except as described in this policy, and only with your explicit action (such as generating a shared report).

5. Who owns your data

You own your data. CareLink NZ acts as a data processor — we store and transmit your information to provide the service, but we do not use it for our own purposes.

The account owner controls what is recorded, who can access it, and when access is revoked. Access granted to a support worker/carer can be removed by the owner at any time. The data stays with the family.

CareLink NZ is not responsible for any information shared, disclosed, or distributed by any user of the platform — including the account owner, family members, support worker/carers, or any person granted access. All decisions about what to record and who to share it with rest solely with the account holder.

6. Access roles and sharing

Access to person records is role-based and controlled entirely by the account owner. The following roles are available:

  • Owner — full read and write access to all records
  • Family members — read and write access, as configured by the owner
  • Support workers/Carers — time-limited access, set with an explicit expiry date by the owner
  • Read-only viewers — view-only access via a time-limited share link (7-day default expiry)

CareLink NZ staff do not access your care records in normal operations. In the event of a security incident, access may be required for investigation. We will notify you where possible and lawful.

7. Where your data is stored

Your care records are stored in a database hosted in Sydney, Australia (AWS ap-southeast-2). Australia provides privacy protections comparable to New Zealand's under the Australian Privacy Act 1988.

The CareLink Home application is delivered through third-party contractors who provide hosting, content delivery, security, and payment processing services. Billing data processed by our payment contractor may be stored outside New Zealand and Australia; we require those contractors to apply appropriate security and privacy safeguards. No sensitive personal or health data is cached by hosting or delivery contractors — they are used for application delivery and security only.

8. Security

We take reasonable steps to protect your personal and health information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures include technical, organisational, and administrative safeguards appropriate to the sensitivity of the information we hold.

No method of transmission or storage is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@carelink.co.nz.

9. Retention and deletion

We retain your information for as long as your account is active or as required by applicable law. The following retention periods apply:

  • Active subscribers — your data is retained for as long as your subscription remains active. A lapsed subscription never blocks access to your existing records.
  • Cancelled or lapsed subscriptions — your data is retained for 90 days after your subscription expires or is cancelled. We will send an email reminder before deletion. You may reactivate your subscription or request an export at any time during this period.
  • Free trials that were not converted — if a trial account is not converted to a paid subscription, account data will be deleted 30 days after the 7-day trial expires.

You can export your data or delete your account directly within CareLink Home at any time. You may also request this by contacting us at privacy@carelink.co.nz. On receiving a deletion request, we will permanently delete all person records, care data, and account information within 30 days, except where retention is required by law.

10. Your rights

Under the Privacy Act 2020 and the HIPC, you have the right to:

  • Access — you can view all personal and health information we hold about you directly within CareLink Home at any time
  • Correction — you can update and correct your information directly within CareLink Home at any time
  • Deletion — request permanent deletion of your data
  • Portability — you can export your care records directly from within CareLink Home at any time
  • Opt out — withdraw consent to communications at any time

For deletion or opt-out requests, contact us at privacy@carelink.co.nz. We may need to verify your identity before responding. We will respond within the timeframe required by the Privacy Act 2020.

If you believe your privacy rights have been breached, you may contact us or lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz.

11. Cookies and session data

CareLink Home uses cookies and similar technologies that are required for the application to function and to provide a smooth, responsive experience. We also use third-party services for security purposes, such as detecting suspicious activity and protecting your account. We do not use advertising cookies or third-party tracking for marketing purposes.

12. People with disabilities, children, and whānau

CareLink Home is specifically designed to support people with intellectual disabilities — including children and adults — to record, manage, and share their own care information. We believe the person should be at the centre of their own care planning, and CareLink Home is built to support that.

The person being supported may be any age. Account ownership is restricted to adults (18+). A family member or guardian may create and manage an account on behalf of their person — including children or adults who may not have capacity to manage an account themselves. In doing so, the account holder accepts full responsibility for all information recorded, who it is shared with, and how it is used. CareLink NZ provides the platform only and is not responsible for the accuracy, completeness, or appropriateness of any information entered by any user.

13. Changes to this policy

We may update this policy from time to time. We will notify account owners by email if we make material changes. The "last updated" date at the top of this page reflects the most recent revision.

14. Contact

For privacy questions, data access requests, or complaints:

CareLink NZ Limited

Email: privacy@carelink.co.nz

Web: CareLink NZ website

Terms of Service →