Our Privacy Policy
Privacy Policy
Last Updated: September 5, 2025
Introduction
Nxtgen Care (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal information collected through our software platform and services. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our Care and Operation Management platform designed for senior living communities, including assisted living, memory care, skilled nursing, and independent living facilities.
This policy applies to all users of our platform, including residents, family members, staff, and facility administrators. We understand the sensitive nature of healthcare information and are committed to maintaining the highest standards of data protection and privacy.
This policy applies to all users of our platform, including residents, family members, staff, and facility administrators. We understand the sensitive nature of healthcare information and are committed to maintaining the highest standards of data protection and privacy.
Information We Collect
We collect several types of information to provide and improve our services:
Resident Information:
Resident Information:
- First and last names
- Date of birth
- Profile photograph
- Apartment assignment
- Care Group and Care Level
- Care profile settings (scheduled check frequency, enabled alert types, care preferences)
- Real-time location data from assigned RTLS wearable devices
- Physical activity data from wearable devices
- Attendance records for scheduled activities and meals
- Event records based on care profile configurations
- Dwell time records showing time spent in different areas of the facility
- Interaction records showing time spent with other residents and staff
- First and last names
- Email address
- Account password (encrypted)
- Associated residents and relationship information
- First and last names
- Username and password (encrypted)
- Email address
- Profile type and facility role assignments (care assistant, housekeeping, etc.)
- Assigned care groups
- Shift sign-in/sign-out records
- Critical workflow responses
- Real-time location data from assigned RTLS wearable devices during shifts
- Dwell time records showing time spent in different areas of the facility
- Interaction records showing time spent with residents
- Device identifiers and wearable device data
- Geolocation coordinates and geofence information
- Nurse call system event data
- Button press events from wearable devices
- Mobile application usage and performance data
- Platform access logs and security information
How We Collect Information
We collect information through several methods to ensure comprehensive care monitoring and operation management:
Our primary data collection occurs through an integrated RTLS hardware system, which continuously tracks the real-time geolocation of wearable devices within a facility.
We also collect information directly from users through our platform interfaces, including resident profiles, resident contact profiles and staff profiles.
Additionally, we receive data through integrations with existing facility systems, particularly nurse call systems that send event information when pullcords or other emergency devices are activated.
User interactions with our mobile applications and web portals generate usage data, helping us understand how our services are being utilized and identify opportunities for improvement.
Our primary data collection occurs through an integrated RTLS hardware system, which continuously tracks the real-time geolocation of wearable devices within a facility.
We also collect information directly from users through our platform interfaces, including resident profiles, resident contact profiles and staff profiles.
Additionally, we receive data through integrations with existing facility systems, particularly nurse call systems that send event information when pullcords or other emergency devices are activated.
User interactions with our mobile applications and web portals generate usage data, helping us understand how our services are being utilized and identify opportunities for improvement.
How We Use Information
We use the collected information exclusively to provide, maintain, and improve our senior living care platform services:
The primary purpose of our data collection is to enhance resident safety and care quality. Real-time location data enables staff to quickly locate residents in emergency situations and ensure appropriate care coverage throughout the facility.
We analyze the collected data to generate insights about resident engagement, staff efficiency, and facility operations. This information helps care teams make informed decisions about staffing levels, activity programming, individual care plans, etc.
Alert systems use resident profile information and location data to automatically notify appropriate staff members when residents require assistance or when potential safety concerns arise. Response tracking helps ensure accountability and continuous improvement in care delivery.
We also use collected data to generate reports for facility management, helping them understand operational trends, compliance with care protocols, and opportunities to enhance resident experiences.
Technical information is used to maintain platform security, troubleshoot issues, and ensure optimal performance.
The primary purpose of our data collection is to enhance resident safety and care quality. Real-time location data enables staff to quickly locate residents in emergency situations and ensure appropriate care coverage throughout the facility.
We analyze the collected data to generate insights about resident engagement, staff efficiency, and facility operations. This information helps care teams make informed decisions about staffing levels, activity programming, individual care plans, etc.
Alert systems use resident profile information and location data to automatically notify appropriate staff members when residents require assistance or when potential safety concerns arise. Response tracking helps ensure accountability and continuous improvement in care delivery.
We also use collected data to generate reports for facility management, helping them understand operational trends, compliance with care protocols, and opportunities to enhance resident experiences.
Technical information is used to maintain platform security, troubleshoot issues, and ensure optimal performance.
Information Sharing and Disclosure
We maintain strict controls over information sharing and only disclose personal information in specific, limited circumstances:
Within The Facility: Information is shared among authorized staff members within your senior living community as necessary to provide appropriate care and ensure resident safety. Access controls ensure that staff only see information relevant to their assigned care groups and facility roles.
Family Dashboard Access: Authorized Resident Contact users can access high-level care information about their associated resident family members through our Family Dashboard portal.
Service Providers: We may share information with trusted third-party service providers who assist in delivering our platform services, including our cloud infrastructure provider Amazon Web Services (AWS). All service providers are contractually required to maintain appropriate data protection standards and use information solely for providing services to us.
Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Nxtgen Care, our users, or others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate data protection commitments.
We do not sell, rent, or otherwise commercially exploit personal information, nor do we share information with third parties for their own marketing purposes.
Within The Facility: Information is shared among authorized staff members within your senior living community as necessary to provide appropriate care and ensure resident safety. Access controls ensure that staff only see information relevant to their assigned care groups and facility roles.
Family Dashboard Access: Authorized Resident Contact users can access high-level care information about their associated resident family members through our Family Dashboard portal.
Service Providers: We may share information with trusted third-party service providers who assist in delivering our platform services, including our cloud infrastructure provider Amazon Web Services (AWS). All service providers are contractually required to maintain appropriate data protection standards and use information solely for providing services to us.
Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Nxtgen Care, our users, or others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate data protection commitments.
We do not sell, rent, or otherwise commercially exploit personal information, nor do we share information with third parties for their own marketing purposes.
Data Security and Protection
We implement comprehensive security measures to protect personal information from unauthorized access, use, disclosure, alteration, or destruction:
All data is encrypted both in transit and at rest using industry-standard encryption protocols. Our cloud infrastructure is provided by Amazon Web Services (AWS), which maintains SOC 2 Type II compliance and other rigorous security certifications.
We employ multi-layered access controls, ensuring that platform users can only access information necessary for their specific roles and responsibilities. Regular security assessments and vulnerability testing help identify and address potential risks.
Our development and operational practices follow security best practices, including secure coding standards, regular security training for our team, and incident response procedures to address any potential security events.
While we implement robust security measures, no system is completely immune to security risks. We encourage all users to maintain strong passwords and follow security best practices when accessing our platform.
All data is encrypted both in transit and at rest using industry-standard encryption protocols. Our cloud infrastructure is provided by Amazon Web Services (AWS), which maintains SOC 2 Type II compliance and other rigorous security certifications.
We employ multi-layered access controls, ensuring that platform users can only access information necessary for their specific roles and responsibilities. Regular security assessments and vulnerability testing help identify and address potential risks.
Our development and operational practices follow security best practices, including secure coding standards, regular security training for our team, and incident response procedures to address any potential security events.
While we implement robust security measures, no system is completely immune to security risks. We encourage all users to maintain strong passwords and follow security best practices when accessing our platform.
Data Retention and Deletion
We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with applicable legal requirements:
Active user accounts and associated data are maintained while the user relationship continues and the information remains necessary for providing our services.
When resident, resident contact, or staff profiles are deleted from our system, we begin a de-identification process that removes personally identifiable information within 31 days. This ensures that individual identity cannot be determined from any remaining system data.
Aggregated, de-identified data may be retained longer for analytical and reporting purposes, as this information cannot be linked back to specific individuals.
We maintain application and usage logs for appropriate periods to ensure platform integrity and investigate any potential security incidents.
Active user accounts and associated data are maintained while the user relationship continues and the information remains necessary for providing our services.
When resident, resident contact, or staff profiles are deleted from our system, we begin a de-identification process that removes personally identifiable information within 31 days. This ensures that individual identity cannot be determined from any remaining system data.
Aggregated, de-identified data may be retained longer for analytical and reporting purposes, as this information cannot be linked back to specific individuals.
We maintain application and usage logs for appropriate periods to ensure platform integrity and investigate any potential security incidents.
Your Privacy Rights and Choices
Depending on your location and applicable laws, you may have certain rights regarding your personal information:
Access and Portability: You may request access to the personal information we maintain about you and, in some cases, receive a copy of that information in a portable format.
Correction and Updates: You can request that we correct or update inaccurate or incomplete personal information.
Deletion: You may request deletion of your personal information, subject to legal requirements and legitimate business needs.
Restriction and Objection: In certain circumstances, you may request that we restrict processing of your personal information or object to specific uses.
To exercise these rights or ask questions about your personal information, please contact us using the information provided in the “Contact Us” section below. We will respond to requests in accordance with applicable law and may need to verify your identity before processing certain requests.
Access and Portability: You may request access to the personal information we maintain about you and, in some cases, receive a copy of that information in a portable format.
Correction and Updates: You can request that we correct or update inaccurate or incomplete personal information.
Deletion: You may request deletion of your personal information, subject to legal requirements and legitimate business needs.
Restriction and Objection: In certain circumstances, you may request that we restrict processing of your personal information or object to specific uses.
To exercise these rights or ask questions about your personal information, please contact us using the information provided in the “Contact Us” section below. We will respond to requests in accordance with applicable law and may need to verify your identity before processing certain requests.
Children's Privacy
Our platform is designed for senior living communities and is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will provide notice through our platform or other appropriate means.
The “Last Updated” date at the top of this policy indicates when the most recent changes were made, and are effective immediately. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
The “Last Updated” date at the top of this policy indicates when the most recent changes were made, and are effective immediately. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Compliance with Healthcare Regulations
As a provider of technology services to healthcare and senior living facilities, we understand the importance of compliance with applicable healthcare privacy regulations, including HIPAA and PIPEDA where applicable. Our platform is designed to support facilities in maintaining their compliance obligations, and we work closely with our clients to ensure appropriate safeguards are in place.
Facilities using our platform retain responsibility for ensuring their use of our services complies with all applicable healthcare privacy and security regulations.
Facilities using our platform retain responsibility for ensuring their use of our services complies with all applicable healthcare privacy and security regulations.
Contact Us
If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:
Nxtgen Care
Email: security@nxtgencare.com
Address:
For urgent privacy concerns or to report potential security incidents, please contact us immediately using the contact information above.
We are committed to addressing your privacy questions and concerns promptly and thoroughly.
Nxtgen Care
Email: security@nxtgencare.com
Address:
202A-300 Prince Albert Rd
Dartmouth, NS
B2Y 4J2
Canada
For urgent privacy concerns or to report potential security incidents, please contact us immediately using the contact information above.
We are committed to addressing your privacy questions and concerns promptly and thoroughly.