Skip to main content
Dorevanti

Privacy Policy

Last updated: April 2, 2026

1. Information We Collect

Account data: When you create an account, we collect your email address and store a securely hashed password.

Care planning inputs: You voluntarily provide age, health status, ZIP code, monthly income, total assets, home value, veteran status, number of ADL limitations, and long-term care insurance details. This data is used solely to generate your aging-in-place versus facility care crossover analysis. Free-tier inputs are processed in your browser session and not persisted server-side.

Usage data: We collect API request logs including timestamps, endpoints, and response codes for billing and abuse prevention. No personal health or financial inputs are included in request logs.

2. How We Use Your Information

We use your information to compute care cost crossover projections, Medicaid spend-down timelines, and VA benefit eligibility assessments. Account data is used for authentication and subscription management. Anonymized, aggregated data may be used to improve our models. We do not sell, rent, or share your personal, health, or financial information with third parties for marketing purposes.

3. Email Communications

We send transactional emails for subscription confirmations, password resets, and important service updates. We do not send unsolicited marketing emails. You may opt out of non-essential communications at any time.

4. Cookies

Dorevanti uses only essential cookies for session management and authentication. We do not use third-party tracking cookies, advertising pixels, or behavioral analytics scripts. No cross-site tracking is performed.

5. Third-Party Services

We use Stripe for payment processing. Stripe receives your email and subscription tier and is governed by Stripe's Privacy Policy. We use Cloudflare for hosting infrastructure. No elder care data or personal health information is shared with any third party.

6. Data Retention

Account data is retained while your account is active plus 30 days after deletion. API request logs are retained for 90 days. Upon account deletion, all personally identifiable data is purged within 30 days. Anonymized audit logs may be retained for compliance purposes.

7. CCPA Rights (California Residents)

California residents have the right to know what personal information we collect, to request deletion of their data, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, use the DELETE /v1/account API endpoint or email privacy@smarttechinvest.com. We process CCPA requests within 45 days.

8. Security

All data is encrypted in transit via TLS 1.3 and at rest via AES-256. Passwords are hashed with bcrypt. API keys are generated using cryptographically secure random functions. We use parameterized database queries and enforce secure HTTP headers.

9. Contact

For privacy-related inquiries, contact privacy@smarttechinvest.com.