Trust & Compliance
Families trust us with the people they love most, and with their personal information. Here is exactly how we honor both, in plain language.
Licensing & care standards
Graceful Homes operates as a fully state-licensed residential group home. That means regular unannounced inspections, verified staffing ratios, medication administration audits, and published inspection reports. Any family may request our latest inspection results at any time. No appointment, no paperwork.
- All caregivers are certified, background-checked, and receive ongoing training in first aid, medication management, dementia care, and resident rights.
- Awake staff are present 24 hours a day, every day.
- Emergency preparedness plans are drilled quarterly and reviewed with the fire marshal annually.
Health information: HIPAA-aligned practices
Resident health information is handled under strict safeguards aligned with the HIPAA Privacy and Security Rules:
- Minimum necessary access: staff see only the health information they need for their role.
- Encryption: health records are encrypted in transit and at rest in our care-management systems.
- Consent-based sharing: information is shared with family members only according to the resident's documented wishes and legal authorizations.
- Business associate agreements: every vendor that touches health information signs a BAA and is security-reviewed.
- Training and audits: every team member completes annual privacy training; access logs are reviewed regularly.
Our public website deliberately collects no health information. Medical details are discussed only through secure channels during admissions.
Personal data: GDPR-ready rights for everyone
We extend GDPR-grade data rights to every family, regardless of where you live: the right to access, correct, erase, restrict, and port your data, and to withdraw consent at any time. Details and how to exercise them are in our Privacy Policy. Our website uses no marketing trackers and asks for explicit consent before any analytics run.
Security: built on SOC 2 & ISO 27001 principles
Our digital operations follow the security principles at the heart of SOC 2 and ISO/IEC 27001, the standards used by the most trusted technology companies:
- Access control: unique accounts, strong authentication, and role-based permissions across all systems.
- Encryption everywhere: TLS for all web traffic; encrypted storage for records.
- Vendor management: we choose vendors that hold SOC 2 Type II and/or ISO 27001 certifications for our care-management, communication, and hosting systems.
- Incident response: a documented plan with defined notification timelines for families and regulators.
- Continuous review: periodic risk assessments and independent security reviews.
A note on honesty: SOC 2 and ISO 27001 are formal certifications that organizations earn through independent audits. We build to those standards and select certified vendors; where formal certification status matters to your decision, ask us and we'll show you exactly where we stand, including our vendors' audit reports. We'd rather earn your trust with transparency than with logos.
Accessibility commitment
This website is designed to meet WCAG 2.1 AA accessibility guidelines: keyboard navigation, screen-reader support, strong color contrast, and on-page controls for larger text, high contrast, and reduced motion. If anything is hard to use, tell us at access@gracefulhomes.com and we will fix it.
Questions, concerns, or reports
- Privacy requests: privacy@gracefulhomes.com
- Care concerns: our Care Director, 24/7, at (555) 014-2400
- Anonymous feedback: available through the family portal or by mail