# Privacy Policy
_Last updated: {{add date}}_
HelloDear! (“we”, “us”, “our”) is committed to protecting your privacy and ensuring the responsible handling of personal data.
This Privacy Policy explains how we collect, use, store, and protect information when families, care teams, or older adults (“Participants”) use our Service.
By using HelloDear!, you agree to this Privacy Policy.
---
## 1. About HelloDear!
HelloDear! provides wellbeing support through:
- natural phone conversations
- non-clinical wellbeing signals
- weekly digests for families
- SBAR-style summaries for care teams
- priority trends and missed-call patterns
We do **not** provide medical or diagnostic services.
---
## 2. Data We Collect
We collect data in three categories:
### 2.1. Information You Provide
- Participant’s name and phone number
- Contact details of family members or care teams
- Preferred calling window and consent status
- User settings, permissions, and sharing preferences
- Optional notes provided by family or professionals
### 2.2. Conversation-Related Data
When HelloDear! calls the Participant, we may collect:
- call metadata (time, duration, success/failure)
- conversation summaries (text only)
- non-clinical wellbeing signals, including:
- mood impressions
- sleep regularity patterns
- activity/routine context
- hydration mentions
- medication adherence confirmations
- conversation tempo, pauses, or hesitation
- missed-call patterns
- stability/variability trends
**We do NOT record or store full audio conversations.**
We store only structured summaries and extracted wellbeing signals.
### 2.3. Technical Data
- Device/browser information (for families or care teams using the dashboard)
- Log data (IP address, timestamps, security events)
- Cookies for session and authentication
---
## 3. How We Use Your Data
We use data to provide and improve the Service, including:
- conducting scheduled phone calls
- generating weekly digests for families
- generating SBAR-style summaries for care teams
- surfacing non-clinical signals and multi-day trends
- improving conversation quality and wellbeing detection
- ensuring operational integrity and security
- complying with legal and regulatory requirements
We never use data for automated medical diagnosis.
---
## 4. Legal Basis for Processing
Under GDPR, we rely on the following legal bases:
- **Consent** — for contacting the Participant and processing wellbeing-related conversations
- **Legitimate Interest** — for service reliability, preventing abuse, operational analytics
- **Contract** — when providing the Service to paying users
- **Legal Obligation** — for data access requests, retention rules
Consent can be withdrawn at any time.
---
## 5. How We Store and Protect Data
We implement strict safeguards:
- All primary data is stored **within the EU** (or GDPR-equivalent regions)
- Encryption in transit (TLS) and at rest
- Access control and audit logs
- Role-based access for family members and care teams
- Secure backups and disaster recovery
- Minimal data retention aligned with consent and regulations
We do **not** sell or share data with advertisers or third-party marketers.
---
## 6. Sharing of Data
We may share limited data only with:
### 6.1. Authorized family members or care teams
Based on permissions and configured roles.
### 6.2. Service providers
Trusted partners who help us with:
- call delivery
- analytics
- hosting & infrastructure
- customer support
All partners are GDPR-compliant and bound by Data Processing Agreements (DPAs).
### 6.3. Legal requirements
We may disclose data if required by law, regulation, or lawful request.
---
## 7. Data Retention
We retain data only as long as necessary to:
- provide the Service
- meet legal obligations
- maintain operational continuity
Conversation summaries and signals are periodically reviewed for retention minimization.
Users may request deletion at any time.
---
## 8. Your Rights (GDPR)
You or the Participant have the right to:
- access your data
- correct inaccurate data
- request deletion (“right to be forgotten”)
- restrict processing
- withdraw consent
- request data portability
- object to processing
To exercise any rights, contact us at:
📧 **hello@hellodear.ai**
---
## 9. Participant Consent
By enrolling an older adult (“Participant”), you confirm that:
- you have obtained their informed consent, **or**
- you have legal authority to act on their behalf
The Participant may revoke consent at any time.
---
## 10. International Transfers
We do not transfer personal data outside the EU unless:
- adequate protection mechanisms are in place, or
- the region is recognized as GDPR-compliant.
---
## 11. Children’s Privacy
HelloDear! is not intended for children under 16.
We do not knowingly process children’s data.
---
## 12. Changes to This Privacy Policy
We may update this Privacy Policy periodically.
If changes are significant, we will notify you by email or through the Service.
Continued use of HelloDear! constitutes acceptance of the updated policy.
---
## 13. Contact Us
For questions, support, or privacy inquiries:
📧 **hello@hellodear.ai**