Effective date: _to be set on counsel sign-off_
1. Who we are
Aging Sidekick ("Aging Sidekick," "we," "us," "our") provides an AI assistant built for family caregivers. This Privacy Policy explains what information we collect when you use our website and the Aging Sidekick application (together, the "Service"), how we use and share it, and the choices and rights you have.
1.1 We are not a HIPAA-covered entity
Aging Sidekick is a consumer product. We are not a HIPAA-covered entity and the information you give us is generally not "protected health information" under HIPAA. Instead, we treat the health-related information you provide as consumer health data and apply the protections described in this Policy and in our separate Consumer Health Data Privacy Notice.
We are a "vendor of personal health records" subject to the U.S. Federal Trade Commission's Health Breach Notification Rule (HBNR). Our breach-notification commitment is in Section 9.
2. Information we collect
We collect information you give us, information generated when you use the Service, and a limited amount of technical information.
2.1 Information you give us
- Account information — your name, email address, and the credentials used
to sign in (handled by our authentication provider).
- Information about you and your loved one — the details a caregiver enters
about themselves and/or the person they care for: name or nickname, age, living situation, conditions and diagnoses you choose to share, medications, care-team contacts, and similar caregiving context.
- Voice intake — when you use voice intake, we process the audio of what you
say and a text transcript of it.
- Documents, audio, and photos you upload — for example a hospital discharge
summary (PDF), a photo of a medication or pill bottle, or a recording of a visit — together with the plain-language analysis we generate from them.
- Assessment responses — your answers to our assessment templates.
- Life Plans and plan content — the care-organization plans you create or
generate, and the notes you add to them.
- Messages to the AI assistant — the questions you ask and the conversation
history in the assistant.
- Support and contact information — anything you send us when you contact
support or fill out a form.
2.2 Information generated when you use the Service
- AI outputs and derived content — summaries, organized plans, prepared
questions, and similar material the Service generates from your inputs.
- Usage information — features used, actions taken, and usage against any
plan limits (for example, voice-intake minutes used).
2.3 Technical information
- Device and log information — IP address, browser type, device
identifiers, timestamps, and error logs.
- Cookies and similar technologies — used to keep you signed in and to
operate the site.
2.4 Information about your loved one (care-recipient data)
Much of the information in Aging Sidekick is about a care recipient ("your loved one") and is entered by you, the caregiver. You are responsible for having an appropriate basis to share another person's information with us — for example, you are their authorized representative, hold a power of attorney, or have their permission. We rely on you to limit what you share to what is needed for caregiving and to honor any request from your loved one to access or delete their information.
3. How we use information
We use the information described above to:
- provide, operate, and maintain the Service, including voice intake,
assessments, Life Plans, document/audio/photo analysis, and the AI assistant;
- generate the summaries, organized plans, and prepared questions you ask for;
- support curated, cited answers drawn from vetted public and medical sources;
- communicate with you about your account, support requests, and material
changes to the Service or this Policy;
- maintain the security and integrity of the Service and prevent abuse;
- comply with legal obligations and enforce our Terms of Service.
4. Artificial intelligence and how it works
The Service uses AI. So you know what to expect:
- You are interacting with an AI assistant — not a human. We disclose this
at the start of an AI session and on request.
- Aging Sidekick does not provide medical advice. It helps you organize what
your loved one's care team has already told you and prepare better questions for the next visit. It does not diagnose, and it complements — it does not replace — your healthcare team. In an emergency, call your local emergency number.
- We do not use your information to train AI models. We do not use the
content you provide — your inputs, uploads, voice, assessments, Life Plans, or conversations — to train our own or any third party's general-purpose AI/ML models.
5. How we share information
We do not sell your information, and we do not sell consumer health data. We do not share consumer health data for cross-context behavioral advertising. We share information only as described here:
- Service providers (subprocessors). We use vetted vendors to run the
Service — for example authentication/identity, cloud hosting and storage, payment processing, the AI/large-language-model and speech-to-text providers that power voice intake and the assistant, and email delivery. They may process information only on our instructions and under contract.
- At your direction. When you choose to export or share your content.
- Legal and safety. When required by law or legal process, or to protect the
rights, safety, or security of users, the public, or Aging Sidekick.
- Business transfer. In a merger, acquisition, financing, or sale of assets,
subject to this Policy continuing to govern the transferred information.
We maintain a current list of subprocessors.
6. Data retention
We keep your information for as long as your account is active and as needed to provide the Service. When you delete content or your account (see Section 7), we delete it from active systems within a defined period and remove it from backups on our normal backup cycle, except where we must retain limited information to comply with law, resolve disputes, or enforce our agreements.
7. Your choices and rights
- One-click export. You can export your data on demand in both PDF and
JSON formats.
- One-click delete. You can delete your content and your account on demand.
Deletion is irreversible.
- Access and correction. You can review and update the information in your
account.
- Communication choices. You can opt out of non-essential email.
- State privacy rights. Depending on where you live, you may have additional
rights to access, correct, delete, or obtain a portable copy of your personal information, to opt out of certain processing, and to appeal a denied request. We will not discriminate against you for exercising these rights. Rights specific to consumer health data (including the right to withdraw consent) are described in our Consumer Health Data Privacy Notice.
To make a request, contact us using Section 14. We will verify your request before acting on it. You may use an authorized agent where the law allows.
8. Security
We treat your loved one's information with care: encrypted in transit and at rest, access-controlled, and never sold. We restrict internal access to information on a need-to-know basis and maintain administrative, technical, and physical safeguards designed to protect it. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.
9. Data breach notification
If we discover a breach of security affecting unsecured identifiable health information, we will notify affected individuals without unreasonable delay and no later than 60 calendar days after discovery, consistent with the FTC Health Breach Notification Rule. Where a breach affects 500 or more individuals, we will also notify the FTC (and the media where required) within the timeframe the Rule requires. Our notice will describe what happened, the information involved, the steps we are taking, and how you can protect yourself.
10. Children's privacy and who can use the Service
The Service is intended for adults age 18 or older acting as caregivers. It is not directed to children and we do not knowingly collect personal information from children. A care recipient is typically an adult; you remain responsible for the information you enter about them (see Section 2.4).
11. State-specific disclosures
Some U.S. states give residents specific privacy rights and require specific disclosures (for example, California, Colorado, Connecticut, Texas, Oregon, Virginia, and others). The rights summary in Section 7 and our Consumer Health Data Privacy Notice describe how to exercise them. Washington residents: the Consumer Health Data Privacy Notice is the controlling notice for consumer health data.
12. International users
The Service is offered in the United States and intended for U.S. users. Information is processed in the United States.
13. Changes to this Policy
We may update this Policy. If we make a material change, we will provide notice through the Service or by email before the change takes effect, and we will update the effective date above.
14. How to contact us
Questions about this Policy or your information: