SeniorThrive Privacy & Data Sharing Policy

Account & Contact:

Name, email, phone number, password.

Device & Usage:

Device type, operating system, IP address, browser type, features used, errors encountered.

Location (with your consent):

Precise or coarse GPS data to enable location-based services.

Profile & User-Generated:

Photos you upload, free-text entries, support requests.

Health & Fitness (if you opt in):

• PHI: Activities of Daily Living (ADL), Instrumental ADL, BMI, medication logs, fall incidents, wellness check-ins, mood/symptom tracking, vital signs.
• Non-PHI: Aggregate metrics (ThriveScore), general activity counts.

Household & Environmental:

Room Check photos, pet information, household to-do lists.

Financial (if you transact):

Payment details collected via secure third-party processors (we never store full card numbers).

Cookies & Tracking:

• We use cookies, beacons, and similar technologies for analytics and personalization.
• Marketing Cookies (Optional): If you opt in, we and selected third parties may use these to measure ad performance and serve relevant ads.

Product Analytics (SeniorThrive Web Application):

Within the SeniorThrive web application, we use PostHog (PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States) to understand how our service is used and to improve the experience. PostHog acts as our data processor under a Data Processing Agreement and stores data in the United States. PostHog receives a pseudonymous user ID and event data describing your interactions with the platform (such as page views and sign-in events). PostHog does not receive your name, email address, home address, phone number, date of birth, medications, home safety photos, assessment results, care plan, role (senior, family member, or caregiver), or any information about your health or care relationships. Session recording is disabled. We load PostHog only after you grant Tier 3 (Marketing & Analytics) consent, and we honor the Global Privacy Control (GPC) browser signal as a universal opt-out.

Cookie Banner Controls:

Our cookie banner offers at least three tiers, Necessary, Functional, and Marketing. You choose which to allow.

Browser Settings:

You can disable or block third-party cookies in your browser (Chrome, Safari, Firefox, etc.).

Do-Not-Track:

While browsers may send a "Do Not Track" signal, enforcement varies. Use your cookie banner choices and browser settings for reliable control.

App Functionality & Security:

To provide, maintain, and secure our Services, including authentication, fraud prevention, uptime monitoring, customer support.

Personalization & Analytics:

Content recommendations, troubleshooting, feature testing, service improvement.

Care Collaboration (ThriveCircle):

With your explicit approval, share precise data categories with caregivers and family as detailed in the ThriveCircle Addendum.

Communication:

Notifications, onboarding emails, product updates, service announcements (you control marketing opt-in/out).

Third-Party Services & Advertising:

We share information with third-party service providers who assist us in operating our Services, only under strict confidentiality agreements (including Business Associate Agreements where PHI is involved). Advertising data is shared only with your opt-in.

Legal Compliance:

Responding to lawful requests from public and government authorities, complying with legal processes, enforcing our terms and conditions, protecting our operations or those of any of our affiliates, protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others; and allowing us to pursue available remedies or limit the damages that we may sustain.

Business Transfers:

In a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be sold or transferred as part of that transaction. Your rights and protections regarding your PHI will travel with it.

Referral Introductions:

If you request a referral through SeniorThrive, we may collect details you provide (such as your name, contact information, and general description of your home safety or accessibility needs) to help identify an appropriate service provider. We may share only the necessary details with potential providers to facilitate an introduction. We do not sell or rent this information, and we encourage you to review the privacy practices of any provider you choose to engage.

AI-Powered Features:

The following features use Google's Gemini AI models, which we access through Google Cloud's Vertex AI platform provided by Google LLC under enterprise data processing terms. References to "Google Gemini" below refer to processing through this platform:

• Room Check: Photos you upload of your home rooms are sent to Google Gemini for analysis to identify potential safety considerations.
• AI Companions: Messages you send to AI companions (Clarity, Riley, Luigi, Buddy, Sage, Harper, Morgan, Navigator) are processed by Google Gemini. With your consent, companions may also access specific data categories (such as Room Check results, wellness logs, daily check-ins, or care plans) to personalize their responses.
• Health Information Finder: Search queries you enter about health topics are sent to Google Gemini to generate informational content.
• Medication Label Reader: Photos of medication labels you upload are sent to Google Gemini to extract medication details such as name, dosage, and instructions.
• Scam Checker: Text you submit for scam analysis is sent to Google Gemini to assess whether it may be fraudulent.
• Plant Identification: Photos of plants you upload are sent to Google Gemini for identification.
• Hobby Explorer: Hobby-related content is generated using Google Gemini based on topics you select.
• Voice Notes: Audio recordings submitted by caregivers are processed for transcription.
• Questionnaire Analysis: Your responses to profile questionnaires may be processed to generate personalized recommendations.
• Care Plan Generation: Assessment data (including ADL and IADL scores) may be processed by AI to help generate care plan recommendations.
• Care Pack Insights: Care pack information may be processed by AI to generate contextual insights for caregivers.

AI Data Handling:

We process your data through Google Cloud's Vertex AI platform under Google's enterprise data processing terms and Data Processing Addendum. Under these terms: (1) Google does not use your data, prompts, or AI outputs to train or improve Google's foundation AI models; (2) Google acts as our data processor with respect to your data, not as an independent controller; (3) Google may retain input and output data for up to 30 days solely for abuse and safety monitoring, after which it is deleted; and (4) data is processed within Google Cloud regions we select. We do not permit any AI sub-processor to use your data for purposes beyond providing the service to SeniorThrive.

AI Limitations:

AI-generated content is provided for informational purposes only and may contain errors, omissions, or inaccuracies. AI outputs do not constitute medical advice, professional home safety assessments, or clinical recommendations. You should not rely solely on AI-generated information and should always consult qualified professionals for medical, safety, or care decisions.

Automated Decision-Making:

SeniorThrive uses automated processing to compute your ThriveScore (a composite wellness, safety, and connection metric) and to assess medication risk profiles based on FDA data. These computations are performed on our own servers and do not involve external AI services. No automated decision has binding legal or similarly significant effects on you. You may contact us at [email protected] to request information about how automated processing applies to your account.

Google Services:

• Google Calendar: If you connect your calendar, appointment details (event titles, times, locations, and attendees) are synced with Google Calendar via their API.
• Google Photos: If you connect Google Photos, we access your photos and albums with your OAuth authorization. We request read-only access.
• Google Maps: Address and location data may be sent to Google Maps for geocoding and location-based features.
• YouTube API: Enables video features (e.g., embedded tutorials, SeniorThrive Explores series). Search queries are sent to YouTube.

Health Data Services:

• FDA openFDA API: Medication names (without any personal identifiers) are sent to the U.S. Food and Drug Administration's public API to retrieve drug label information and recall data.
• MyHealthFinder (HHS): Demographic information (age and sex, without personal identifiers) may be sent to the U.S. Department of Health and Human Services to retrieve personalized health recommendations.

Product and Content Services:

• Book Search: Book search queries are sent to Google Books, Open Library, and the New York Times Bestseller API.
• Product Search: Product search queries may be sent to SerpAPI for product discovery.

Other Integrations:

Fitness trackers (such as Oura, Fitbit, and Withings), analytics platforms, and other third-party services we integrate with are vetted for appropriate privacy and security standards, including data processing agreements where applicable.

Third-Party Privacy Policies:

By using SeniorThrive features that interact with Google services, you also agree to Google's Terms of Service and Privacy Policy. We encourage you to review the privacy practices of all third-party services you connect through SeniorThrive.

Access & Correction:

View or edit your account details and PHI entries at any time through your account settings.

Export & Deletion:

Download your data (e.g., in CSV/JSON format) or request permanent deletion of your account and associated data, subject to legal retention requirements and our data retention policies.

Consent Management:

Toggle data-sharing settings in Settings → Privacy, especially for ThriveCircle features.

Cookie Controls:

Adjust cookie preferences via our cookie banner or your browser settings.

Email Opt-Out:

Every marketing email footer has an "Unsubscribe" link; you can also adjust preferences under Settings → Notifications.

Children's Privacy:

We do not knowingly collect personal information from children under 13 (or a higher age threshold where applicable by law). Our services are not directed to children. If we learn we have collected a child's personal information, we will promptly delete it.

California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: Request the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• Delete: Request deletion of your personal information, subject to certain exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt Out of Sale/Sharing: SeniorThrive does not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (including health data) to purposes necessary to provide the Services.
• Non-Discrimination: We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

You may designate an authorized agent to make a request on your behalf. We may require verification of your identity before fulfilling any request.

Washington (My Health My Data Act)

If you are a Washington resident, the My Health My Data Act provides you with specific rights regarding consumer health data, which includes information SeniorThrive collects such as medication information, wellness check-ins, vital signs, Room Check results, and any health-related search or symptom entries. These rights do not extend to our product-analytics telemetry (page views and sign-in events sent to PostHog), which does not identify your health status, conditions, role, or care relationships. Your rights with respect to your consumer health data include:

• Consent: We will obtain your consent before collecting or sharing your consumer health data, except as necessary to provide the Services you requested.
• Access: You may request confirmation of whether we are collecting or sharing your consumer health data.
• Deletion: You may request deletion of your consumer health data.
• Withdrawal: You may withdraw consent for future collection or sharing of your consumer health data.

Colorado, Connecticut, Virginia, and Texas

If you reside in Colorado, Connecticut, Virginia, or Texas, you generally have the right to:

• Confirm whether we are processing your personal data and access that data.
• Correct inaccuracies in your personal data.
• Delete your personal data.
• Obtain a portable copy of your personal data.
• Opt out of targeted advertising, sale of personal data, and profiling that produces legal or similarly significant effects.
• Automated Decision-Making (Colorado, Connecticut): You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. You may also request information about the logic used in automated processing that affects you.

If we decline your request, you may appeal by contacting us at [email protected] with the subject line "Privacy Rights Appeal."

Opt-In Required:

During signup, you explicitly consent to receive emails, each opt-in is logged with a timestamp.

Confirmation Email:

After you opt in, we send a verification link before any regular communications begin.

Types of Messages:

Welcome/onboarding, wellness reminders, product updates, community news, legal/security notices.

Withdraw Consent:

Use the "Unsubscribe" link in any email or adjust in Settings → Notifications.

Third-Party Delivery:

We use trusted providers (e.g., Dreamlit, OneSignal) under strict confidentiality; we never sell your email address.

SeniorThrive LLC
Attn: Privacy Officer
5436 Via Carrizo, Laguna Woods, CA 92637
Email: [email protected]

Key Definitions

Role-Based Permissions & PHI

Consent Workflows & Modals

We use clear, step-by-step consent processes:

Audit & Revocation

Data Retention & Portability