Healthia Family Privacy Policy
About this policy. The Healthia Family app lets you support a linked senior — view brief health summaries, send check-in messages, and start identity-verification video calls. This policy explains how we handle your caregiver data and how access to a senior's data works. The senior is the data subject for their own information and is governed by the separate Senior Privacy Policy.
1. Who we are
Healthia ("we", "us") operates this app and acts as the Controller of your caregiver information. For data of the linked senior, we act as a Processor under instructions defined by the senior's consents.
Contact: privacy@healthia.app
2. Information about you (the caregiver)
| Category | Examples |
|---|---|
| Identifiers | Phone, email, device IDs, push tokens |
| Personal information | Display name, relationship label (e.g., "son", "daughter") |
| Internet / electronic activity | App usage logs, feature timestamps |
| Audio / visual (during calls) | Video and microphone streams during Zoom-based calls (not retained by us) |
3. Access to the linked senior's data
Once a senior accepts your family link and grants the optional "family senior data read" consent, you may view selected summaries of their data:
- Daily health summary (sleep, activity, mood)
- Meal photos and analyses (only if the senior also grants the "medical image" consent)
- Care events (the senior's reminders, plan completion status)
- Recent location summary at city / district level (only if the senior grants the "location" consent)
You access this data through the senior's consents. If the senior withdraws any consent, your access is automatically restricted within minutes. You do not have any independent right to retain or download the senior's data.
4. Purposes of use
- Display the senior's status and care events to support their well-being
- Send video calls for identity verification when the senior loses their phone
- Receive push notifications about events the senior has approved sharing
- Provide guidance to you on supporting the senior (AI-generated summaries)
- Legal compliance, fraud prevention, and security auditing
5. Service providers
| Recipient | Data sent | Purpose |
|---|---|---|
| Zoom Video SDK | Video and audio streams during a call | Identity verification call. BAA in place. |
| Apple Push / Google FCM | Push token, notification payload | Notification delivery. |
| Supabase (infrastructure) | Caregiver profile, link records | Service operation. BAA in place. |
| Google Vertex AI (Gemini) | Family-guidance text generation inputs | Only when the senior has enabled family guidance. Enterprise terms — no model training. |
6. Do Not Sell or Share notice
We do not sell or share your caregiver data, nor the senior's data, for advertising. Protection applies automatically.
7. Confidentiality obligation
You must keep the senior's data confidential. Do not share it with persons unrelated to the senior's care without the senior's prior consent. Misuse of the senior's data violates these Terms and may also violate state privacy laws applicable to the senior (e.g., WMHMDA in Washington).
8. Video call data (Zoom Video SDK)
Video calls between you and the senior are routed through the Zoom Video SDK. Streams are end-to-end encrypted in transit. We do not record, store, or analyze the call contents. Zoom retains stream metadata under their own contractual terms.
9. Push notifications
You receive push notifications only for events the senior has approved sharing (e.g., reminder completion, requested check-ins). You may disable notifications in-app or in the OS settings at any time. Disabling does not affect the link itself.
10. Retention
- Active retention while your caregiver account is in use.
- After 24 months of inactivity we will notify and deactivate.
- Account deletion: caregiver data removed within 30 days. Senior data access ceases immediately upon unlink — we do not retain copies on your device.
11. Your rights
You have the same set of rights (Know, Delete, Correct, Portability, Limit SPI, Opt-Out of Sale, Opt-Out of ADM, Non-Discrimination, Appeal, Authorized Agent) over your own caregiver data as set out in section 9 of the Senior Privacy Policy. You do not have rights of access, correction, or deletion over the senior's data via the family app — please direct the senior to exercise those rights from their own app.
12. Biometric notice (Illinois BIPA)
We do not generate or store voiceprints or other biometric identifiers from your audio or video. Video / audio streams during calls are routed through Zoom Video SDK and are not retained by us.
13. Security
We implement reasonable technical and administrative safeguards (encryption in transit and at rest, access control, audits) consistent with the NY SHIELD Act and industry standards.
14. International transfers
The service operates in multiple countries including the United States. Information may be transferred internationally; the higher of local law or this policy applies.
15. Changes to this policy
Material changes are notified in-app and by email at least 7 days before effective date. Significant scope changes require renewed consent.
16. Contact
- Privacy contact: privacy@healthia.app
- Rights requests: privacy@healthia.app (subject line: [Rights Request])
- Mail: (address to be added upon business registration)