Privacy

Last updated: 2026-05-12

What we collect

• Caregiver name, email, and mobile phone.
• Senior name, mobile phone, birth year, and city/state.
• Approximate coordinates derived from city, used only to fetch local weather.
• Every SMS we send and every reply we receive.
• Consent timestamps and IP at signup (required for SMS compliance).

How we use it

• Phone numbers route SMS via RingCentral.
• Coordinates go to Open-Meteo (no API key) for the day's forecast.
• Message text is sent to Anthropic to generate trivia and warm replies. Recent conversation history is included as context.
• Email addresses receive sign-in links via Resend.

What we don't do

• We do not sell phone numbers or message content.
• We do not share data outside the providers above.
• We do not use messages for advertising.

Retention & deletion

Account and message data persist until the caregiver removes the senior or the account. Consent timestamps are retained as required by SMS regulations.

Security

Sessions are server-side and never exposed in URLs. Cookies are HttpOnly + Secure + SameSite=Lax. All endpoints are HTTPS-only with HSTS. Mutating endpoints require same-origin requests. Rate limits protect signup, sign-in emails, and inbound SMS. The SMS webhook is authenticated with a shared secret.