Privacy Policy

Last updated: April 29, 2026

1. Who we are

SeniorGuardCare ("we", "us", "our") operates the care coordination platform available at seniorguard.care. We are the data controller for personal data processed through our Service. Contact: support@seniorguard.care

2. Data we collect

Account data

When you register, we collect your name, email address, and password (hashed, never stored in plaintext). If you sign in with Google, we receive your name and email from Google.

Care data

Information you enter about the people in your care, including names, medications, dosages, diagnoses, appointment details, and wellness logs. This may include sensitive health data.

Documents

Files you upload to the document vault (e.g., lab results, insurance cards) are stored encrypted in Supabase Storage.

Usage data

We collect logs of actions taken in the app (e.g., medications added, documents uploaded) for audit trails and feature improvement. We do not sell this data.

Payment data

Payments are processed by Stripe. We store your Stripe customer ID but never your full card number. Stripe's privacy policy: stripe.com/privacy.

Cookies

We use essential session cookies for authentication. We do not use advertising or tracking cookies.

3. How we use your data

  • To provide and operate the Service
  • To send transactional emails (confirmation, reminders, invoices)
  • To process payments and manage subscriptions
  • To detect and prevent fraud or abuse
  • To improve the Service through aggregate, anonymised analytics

4. Legal basis for processing (UK/EU users)

  • Contract: processing necessary to provide the Service you have signed up for
  • Legitimate interests: security monitoring, fraud prevention, and service improvement
  • Consent: optional marketing emails and SMS notifications (you can withdraw at any time)

5. Who we share data with

We share data only with the following third parties, strictly to operate the Service:

  • Supabase: database and file storage (EU/US regions)
  • Stripe: payment processing
  • OpenAI: AI features. When you enable AI features, relevant health data (medications, wellness logs, appointment details) is sent to OpenAI to process your request. OpenAI does not use API data to train models. Before first use, we collect your explicit consent under GDPR Article 9. Data is pseudonymized where possible before transmission. You can withdraw this consent at any time from Settings.
  • Twilio: SMS notifications (only if you opt in)
  • Resend: transactional email delivery
  • Vercel: hosting and infrastructure
  • Sentry: error monitoring (anonymised stack traces only)

We do not sell your personal data to any third party, ever.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it (e.g., financial records for 7 years). You can request data export at any time from Settings.

7. Security

We implement industry-standard measures: HTTPS encryption in transit, AES-256 encryption at rest, row-level security on our database, and role-based access controls. Despite these measures, no system is 100% secure and we cannot guarantee absolute security.

8. Your rights

Under UK GDPR, US state privacy laws, and similar regulations, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data
  • Portability: export your data in CSV format from Settings
  • Object: object to processing based on legitimate interests
  • Withdraw consent: unsubscribe from marketing or SMS at any time, or withdraw AI processing consent from Settings

To exercise any of these rights, email support@seniorguard.care. We will respond within 30 days.

9. International transfers

Our service providers may process data outside of the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or adequacy decisions).

10. Children's privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, contact us immediately.

11. Changes to this policy

We may update this policy from time to time. We will notify you by email before material changes take effect. The "last updated" date at the top reflects the most recent revision.

12. Contact and complaints

Privacy questions: support@seniorguard.care

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.