Privacy Policy

1. Information We Collect

Account Data

• Anonymous User ID: Automatically generated when you first open the app. No email or password required.
• Display Name: Optional name you can set for identification by your caregiver.
• Pairing Codes: 6-digit codes used to link seniors and caregivers.

Check-in & Wellness Data

• Check-in Timestamps: When you tap "I'm OK" — stored in our database to notify your caregiver.
• Medication Reminders: Names and scheduled times for your medications — stored in our database to send you reminders.
• Status Information: Your current check-in status (OK, missed, overdue, emergency) — shared with linked caregivers.

Sensor Data (Processed On-Device Only)

• Motion & Accelerometer Data: Used for motion alerts. This data is processed entirely on your device using on-device AI (CoreML) and is never uploaded to any server.
• Microphone Audio: Used for smoke alarm and unusual sound awareness. Audio is analyzed on your device in real-time using Apple's Sound Analysis framework and is never recorded or uploaded.

Location Data

• Emergency Location: Your location is captured only when an alert is triggered (unusual motion or smoke alarm sounds) and shared with your linked caregiver. Location is not tracked continuously.

Device Information

• Device Type & OS Version: Collected for troubleshooting app issues only.
• App Version: Used to ensure compatibility.
• Battery Level & Charging State: Synced to our database so your caregiver can see if your device is powered. This data is overwritten with each update and not retained historically.
• Do Not Disturb / Focus Status: Your caregiver can see if your device has Do Not Disturb enabled, which may explain missed notifications.
• Last Active Timestamp: The last time you opened the app, shared with your caregiver for peace of mind.

2. How We Use Your Data

• To notify caregivers when a senior checks in or misses a check-in.
• To notice unusual motion patterns and sound alerts, and notify your family.
• To share emergency location with linked caregivers during emergencies.
• To send medication and check-in reminder notifications.
• To display check-in history within the app.
• To improve app stability and fix bugs.

3. Third-Party Services

We use the following third-party services to operate Howdy:

• Google Firebase (Firestore): Cloud database for storing account data, check-ins, and medication reminders. Data is encrypted in transit and at rest. Firebase Privacy Policy
• Firebase Cloud Messaging: Used to deliver push notifications to your device.
• Firebase Authentication: Used for anonymous sign-in (no personal information required).

All third-party services are required to provide the same or greater level of data protection as described in this policy. We do not use any third-party analytics, advertising, or tracking SDKs.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Data is only shared between paired seniors and caregivers as intended by the app's functionality. We do not use your data for advertising, data mining, or profiling.

5. Data Storage & Security

• Your cloud data is stored securely on Google Firebase servers.
• Data is encrypted in transit (TLS) and at rest.
• Sensor data (motion, audio) never leaves your device.
• Emergency location data is stored temporarily and deleted when the emergency is resolved.

Cross-Border Data Transfer: Your data is stored on Google Firebase servers located in the United States. By using Howdy, you consent to the transfer of your data to the United States, where it is protected by Google's enterprise-grade security measures including encryption in transit and at rest. Google is certified under recognized data protection frameworks. If you are located in Canada, Hong Kong, or the European Union, please be aware that your data may be subject to access by governmental authorities under applicable U.S. law.

6. Data Retention & Deletion

• Account Data: Retained until you delete your account.
• Check-in History: Automatically deleted after 90 days. You can also delete all history by deleting your account.
• Alerts: Resolved alerts are automatically deleted after 90 days. Unresolved alerts are retained until resolved or your account is deleted.
• Emergency Data: Location and emergency type are cleared when a new check-in is performed.
• On-Device AI Training Data: Check-in patterns used to improve reminder timing are stored locally on your device only. This data is deleted when you uninstall the app.
• Device Vitals: Battery level and charging state are synced to our database to keep your caregiver informed. This data is overwritten with each update and not retained historically.
• Account Deletion: You can permanently delete your account and all associated data at any time from Settings → Delete Account within the app. Deletion is immediate and irreversible. All check-in records, medication data, and pairing information will be permanently removed.

7. Your Rights

• You can delete your account and all associated data at any time from the app (Settings → Delete Account).
• You can request a copy of your data by contacting us.
• You can withdraw consent for microphone, motion, or location access at any time through your device's Settings app.

Region-specific rights:

• European Union: You have additional rights under the General Data Protection Regulation (GDPR), including data portability, the right to rectification, and the right to be forgotten.
• Canada: You have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and withdraw consent for your personal information. You may file a complaint with the Office of the Privacy Commissioner of Canada.
• Hong Kong: You have rights under the Personal Data (Privacy) Ordinance (PDPO), including the right to access and correct your personal data. You may file a complaint with the Office of the Privacy Commissioner for Personal Data.
• United States: Depending on your state of residence, you may have additional rights under state privacy laws (e.g., CCPA/CPRA in California). Contact us to exercise any applicable rights.

8. Medical & Regulatory Disclaimer

Howdy is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or medical condition. Howdy has not been evaluated, cleared, or approved by the U.S. Food and Drug Administration (FDA), Health Canada, the Hong Kong Medical Device Control Office (MDCO), or any other regulatory body.

The motion alert and sound alert features are supplementary awareness tools that use on-device AI. They are not substitutes for professional medical alert systems, personal emergency response systems (PERS), or emergency services (911/999/112). These features may not work in all conditions. Always call emergency services directly in case of a real emergency. Do not rely solely on this app for emergency detection.

9. Children's Privacy

Howdy is designed for adults, particularly seniors and their caregivers. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Data Breach Notification

In the event of a data breach involving your personal information that poses a real risk of significant harm, we will:

• Notify affected users as soon as reasonably practicable.
• Report the breach to the Office of the Privacy Commissioner of Canada (as required by PIPEDA), and to other applicable regulatory authorities.
• Describe the nature of the breach, the data involved, and the steps we are taking to mitigate the risk.
• Provide guidance on what you can do to protect yourself.

12. Contact Us

Questions about this privacy policy? Email us at: support@howdyai-app.com

Privacy Officer: For privacy-specific inquiries, data access requests, or to exercise your rights under PIPEDA, CCPA, PDPO, or GDPR, contact our designated Privacy Officer at: support@howdyai-app.com