1. Information We Collect

1.1 Health and Wellness Information

We collect health-related information you provide to help manage care:

• Medication Information: Names, dosages, schedules, and adherence data
• Health Conditions: Chronic conditions, symptoms, and health goals
• Appointment Data: Healthcare provider visits, treatment schedules
• Wellness Activities: Exercise routines, diet information, sleep patterns
• Care Team Information: Healthcare providers, family members, caregivers
• Photos and Documents: Pill bottles, devices, discharge instructions, medical documents you upload

1.2 Account and Profile Information

• Name, email address, phone number
• Date of birth, timezone preferences
• Emergency contact information and connections
• Account preferences and settings

1.3 Usage and Technical Information

• Device information (type, operating system, browser)
• IP address and location data (city/state level only)
• App usage patterns and feature interactions
• Error logs and performance data

1.4 Communication Data

• Messages you send through the app
• Voice interactions with Charlie (our AI assistant)
• Customer support communications
• SMS delivery confirmations and responses

2. How We Use Your Information

2.1 Core Service Functions

• Personalized AI Assistance: Train Charlie to provide tailored health management support
• Intelligent Reminders: Send medication, appointment, and wellness reminders via your preferred channels
• Progress Tracking: Monitor health patterns and adherence trends
• Care Coordination: Facilitate communication between you and your care team
• Photo Recognition: Extract information from uploaded medication bottles, devices, and documents

2.2 Service Improvement and Analytics

• Improve AI accuracy and recommendations (using aggregated, de-identified data)
• Enhance user experience and app functionality
• Identify and fix technical issues
• Develop new features based on usage patterns

2.3 Communication and Support

• Send service updates and important notifications
• Provide customer support and respond to inquiries
• Send account security alerts and verification codes
• Deliver emergency alerts when appropriate

2.4 Legal and Safety Purposes

• Comply with applicable laws and regulations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Respond to legal requests and court orders

3. Information Sharing and Disclosure

3.1 Sharing You Control

• Support Team Members: Family, caregivers, and healthcare providers you explicitly authorize
• Escalation Supporters: People you choose to share progress updates with and who Charlie will notify if you get off track
• Emergency Contacts: In case of urgent health situations

3.2 Service Providers

We share limited information with trusted partners who help us provide the Service:

• Cloud Infrastructure: Secure data storage and processing (AWS, encrypted at rest and in transit)
• SMS Providers: To deliver text message reminders (Twilio, with opt-out capabilities)
• Email Services: For notifications and communications
• AI/ML Services: To power Charlie's intelligence (using de-identified data only)
• Payment Processors: For subscription billing (they don't receive health data)

3.3 Legal Requirements

We may disclose information when required by law:

• Court orders, subpoenas, or legal proceedings
• Government investigations or regulatory requirements
• To protect against imminent harm to health or safety
• To prevent fraud or abuse of our services

3.4 Business Partners (B2B2C Model)

When CharlieCheck is provided through partners (healthcare systems, insurance companies, employers):

• Partners may receive aggregated, de-identified usage statistics
• Individual health data is shared only with your explicit consent
• You maintain control over your data sharing preferences
• Partners must agree to additional privacy and security requirements

4. Data Security and Protection

4.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring
• Data Minimization: We collect and retain only necessary information
• Secure Infrastructure: HIPAA-compliant cloud services with SOC 2 certification

4.2 Operational Safeguards

• Employee Training: Regular privacy and security training for all staff
• Background Checks: All employees undergo security clearance
• Audit Logs: All data access is logged and monitored
• Incident Response: 24/7 security monitoring and rapid response procedures
• Regular Security Assessments: Third-party penetration testing and vulnerability assessments

4.3 Data Breach Response

In the unlikely event of a data breach:

• We will notify affected users within 72 hours
• We will provide clear information about what data was affected
• We will take immediate steps to secure the breach and prevent further access
• We will notify relevant authorities as required by law

5. Your Privacy Rights and Choices

5.1 Access and Control

You have the right to:

• Access: View all personal data we have about you
• Update: Correct or update your information at any time
• Delete: Request deletion of your account and data
• Restrict: Limit who sees your information

5.2 Sharing Controls

• Grant or revoke access to care team members
• Set specific permissions for different types of information
• Manage emergency contact authorizations

5.3 Communication Preferences

• Choose your preferred reminder channels (app, SMS, email, phone) available in your plan
• Set notification schedule and reminder timing
• Opt out of non-essential communications
• Customize emergency alert settings

5.4 State Privacy Rights

Residents of certain states have additional rights:

• California (CCPA/CPRA): Right to know, delete, opt-out, and non-discrimination
• Virginia (VCDPA): Right to access, correct, delete, and opt-out
• Other States: We extend similar protections to all users regardless of location

6. SMS and Communication Privacy

6.1 SMS Consent and Opt-Out

By providing your phone number, you consent to receive:

• Health related and other reminders created by you and those you allow
• Account security codes (OTP)
• Esclation alerts for those you choose
• Service notifications

6.2 Phone Call Privacy

When the Service calls you (available only with certain plans):

• Calls are initiated if subscribed, and only for critical reminders
• We do not record phone conversations without explicit consent
• Call logs are encrypted and stored securely
• You can disable phone calls in your notification preferences

6.3 Voice Data Privacy

When you use voice features:

• Voice recordings may be processed to understand your health needs
• Voice data is not stored by the Service, transcribed voice data is stored securely with other personal information
• We do not share voice recordings with third parties without consent

7. Health Information Special Protections

7.1 HIPAA-Like Protections

While the Service is not a HIPAA "covered entity," we voluntarily implement HIPAA-like protections for your health information:

• Minimum necessary standard - we access only the information needed for specific purposes
• Administrative, physical, and technical safeguards
• Employee training on health information privacy
• Business associate agreements with service providers
• Breach notification procedures

7.2 Sensitive Health Information

We provide extra protection for sensitive health information:

• Information on health conditions, medications, and other therapies shared with the Service

7.3 De-identification for Research

When we use health data for research and AI improvement, we follow strict de-identification procedures:

• Remove all direct identifiers (names, addresses, phone numbers, etc.)
• Apply statistical methods to prevent re-identification
• Use independent privacy or data professionals to validate de-identification
• Aggregate data across large populations to protect individual privacy

8. International Users

8.1 Data Transfers

The Service is based and operates in the United States. If you use our service from outside the US:

• Your data will be transferred to and processed in the United States
• We provide the same level of protection regardless of your location
• Data transfers comply with applicable international frameworks
• We implement appropriate safeguards for cross-border transfers

8.2 European Users (GDPR)

If you're in the European Economic Area, you have additional rights under GDPR:

• Right to be informed about data processing
• Right of access to your personal data
• Right to rectification (correction) of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

8.3 Other International Regulations

We monitor and comply with privacy laws in all jurisdictions where we operate.

9. Children's Privacy

9.1 Age Requirements

• The Service is intended for users 18 years and older
• Users 13-17 may use the service with parental consent and supervision
• Data provided by legal guardians of children under 13, is the responsibility of the guardians who provide this information

9.2 Parental Controls

For users under 18 with parental consent:

• Parents/guardians have access to all account information if the account is set up as a guardian account
• Setting up guardian accounts requires require verification
• Parents may delete their child's account at any time

9.3 COPPA Compliance

If we discover we have inadvertently and directly collected information from a child under 13, we will promptly delete that information and terminate the account. Parents who believe their child has provided information to us should contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make changes:

• Notice: We will notify you at least 30 days before significant changes take effect
• Communication: Notifications will be sent via email or in-app alerts
• Choice: You can review changes and decide whether to continue using the Service
• Version History: Previous versions will be available for reference

11. Contact Us

We're here to help with any privacy questions or concerns. You can reach us via Charlie AI through the Service or via email:

Privacy Request Response Times

• General Questions: 1-2 business days
• Data Access Requests: 10-15 business days
• Data Deletion Requests: 30 days maximum
• Security Concerns: Immediate response (24/7)