Privacy Policy

Introduction

Always There For You ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App").

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the App.

Data Controller

For the purposes of data protection law, the data controller is:

Always There For You
Email: support@alwaysthereforyou.app

This means we are responsible for deciding how we hold and use your personal data.

Information We Collect

Personal Information You Provide

When you use Always There For You, you may provide us with:

• Account Information: Name, email address, and profile photo
• Profile Details: Display name, pronouns, and contact preferences
• Communication Data: Messages, voice notes, and care request details shared within your Family Circle
• Calendar Information: Events, appointments, and scheduling preferences
• Contact Information: Emergency contacts and family member details you choose to add
• Health Information: Health conditions, allergies, dietary restrictions, symptom logs, and care plans shared within your Family Circle (used to generate AI-powered care guidance)
• Apple HealthKit Data: With your explicit permission, aggregated health vitals (heart rate, blood pressure, blood oxygen, blood glucose, steps, sleep, respiratory rate, body temperature, weight) are read from Apple Health and used ephemerally to generate personalised care briefs. HealthKit data is not stored on our servers — only the generated care brief text is saved.
• Subscription Information: Subscription status, purchase history, and feature usage counters (synced securely via Supabase for cross-device support)

Information We Do NOT Collect

• Insurance information
• National Insurance numbers or government-issued identification numbers
• Financial or banking details
• Location data (unless explicitly enabled for features)
• Browsing history outside our App

Automatically Collected Information

When you use the App, we may automatically collect:

• Device information (device type, operating system version)
• App usage analytics (screens viewed, features used)
• Crash reports and error logs
• Push notification tokens (for delivering notifications)

Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Contract: Processing is necessary to provide you with the App and its features, as set out in our Terms of Service. This includes account creation, messaging, care request management, and calendar functionality.
• Legitimate Interests: Processing is necessary for our legitimate interests, provided these are not overridden by your rights. This includes improving the App, ensuring security, and preventing abuse.
• Consent: Where we rely on your consent (for example, for push notifications or optional iOS Calendar integration), you can withdraw consent at any time through your device settings or the App's Settings screen.
• Explicit Consent (Article 9): Processing of special category data (health information, HealthKit vitals) is based on your explicit consent. You choose to enter health profiles and grant HealthKit access. You can withdraw this consent at any time by removing health data from your profile or revoking HealthKit permissions in your device's Settings.
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

How We Use Your Information

We use the information we collect to:

• Provide Services: Enable messaging, care coordination, calendar, AI-powered care briefs, and subscription management within your Family Circle
• Generate Care Intelligence: Use health profiles, symptoms, medications, and weather data to produce personalised daily care guidance (processed via server-side Edge Functions; data is not stored beyond the generated brief)
• Manage Subscriptions: Process purchases via Apple StoreKit, sync subscription status and feature usage across devices
• Improve the App: Analyse anonymised usage patterns via privacy-first analytics (TelemetryDeck, opt-in only)
• Send Notifications: Deliver push notifications for messages, care requests, and calendar reminders
• Provide Support: Respond to your enquiries and support requests
• Ensure Security: Protect against unauthorised access and abuse

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

Data Storage and Security

Where Your Data Is Stored

Your data is stored securely using Supabase, a trusted cloud infrastructure provider. All data is:

• Encrypted at rest using AES-256 encryption
• Encrypted in transit using TLS 1.3
• Protected by row-level security policies ensuring users can only access data within their authorised Family Circles
• Stored in secure data centres with SOC 2 compliance

International Data Transfers

Your data may be processed and stored on servers located outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK data protection law. These safeguards may include:

• Transfers to countries that the UK government has deemed to provide an adequate level of data protection
• Standard contractual clauses approved by the Information Commissioner's Office (ICO)
• Other lawful transfer mechanisms under the UK GDPR

Data Retention

We retain your personal information for as long as your account is active and as is necessary to fulfil the purposes for which it was collected. When you delete your account:

• All personal data is permanently deleted within 30 days
• Anonymised analytics data may be retained for service improvement

We periodically review the data we hold and delete any data that is no longer necessary for the purposes for which it was collected.

Data Sharing

We Do NOT Sell Your Data

Limited Sharing

We may share information only in these circumstances:

• Within Your Family Circle: Messages, events, and care requests are shared with members of your Family Circle. This is the core function of the App and is necessary for coordinating care.
• Service Providers: We use trusted providers (Supabase for data storage, Apple APNs for push notifications, Apple StoreKit for subscriptions, Anthropic for AI care brief generation, TelemetryDeck for anonymised analytics) who process data on our behalf and are bound by data processing agreements. AI-generated care briefs use health data ephemerally — no personal health data is retained by the AI provider.
• Legal Requirements: If required by UK law, court order, or a request from a regulatory authority (such as the ICO).
• Safety: To protect the safety of our users or the public, where we reasonably believe disclosure is necessary and proportionate.

Third-Party Services

Our App integrates with the following third-party services:

• Supabase: Database, authentication, file storage, and real-time communication infrastructure
• Apple Push Notification Service (APNs): For delivering push notifications to your iOS device
• Apple HealthKit: With your explicit permission, reads aggregated health vitals from Apple Health to generate personalised care briefs. HealthKit data is processed ephemerally and is not stored on our servers.
• Apple StoreKit 2: For processing in-app purchases and managing subscription status
• Anthropic (Claude AI): Server-side AI processing to generate personalised care briefs from health profiles, symptoms, medications, and weather data. Health data is sent ephemerally via secure Edge Functions — no personal data is retained by Anthropic beyond the API request.
• TelemetryDeck: Privacy-first, opt-in analytics. Collects anonymised usage patterns only when you enable analytics in Settings. No personal identifiers are transmitted.
• iOS Calendar (EventKit): Optional integration for syncing events with your device's local calendar. Calendar data remains on your device unless you explicitly choose to sync it.

These services have their own privacy policies, and we encourage you to review them. We have data processing agreements in place with our key service providers to ensure your data is handled in accordance with UK data protection law.

Your Rights Under UK Data Protection Law

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of Access

You have the right to request a copy of the personal data we hold about you. You can do this by contacting us at support@alwaysthereforyou.app. We will respond to your request within one month.

Right to Rectification

You can access and update your profile information at any time through the App's Settings. If you believe any other data we hold about you is inaccurate or incomplete, please contact us and we will correct it.

Right to Erasure (Right to Be Forgotten)

You can delete your account at any time through Settings > Delete Account. This will permanently remove:

• Your profile and personal information
• All messages you've sent
• Care requests you've created
• Your membership in all Family Circles

You may also request erasure of specific data by contacting us. We will comply unless we have a lawful reason to retain the data.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example if you contest the accuracy of the data or object to our processing of it.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may request a copy of your data by contacting us at support@alwaysthereforyou.app. We will provide your data in a standard format (such as JSON or CSV) within one month.

Right to Object

You have the right to object to processing of your personal data where we are relying on a legitimate interest, if you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes (though we do not currently carry out any direct marketing).

Rights Related to Automated Decision-Making

We do not carry out any automated decision-making or profiling that has a legal or similarly significant effect on you.

Withdrawing Consent

Where we rely on your consent to process your data (for example, push notifications or iOS Calendar sync), you can withdraw consent at any time by:

• Adjusting notification preferences in the App's Settings
• Revoking calendar access in your device's Settings
• Contacting us at support@alwaysthereforyou.app

Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

Notification Preferences

You can customise notification preferences in the App's Settings, including:

• Message notifications
• Care request alerts
• Calendar reminders
• Quiet hours settings

How to Exercise Your Rights

To exercise any of the above rights, please contact us at support@alwaysthereforyou.app. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, but we will inform you if this is necessary and explain why.

You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Children's Privacy

Always There For You is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

For users aged 13 to 17, parental or guardian consent is required to use the App, in accordance with our Terms of Service.

Cookies and Tracking

The App does not use cookies. If we introduce analytics or tracking tools in the future, we will update this Privacy Policy accordingly and seek your consent where required.

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
• Notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms
• Document the breach and the steps taken in response

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending a notification through the App for significant changes, at least 30 days before the changes take effect

Your continued use of the App after changes take effect constitutes acceptance of the updated policy. If you do not agree with the revised policy, you should stop using the App and delete your account.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please do get in touch with us first at support@alwaysthereforyou.app.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@alwaysthereforyou.app