Privacy Policy

Effective: Upon plan activation  |  Last Updated: April 2026

Generous App Enterprise ("we," "us," or "our") operates the Elder Voicecare service. This Privacy Policy explains how we collect, use, store, protect, and share information in connection with the service. It applies globally, with specific provisions for users in the United States, Canada, United Kingdom, European Union, Australia, and New Zealand.

1. Scope

This Policy applies to:

• Caregiver and account holder data collected during enrollment and the service term

• Personal data of the elderly person receiving calls, collected during calls and through the Companion Profile

• Technical and usage data generated through use of the service and dashboard

• All deployment regions: United States, Canada, United Kingdom, European Union, Australia, and New Zealand

2. Information We Collect

2.1 Caregiver and Account Holder Data

When you enroll with Elder Voicecare, we collect:

• Full name, email address, telephone number, and billing address

• Relationship to the person receiving calls and, where provided, legal authority documentation

• Payment and billing information (processed by our payment processor; we do not store full card numbers)

• Account preferences, call scheduling settings, and emergency contact details

• Consent records including checkbox confirmations and timestamps

2.2 Data About the Person Receiving Calls

We collect and process the following categories of personal data about the person receiving calls:

CategoryExamplesSourceIdentifiersName, preferred name, telephone numberProvided by caregiver at enrollmentVoice recordingsAudio of AI companion callsGenerated during callsTranscriptsText transcription of callsGenerated during callsCompanion ProfileTopics, routines, family names, language preferences, dementia notesProvided by caregiverHealth-adjacent dataMood observations, cognitive indicators, medication mentionsInferred from call contentConversation memoryBrief summaries of past calls (optional — explicit consent required)Generated during calls if enabledSafeguarding recordsEscalation events, distress detectionsGenerated during callsCall metadataCall time, duration, outcome, connection qualitySystem-generated

Health-Adjacent Data Notice

Conversations with elderly users may contain references to health conditions, medications, symptoms, and emotional states. This data is treated as sensitive personal information and handled with heightened security and access controls. In the United States, it may constitute Personal Health Record information under the FTC Health Breach Notification Rule (16 C.F.R. Part 318). In the UK and EU, it is classified as Special Category Data under UK/EU GDPR Article 9.

2.3 Technical and Usage Data

We automatically collect dashboard login activity, call volume and duration data, system performance logs, device and browser information for dashboard users, and IP addresses (anonymized where required by applicable law).

3. How We Use Your Information

We use collected information to provision, operate, and deliver the Elder Voicecare service; schedule and place daily AI companion calls; generate and deliver post-call summary reports to the caregiver; operate the safeguarding and emergency escalation protocol; process billing and manage subscriptions; provide customer and technical support; detect and prevent fraud or unauthorized access; and improve AI model accuracy using anonymized, aggregated interaction data.

We do not sell, rent, or share personal data with any third party for marketing or advertising. We do not use conversation data to profile users for commercial targeting.

4. Lawful Basis for Processing (UK and EU Users)

For users in the United Kingdom and European Union, we process personal data on the following lawful bases under UK GDPR / EU GDPR:

Processing ActivityLawful BasisGDPR ArticleProviding the companion call servicePerformance of contractArt. 6(1)(b)Account management and billingPerformance of contractArt. 6(1)(b)Call recording and transcriptionConsentArt. 6(1)(a)Processing health-adjacent conversation dataExplicit consentArt. 6(1)(a) + Art. 9(2)(a)Safeguarding and emergency escalationVital interestsArt. 6(1)(d)Service improvement (anonymized data only)Legitimate interestsArt. 6(1)(f)Legal compliance and record-keepingLegal obligationArt. 6(1)(c)

Where we rely on consent as a lawful basis, you may withdraw consent at any time by contacting support@generousapp.com.

5. Third-Party Service Providers

Elder Voicecare relies on third-party infrastructure providers to deliver core functions. These providers process personal data on our behalf under data processing agreements and may only use data for the purpose of providing services to us. Provider categories include:

• Voice AI and telephony infrastructure (call routing, audio processing, AI voice synthesis)

• AI voice generation and conversational intelligence infrastructure

• Payment processing and subscription management

• Cloud hosting, data storage, and security infrastructure

• Email and notification delivery services

Data may be processed in jurisdictions outside your country, including the United States. For UK/EU users, international data transfers rely on Standard Contractual Clauses (SCCs) or equivalent safeguards. A copy of applicable transfer mechanisms is available on request.

6. Data Retention

Data TypeRetention PeriodReasonVoice recordings (audio)30 days from call dateDeleted after report generationCall transcripts90 days from call dateCaregiver reporting and reviewCompanion ProfileService duration + 30 daysDeleted on account closureConversation memory (if enabled)Service duration + 30 daysDeleted on account closure or opt-outPost-call reports90 daysCaregiver access; then deletedCaregiver contact detailsService duration + 12 monthsBilling and legal complianceConsent records and signed forms7 yearsLegal compliance — all jurisdictionsSafeguarding / escalation reports7 yearsLegal compliance; potential proceedingsBilling and payment records7 years (or local legal requirement)Tax and financial regulation

7. Data Security

We implement commercially reasonable technical and organizational safeguards including AES-256 encryption for voice recordings and transcripts at rest, TLS encryption for all data in transit, role-based access controls, regular security reviews, and contractual security obligations on all third-party providers.

No method of electronic transmission or storage is completely secure. Caregivers are responsible for maintaining the security of their account credentials and must notify us immediately at support@generousapp.com of any suspected unauthorized access.

8. Recording and AI Disclosure Obligations

By enrolling and configuring the service, you take on responsibility for informing the person receiving calls that calls are from an AI companion and that calls are being recorded. You are also responsible for informing any other person present during a call of the recording. Elder Voicecare delivers an audible notice at the start of every call, but primary responsibility for ensuring all persons are informed rests with the account holder.

9. Conversation Memory Feature

By default, each call begins with no memory of previous conversations. The optional Conversation Memory feature allows the AI to retain brief summaries of past calls to provide a more continuous experience. This feature is disabled by default and requires explicit consent to enable. Memory summaries are stored securely, accessible to the caregiver through the dashboard, and deleted immediately upon account closure or upon disabling the feature. They are never sold, shared, or used for any commercial purpose.

For UK/EU users: enabling this feature constitutes explicit consent under GDPR Article 9(2)(a) for processing health-adjacent special category data. You may withdraw this consent at any time.

10. Cookies and Analytics

The Elder Voicecare dashboard and website use cookies for session management, authentication, and platform performance analytics. We do not use cookies to track users across third-party websites for advertising. UK/EU users will see a cookie consent notice on first visit, consistent with UK PECR and EU ePrivacy Directive requirements.

11. Children and Users Without Capacity

Elder Voicecare is designed for elderly adults and is not directed at children under 13 (or under 16 in the EU/UK). For users who may lack full legal capacity to consent, all enrollment and consent actions must be completed by an Authorized Representative with appropriate legal authority such as a power of attorney or guardianship order.

12. Your Privacy Rights — All Users

Regardless of your location, you have the following rights in relation to personal data we hold:

RightWhat It MeansHow to ExerciseAccessRequest a copy of all personal data we holdsupport@generousapp.comCorrectionRequest correction of inaccurate datasupport@generousapp.comDeletionRequest permanent deletion of your datasupport@generousapp.comPortabilityReceive your data in a portable formatsupport@generousapp.comWithdrawalWithdraw consent at any timesupport@generousapp.comObjectionObject to certain types of processingsupport@generousapp.com

We will respond to all rights requests within 30 days (45 days for US users). An Authorized Representative may submit requests on behalf of the person receiving calls with appropriate proof of authority.

13. Regional Privacy Rights

🇺🇸United States

California (CCPA/CPRA — applied voluntarily):

• Right to know the specific categories and pieces of personal information collected

• Right to opt out of sale or sharing of personal information (we do not sell data)

• Right to limit use of sensitive personal information (voice recordings and health-adjacent data qualify)

• Right to non-discrimination for exercising any privacy right

• Complaints: California Privacy Protection Agency (cppa.ca.gov) or California AG (oag.ca.gov)

All US residents: Residents of Virginia, Colorado, Connecticut, Texas, Washington, and other states with comprehensive privacy laws have equivalent access, correction, deletion, and opt-out rights. Contact support@generousapp.com to exercise any state privacy right. Health-adjacent voice data may be subject to the FTC Health Breach Notification Rule (16 C.F.R. Part 318).

🇬🇧United Kingdom

• Health-adjacent conversation data is classified as Special Category Data under UK GDPR Article 9 and processed only on the basis of explicit consent or, in emergencies, vital interests

• You have the right to lodge a complaint with the Information Commissioner's Office: ico.org.uk | 0303 123 1113

• International data transfers use Standard Contractual Clauses or UK International Data Transfer Agreements (IDTAs)

🇪🇺European Union

• Health-adjacent data is Special Category Data processed only with explicit consent (GDPR Art. 9(2)(a)) or to protect vital interests (Art. 9(2)(c))

• You may lodge a complaint with the supervisory authority in your member state of residence

• EU Online Dispute Resolution: ec.europa.eu/odr

• International transfers rely on Standard Contractual Clauses approved by the European Commission

🇨🇦Canada

• Personal data is processed in accordance with PIPEDA and applicable provincial equivalents including Quebec Law 25, Alberta PIPA, and BC PIPA

• Quebec residents have additional rights under Law 25 including data portability and the right to be informed of automated processing

• Complaints: Office of the Privacy Commissioner of Canada (priv.gc.ca)

🇦🇺 🇳🇿AU / NZ

• We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

• For NZ users, we comply with the Privacy Act 2020

• Sensitive information (including health information) is handled with heightened protection

• AU complaints: Office of the Australian Information Commissioner (oaic.gov.au)

• NZ complaints: Privacy Commissioner (privacy.org.nz)

14. Data Breach Notification

In the event of a data breach affecting personal data we hold, we will notify affected users as soon as reasonably practicable and report to applicable regulators within legally required timeframes:

• US: FTC within 60 days (Health Breach Notification Rule) if health-adjacent data is involved; state AGs as required

• UK: ICO within 72 hours (UK GDPR Article 33)

• EU: Lead supervisory authority within 72 hours (EU GDPR Article 33)

• Canada: OPC as soon as reasonably possible (PIPEDA Breach of Security Safeguards Regulations)

• Australia: OAIC within 30 days of becoming aware of an eligible data breach (Privacy Act, NDB Scheme)

• New Zealand: Privacy Commissioner within 72 hours of becoming aware of a notifiable privacy breach (Privacy Act 2020)

15. No Sale of Personal Information

Generous App Enterprise does not sell, rent, lease, or otherwise commercially exploit caregiver data, data about the person receiving calls, or any other personal data to any third party for marketing, advertising, or any commercial purpose unrelated to operating the service.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or through the dashboard at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised Policy.

17. Contact

For privacy-related questions, data access requests, or concerns about how your data or your family member's data is handled, please contact us at:

Privacy and data rightssupport@generousapp.comGeneral supportsupport@generousapp.comLegal noticessupport@generousapp.comWebsiteelder.generousapp.comParent companyhttps://www.generousapp.comLearn morehttps://www.generousapp.com/ai-voice-companion-elderlyUS — FTC complaintsftc.gov/complaintUS — California CPPAcppa.ca.govUK — ICOico.org.uk | 0303 123 1113EU — ODR Platformec.europa.eu/odrAustralia — OAICoaic.gov.auNew Zealand — Privacy Commissionerprivacy.org.nzCanada — OPCpriv.gc.ca

By subscribing at enrollment, you confirm that you have read and understood this Privacy Policy and consent to the collection, use, and processing of information as described herein.