We believe you should understand exactly what data we collect and why. This page explains everything in plain language — no legal jargon. For the full legal version, see our Privacy Policy.
The Basics
What Data We Collect and Why
Different features need different data. Some is required to make the app work; much of it is optional. Here's every category we collect:
Account Details
RequiredWhat: Your name, email address, and profile photo.
Why: To create your account, identify you within your Family Circle, and let other members recognise you.
Messages & Voice Notes
RequiredWhat: Text messages and voice recordings you send within your Family Circle.
Why: To deliver your messages to Circle members and keep a shared conversation history for your care team.
Calendar & Events
RequiredWhat: Appointments, care events, and scheduling preferences.
Why: To coordinate care schedules, send reminders, and optionally sync with your device calendar.
Health Profile
OptionalWhat: Conditions, allergies, dietary restrictions, symptom logs, medications, and care plans.
Why: To share relevant health context within your Circle and generate personalised AI care guidance. Only visible to your Circle members.
Manually Logged Vitals
OptionalWhat: Blood pressure, blood glucose, weight, height, temperature, heart rate, oxygen saturation, and respiratory rate.
Why: To track health trends over time, share readings with your care team, and inform AI-generated care briefs.
Location (Emergency Only)
OptionalWhat: Precise GPS coordinates when you trigger an emergency alert. Optional city-level location for your Circle.
Why: Emergency location is shared with your Circle so they can find you quickly. City-level location enables weather-based care alerts.
Emergency Contacts
OptionalWhat: Names and phone numbers of important contacts (GP, pharmacy, family).
Why: To give your Circle quick access to key contacts in urgent situations.
Documents & Photos
OptionalWhat: Letters, discharge notes, prescriptions, and photos you upload.
Why: To store important care documents securely and share them with your Circle. Documents are encrypted and only accessible by Circle members.
Push Notification Token
RequiredWhat: A device token generated by Apple for delivering notifications.
Why: To send you alerts for messages, care requests, calendar reminders, and emergency notifications.
Subscription Status
RequiredWhat: Whether you have a free or premium subscription, and feature usage counters.
Why: To unlock premium features and sync your subscription across devices. We never see your payment card details — Apple handles all payments.
What We Do NOT Collect
We are committed to minimal data collection. We never collect:
- Insurance information
- National Insurance numbers or government IDs
- Financial or banking details (Apple handles all payments)
- Browsing history outside our app
- Advertising or tracking identifiers (IDFA/IDFV)
- Your contacts list or phone book
- Background location tracking
How AI Uses Your Data
Our AI care features (Care Briefs, Care Assistant, Condition Insights) use health information to generate personalised guidance. Here's exactly how it works:
Your data is sent securely
When a care brief is generated, relevant health profile data (conditions, symptoms, medications, vitals) is sent from our server to Microsoft Azure OpenAI via an encrypted connection.
Processed in the UK
All AI processing happens in Microsoft Azure's UK South data centre. Your data never leaves the United Kingdom for AI processing.
Used ephemerally
The AI reads your data, generates the care brief, and immediately discards the input. No personal health data is stored by the AI provider.
Only the result is saved
The generated care brief text is stored in your Family Circle so all members can read it. The raw health data sent to the AI is not retained.
Microsoft does not use your data to train AI models. We have a clear data processing agreement that prohibits this.
Where Your Data is Stored
All your data is stored using Supabase, a trusted cloud infrastructure provider. Supabase data centres hold SOC 2 Type II certification, meaning they are independently audited for security, availability, and confidentiality.
Database
Supabase (PostgreSQL)
Messages, profiles, health data, care requests
File Storage
Supabase Storage
Voice notes, documents, photos, profile pictures
Authentication
Supabase Auth
Passwords hashed with bcrypt, MFA support
AI Processing
Azure OpenAI (UK South)
Ephemeral — no data retained after processing
How We Protect Your Data
Your family's data is protected by four layers of security:
Encrypted at Rest (AES-256)
All data stored on our servers is encrypted using AES-256, the same standard used by banks and governments.
Encrypted in Transit (TLS 1.3)
Every connection between your device and our servers uses TLS 1.3 encryption, preventing anyone from intercepting your data.
Row-Level Security
Database-level policies ensure you can only ever access data within your own Family Circles. Even if someone gained server access, they cannot read other circles' data.
On-Device Encryption
Cached images and files on your iPhone are protected by hardware Secure Enclave encryption. They are unreadable without your device passcode.
Additional Security Features
Biometric App Lock
Optionally lock the app with Face ID, Touch ID, or Optic ID. The app auto-locks when you switch away.
Two-Factor Authentication
Add an extra layer of security to your account with TOTP-based MFA via any authenticator app.
Signed URLs for Files
Voice notes, documents, and photos use time-limited signed URLs that expire after 1 hour. No permanent public links.
Privacy-First Analytics
Analytics are OFF by default. If you opt in, TelemetryDeck collects only anonymised usage patterns — no personal identifiers.
Who Can See Your Data
Your data is only visible to the people and services that genuinely need it:
Your Family Circle members
Messages, events, care requests, health profiles, documents, vitals, and memories shared within the Circle.
Supabase (infrastructure)
Stores your data. Bound by a data processing agreement. Does not access or read your content.
Microsoft Azure OpenAI
Receives health data ephemerally to generate care briefs. Processes within UK South. Retains nothing.
Apple
Handles push notifications (APNs), subscriptions (StoreKit), and crash reports. Does not have access to your Circle data.
TelemetryDeck (opt-in only)
Receives anonymised usage patterns (e.g. 'a user viewed the calendar screen'). No personal data is transmitted.
Nobody else can see your data. We do not share it with advertisers, data brokers, or any other third parties.
You Are in Control
You always have full control over your data:
How Long We Keep Your Data
| Data Type | Retained For |
|---|---|
| Account & profile data | Until you delete your account |
| Messages & voice notes | Until you delete your account |
| Health profiles & vitals | Until you delete the data or your account |
| AI care brief outputs | Until you delete your account |
| AI input data (sent to Azure) | Not retained — discarded after processing |
| Documents & photos | Until you delete them or your account |
| Anonymised analytics | May be retained indefinitely (no personal data) |
| All data after account deletion | Permanently deleted within 30 days |
Questions?
If anything on this page is unclear, or if you have questions about how your data is handled, please get in touch:
Email: support@alwaysthereforyou.app
For the full legal privacy policy, see our Privacy Policy. You also have the right to contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data.