Draft — For review
All documents in this library are drafts and must be reviewed by qualified legal counsel before being published or shared with users. Engage a HIPAA-specialized attorney to review the Privacy Policy, Notice of Privacy Practices, and Terms of Service before beta launch.
Trust & Safety
Your trust is the foundation
Living Care is built for families sharing sensitive health information. This library brings together our Privacy Policy, Terms of Service, Notice of Privacy Practices, and privacy request process — compiled May 23, 2026.
Privacy policy
User rights, data practices, and subprocessors.
Terms of service
The user agreement governing Living Care.
Notice of privacy practices
Health information rights and protections.
Privacy request
Access, correct, delete, or export your data.
Section 01
Privacy Policy
This Privacy Policy explains what information we collect, how we use it, who we share it with, your rights, and how to contact us. Living Care is not a covered entity under HIPAA. However, we have designed our technical architecture and data practices to exceed HIPAA standards as a matter of trust and ethical responsibility. No raw medical images or scanned document files are ever stored on our systems — only structured data extracted from them.
1
Information we collect
1.1 Account information
- Name, email address, and password (hashed; we never store plaintext passwords)
- Workspace role (Admin, Contributor, Viewer, or Member)
- Authentication tokens managed by Supabase Auth
1.2 Care recipient information
- Name, preferred name, date of birth, primary language, and care setting
- Relationship of the care recipient to the account holder
1.3 Health and care data (entered by users)
- Medications: name, dosage, frequency, prescriber, refill dates
- Vitals logs: blood pressure, weight, glucose, oxygen saturation, heart rate, pain level, mood
- Appointment records: date, time, provider, location, transportation needs
- Activity log entries: care tasks completed, wellness check-in responses, medication adherence events
- Care Protocol data: routines, nutrition guidance, wellness preferences, legal/end-of-life planning notes
- AI-generated Recommendations (pending human approval before any write to clinical data)
1.4 Document processing (scan and discard)
When you upload a document (PDF, JPG, or PNG) to Living Care:
- The file is read into memory on our server for the duration of a single API request.
- The file is passed to an AI extraction engine (Claude, via the Anthropic API) using an encrypted HTTPS connection.
- Structured text data extracted from the document is saved to your account.
- The original file — the image or PDF itself — is permanently discarded and never written to disk, never stored in our database, and never retained in any form.
Hard architectural constraint
We never store raw medical images, prescription photos, or scanned document files. This is enforced at the API route layer — not merely a policy preference.
1.5 Usage and technical data
- Browser type, operating system, and device type
- Pages visited and features used (no third-party advertising trackers)
- IP address and approximate location (used for fraud detection only)
- Error logs (contain no PHI)
2
How we use your information
- To provide, operate, and improve the Living Care platform
- To coordinate care among members of your Care Circle
- To generate AI-powered Recommendations for human review and approval
- To compute longitudinal trend analysis in the Care+ Insights feature
- To send transactional emails (appointment reminders, care circle invitations, wellness alerts)
- To send SMS wellness check-ins via Twilio (when enabled, and only with BAA in place)
- To detect and prevent fraud, abuse, and security incidents
- To comply with applicable law
What we do not do
We do not sell your personal information. We do not use your health data to train AI models. We do not serve advertising.
3
Who we share your information with
3.1 Care Circle members
Members of your workspace's Care Circle can view information according to their assigned role. Admins and Contributors can read and write care data. Viewers can read but not modify. Providers (physicians) have read-only access to clinical data relevant to the care recipient.
3.2 Service providers (subprocessors)
| Vendor | Purpose | Data shared | BAA status |
|---|---|---|---|
| Supabase | Database & Auth | All structured care data | PENDING — required before PHI |
| Vercel | Application hosting | Request payloads in transit | PENDING — required before PHI |
| Anthropic | Document extraction & AI | Document contents (transient, not stored by Anthropic) | PENDING |
| Twilio | SMS wellness check-ins | Phone number + check-in content | PENDING — required before SMS |
| Resend | Transactional email | Name, email, care-related content | PENDING |
HIPAA gate
No real Protected Health Information (PHI) will be processed through any of the above vendors until all required Business Associate Agreements (BAAs) are executed. This is a hard gate, not a recommendation.
3.3 Legal disclosures
We may disclose information if required by law, court order, or to protect the rights and safety of users or third parties.
4
Data retention
- Account and care data is retained for the life of the workspace, plus 7 years after termination (HIPAA-aligned).
- Activity log entries are append-only and are never deleted (audit integrity).
- Uploaded files (documents, images) are never retained — they are discarded within the same HTTP request.
- Waitlist email addresses are retained until the user requests removal or the waitlist closes.
5
Your rights
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data, subject to legal retention requirements.
- Portability: Receive your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdrawal of consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@livingcare.app or use our privacy request page. We will respond within 30 days.
6
Security
- All data is encrypted in transit using TLS 1.2 or higher.
- All database data is encrypted at rest (Supabase AES-256).
- Row-Level Security (RLS) is enforced at the database layer — no user can access data outside their workspace.
- Multi-factor authentication (MFA) is enforced for all users with write access.
- Audit logging records all PHI access and modification events in an append-only log.
- Document uploads are processed and discarded without touching disk or persistent storage.
See our Notice of Privacy Practices for additional health information rights.
7
Children
Living Care is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us immediately.
8
Changes to this policy
We will notify registered users of material changes to this policy by email at least 30 days before the change takes effect. Continued use of the Service after that date constitutes acceptance.
9
Contact
Privacy requests: privacy@livingcare.app
Security incidents: security@livingcare.app
General support: support@livingcare.app
Mailing address: KGR Solutions, Inc., Sunnyvale, CA
Section 02
Terms of Service
1
Description of Service
Living Care is a caregiving intelligence platform for multigenerational families. It provides tools for coordinating care, tracking health data, managing medications, scheduling appointments, and facilitating communication among care team members. Living Care is not a medical device, medical provider, or licensed healthcare service.
Living Care does not provide medical advice, diagnosis, or treatment. Nothing in the Service constitutes medical advice. Always consult a qualified healthcare provider for medical decisions.
2
Account registration and workspaces
- You must provide accurate and complete information when creating an account.
- You are responsible for maintaining the confidentiality of your credentials.
- One workspace is created per care recipient. Access is governed by role assignments (Admin, Contributor, Viewer, Member).
- You are responsible for all activity that occurs under your account.
3
Acceptable use
You agree not to:
- Use the Service for any unlawful purpose or to violate any applicable law or regulation.
- Upload or transmit false, misleading, or fraudulent health information.
- Attempt to access data belonging to another workspace.
- Reverse engineer, decompile, or attempt to extract the source code of the Service.
- Use the Service to build a competing product.
- Transmit malware, viruses, or any destructive code.
Additional behavioral standards are described in our Acceptable Use Policy, incorporated by reference into these Terms.
4
Health data and AI features
- You retain ownership of all health and care data you enter into Living Care.
- AI-generated Recommendations are suggestions only. They require explicit human approval before any data is written. The Company is not liable for outcomes resulting from approved or dismissed Recommendations.
- Document scanning extracts structured data from uploaded files. The original file is permanently discarded in the same request and is never stored.
- The Care Insights feature (Care+ tier) provides trend analysis for informational purposes only. It is not a diagnostic tool.
Our data practices are described in the Privacy Policy and Notice of Privacy Practices.
5
Subscription and billing
- Free tier: core care coordination features, no charge.
- Core plan: $25/month per workspace.
- Care+ plan: $45/month per workspace (includes Insights and advanced AI features).
- Agency plan: $35–$50/seat/month (volume pricing available).
- Billing cycles: monthly, quarterly, or annual.
- All fees are non-refundable except as required by law or as stated in a separate agency agreement.
6
Termination
We may suspend or terminate your account for violation of these Terms, non-payment, or at our discretion with 30 days' notice. You may terminate your account at any time by contacting support. Upon termination, your data is retained for 7 years per HIPAA-aligned data retention requirements, then permanently deleted.
7
Disclaimer of warranties
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE, UNINTERRUPTED, OR FREE OF HARMFUL COMPONENTS.
8
Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF DATA, REVENUE, OR PROFIT, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9
Governing law
These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. Any disputes will be resolved in the state or federal courts located in Delaware.
10
Changes to Terms
We will notify users of material changes at least 30 days before they take effect. Continued use after that date constitutes acceptance of the updated Terms.
11
Contact
For questions about these Terms: support@livingcare.app
Section 03
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT THE CARE RECIPIENT IN YOUR LIVING CARE WORKSPACE MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Living Care is a technology platform operated by KGR Solutions, Inc. We are not a covered entity or business associate as those terms are defined under HIPAA. However, because our platform stores and processes health-related information about care recipients, we have voluntarily adopted privacy practices consistent with HIPAA's requirements as a matter of ethical responsibility. This Notice describes those practices.
1
Your health information rights
The care recipient's health information stored in Living Care includes: medications, vital signs, appointment records, activity logs, documents processed through the platform, Care Protocol data, and AI-generated Insights and Recommendations.
Right to access
The workspace Admin may request a complete export of all care recipient data at any time by contacting us. We will provide the export within 30 days.
Right to amend
If you believe information in Living Care is incorrect or incomplete, you may correct it directly in the application (if you have write access) or contact us.
Right to an accounting of disclosures
You may request a list of instances where health information has been disclosed outside of your Care Circle. We maintain an audit log of all data access and modification events.
Right to restrict
You may request that we restrict certain uses or disclosures of health information. We will accommodate reasonable requests where technically feasible.
Right to delete
Subject to legal data retention requirements (7 years for health records), you may request deletion of your data by contacting us.
2
How we use and disclose health information
To provide the Service
Health information is used to provide care coordination features, generate Recommendations, compute Insights, send appointment reminders, and facilitate communication among Care Circle members.
Within your Care Circle
Information is shared among workspace members according to their assigned roles. Admins and Contributors can read and write. Viewers and Providers can read only.
With service providers
We share information with Supabase (database), Vercel (hosting), Anthropic (AI extraction), Twilio (SMS), and Resend (email) — all under Business Associate Agreements or equivalent data processing agreements before any Protected Health Information is transmitted.
As required by law
We may disclose information as required by applicable law, regulation, or legal process.
3
What we will never do
- Sell your health information to any third party.
- Use health data to train AI models without explicit consent.
- Store raw medical images, scanned prescriptions, or uploaded document files.
- Share health information with advertisers.
- Allow any AI action to write to clinical data without explicit human approval.
4
Our duties
We are required to maintain the privacy of health information, provide this Notice of Privacy Practices, and follow the terms described herein. We reserve the right to change our privacy practices and this Notice. Material changes will be communicated to registered users at least 30 days in advance.
5
Complaints
If you believe your privacy rights have been violated, contact us at privacy@livingcare.app. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy/hipaa/complaints.
6
Contact
Privacy Officer: KGR Solutions, Inc.
Email: privacy@livingcare.app
Domain: livingcare.app
7
Related documents
Section 04
Privacy Request
1
Your rights
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data, subject to legal retention requirements (7 years for health records).
- Portability: Receive your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdrawal of consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
- Accounting of disclosures: Request a list of instances where health information has been disclosed outside your Care Circle.
Workspace Admins may request a complete export of all care recipient data. Deletion requests must be submitted by a workspace Admin with authority over the relevant workspace. We will verify your identity before fulfilling any request.
2