Privacy Policy

Introduction

TendTo ("we," "us," or "our") is operated by Thoughtful Labs, LLC. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use TendTo.ai (the "Service"), an elder care coordination platform for family caregivers.

By using TendTo, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Information We Collect

Personal Information

• Name and email address (account registration)
• Profile information you choose to provide

Health Information

• Medications, dosages, and schedules
• Medical appointments and provider information
• Medical records and documents you upload
• Health notes and journal entries
• Emergency medical information

Financial Information

• Bill amounts and due dates
• Account numbers (encrypted with AES-256-GCM)
• Payment information (processed by Stripe — we do not store card numbers)

Documents

• Files you upload (medical records, insurance documents, legal documents, etc.)

Usage Information

• Device type, browser, and operating system
• Pages visited and features used
• Error logs and performance data

How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process your care management data (medications, appointments, bills, documents)
• Power AI features including the care assistant, document analysis, and drug interaction checks
• Send service-related notifications (appointment reminders, bill due dates, medication alerts)
• Process payments and manage subscriptions
• Respond to support requests
• Detect and prevent fraud or abuse

AI Data Processing

TendTo uses artificial intelligence to power features like the care assistant, document analysis, drug interaction checking, and intelligent search. To provide these features, certain data you enter or upload may be sent to our AI providers:

• Anthropic (Claude) — Powers the AI care assistant and document analysis
• Google (Gemini) — Powers document processing and embeddings

These providers process data solely to deliver responses to your requests. They operate under data processing agreements with us and do not use your data to train their AI models. Data sent to these providers is transmitted securely via TLS encryption.

We Never Sell Your Data

TendTo does not sell, rent, or trade your personal information to third parties. Ever. This includes health information, financial information, and any other data you entrust to us.

Data Sharing

We share your information only with:

• AI Providers (Anthropic, Google) — To power AI features, as described above
• Stripe — To process payments. Stripe's privacy policy governs payment data.
• Your Care Circle — Data you enter is shared with other members of your care circle, as that is the core function of TendTo
• Emergency Contacts — If you generate a shareable emergency URL, the medical information in that link is accessible to anyone with the URL
• Legal Requirements — If required by law, subpoena, or court order

We do not share data with advertisers or data brokers.

Cookies and Tracking

We use minimal cookies, strictly for functionality:

• Authentication cookies (Supabase) — Essential for keeping you signed in
• Security cookies (Cloudflare Turnstile) — Used during signup to prevent automated abuse

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. For more details, see our Cookie Policy.

Data Security

We take the security of your data seriously:

• Encryption at rest — Sensitive fields (passwords, account numbers) are encrypted with AES-256-GCM
• Encryption in transit — All data is transmitted over TLS
• Infrastructure — Data is hosted in the United States via Supabase
• Access controls — Row-level security ensures users only access data within their care circles

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention and Deletion

• Your data is retained as long as your account is active
• You may request account deletion at any time by contacting [email protected]
• Upon deletion request, all your data will be permanently removed within 30 days
• If you are the sole admin of a care circle, deleting your account will delete all circle data

Children's Privacy

TendTo is designed for family caregivers managing elder care. While we do not impose age restrictions, the Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information — though we never sell your data
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days.

HIPAA Disclaimer

TendTo is a personal health management tool for family caregivers — similar to consumer health apps like Apple Health or CareZone. TendTo is not a covered entity or business associate under HIPAA (the Health Insurance Portability and Accountability Act). We are not a healthcare provider, health plan, or healthcare clearinghouse. While we implement strong security measures to protect your health information, the HIPAA regulatory framework does not apply to our Service.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of TendTo after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, contact us at: