Privacy Policy

Last updated: 9 February 2026

CareCall ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, and your rights under applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

CareCall is an AI-powered companion calling service for elderly people. For the purposes of data protection law, CareCall is the data controller — we decide how and why your personal data is processed.

Contact: hello@carecall.me

2. What Data We Collect

Category	Data	Purpose
Account	Name, phone number, emergency contact number	Service delivery, identity, emergency alerts
Preferences	Call schedule, language, medication reminder setting, call frequency	Personalising Sally's calls
Conversation	Transcripts of calls with Sally (text)	Memory, personalisation, service improvement
Memories	Key facts extracted from conversations (interests, family names, health mentions)	Making Sally remember and feel like a real friend
Call Records	Call times, durations, statuses (completed, missed)	Billing, usage tracking, missed-call safety net
Payment	Stripe Customer ID (we do NOT store card numbers)	Subscription billing via Stripe
Technical	Session tokens, device/browser info (via user-agent)	Authentication, security
Reminders	User-requested reminders ("remind me to call my daughter")	Delivering reminders on the next call

We do NOT collect: Audio recordings of calls (only text transcripts), precise location data, biometric data, or any financial details (payments are handled entirely by Stripe).

3. How We Use Your Data

Service delivery: Making calls, personalising conversations, delivering reminders
Safety features: Missed-call retries, emergency contact alerts when the user is unreachable
Billing: Processing subscriptions and minute tracking
Service improvement: Understanding usage patterns to improve Sally's conversation quality
Communication: Important service updates or account notifications

We do not use your data for advertising, sell your data to third parties, or use it for purposes unrelated to the CareCall service.

4. Lawful Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

Basis	Applies To
Contract (Art. 6(1)(b))	Providing the service you signed up for — calls, memory, scheduling, billing
Consent (Art. 6(1)(a))	Medication reminders (opt-in toggle), push notifications, emergency contact alerts
Legitimate Interest (Art. 6(1)(f))	Service improvement, fraud prevention, security monitoring
Legal Obligation (Art. 6(1)(c))	Tax records, responding to lawful requests from authorities

5. Third-Party Services

We use a limited number of third-party services to operate CareCall:

Service	Purpose	Data Shared
OpenAI	AI conversation engine	Conversation text, user name, memories (for personalisation)
Telnyx	Telephone calls (SIP/PSTN)	Phone number, call audio (real-time streaming, not stored by Telnyx)
Stripe	Payment processing	Name, email (if provided), payment method (handled by Stripe directly)
Railway	Server hosting	Application data stored on Railway's EU infrastructure

Each third-party service operates under its own privacy policy and data protection agreements. We only share the minimum data necessary for each service to function.

6. Data Storage & Security

Data is stored on secure servers via Railway with encrypted connections (TLS/SSL).
Database access is restricted and password-protected.
Session tokens are used for authentication — passwords are not stored.
Payment data is handled entirely by Stripe — we never see or store card numbers.
We implement reasonable technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

7. Data Retention

Data Type	Retention Period
Account information	Until account deletion or 12 months after last activity
Conversation transcripts	Duration of active account (deleted on account reset/deletion)
Memories	Duration of active account (deleted on account reset/deletion)
Call records	12 months for billing purposes, then anonymised
Payment records	As required by UK tax law (typically 6 years)

When you delete your account or use the "Reset Account" feature, your personal data, conversation history, and memories are permanently deleted from our database.

8. Your Rights

Under UK GDPR, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Ask us to correct inaccurate or incomplete data
Erasure — Ask us to delete your data ("right to be forgotten")
Restriction — Ask us to temporarily stop processing your data
Portability — Request your data in a machine-readable format
Objection — Object to processing based on legitimate interests
Withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email us at hello@carecall.me. We will respond within one month as required by law.

9. Children's Data

CareCall is designed for adults, primarily elderly users. We do not knowingly collect data from anyone under 18. If you believe a minor's data has been submitted, please contact us immediately.

10. International Data Transfers

Some of our third-party services (OpenAI, Stripe) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the ICO
UK International Data Transfer Agreements (IDTAs) where applicable
Adequacy decisions where the destination country provides equivalent data protection

11. Cookies & Local Storage

CareCall uses:

Session tokens stored in your browser's local storage for authentication
Service worker cache for offline functionality and performance
Preference storage (notification settings) in local storage

We do not use advertising cookies, tracking pixels, or analytics services that track you across other websites.

12. Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Commissioner's Office (ICO) within 72 hours
Inform affected users without undue delay
Take immediate steps to contain and remediate the breach

13. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top will be revised accordingly. Significant changes will be communicated via the app.

14. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns first — please email us at hello@carecall.me.

Contact Us

CareCall — hello@carecall.me

For privacy questions, data requests, or any concerns about your personal information.