Privacy Policy

Last updated: 2026-04-21

This Privacy Policy describes how "How Are You?!" (the "App") collects, uses, and protects your information. We are committed to transparency about data practices and protecting your privacy.

1. Information We Collect

To provide emergency detection services, How Are You?! collects the following information:

• Precise GPS coordinates (location data) - Used to identify your location patterns and detect deviations
• Motion sensor data (accelerometer, gyroscope, barometer) - Used to detect activity levels and unusual stillness
• Activity patterns (sleep schedules, stillness duration, daily routines) - Learned during the learning phase
• Email addresses - Alert recipients configured by family members
• Safe zone patterns (home, park, coffee shop locations) - Learned from your regular movement patterns

2. How We Use Information

Your information is used exclusively for the following purposes:

• Emergency detection - Statistical anomaly analysis detects unusual stillness, abnormally long sleep periods, and location deviations from safe zones
• Behavioral pattern learning - Google's Gemini AI processes anonymous behavioral summaries securely to analyze your patterns during the learning phase
• Emergency alerts to family - When anomalies are detected, GPS coordinates and timestamp are sent to configured email addresses via encrypted email
• Monthly pattern recalibration - Automatic threshold updates to adapt to changing routines

Your data is NOT used for:

• Advertising or marketing
• Analytics or user tracking
• Third-party sharing or selling
• Any purpose other than emergency detection

3. Data Storage and Security

We implement the highest privacy and security standards:

• All detailed data stored locally - All behavioral data is stored on your device only using Room database with SQLCipher encryption
• Behavioral summaries for safety - Behavioral summaries and general location context are sent to Google's Gemini AI via secure encrypted connection for safety analysis — similar to what any maps or weather app uses. No names or personal identifiers are included
• Secure credential storage - API credentials are stored securely on-device
• Encrypted transmission - Emergency alerts are encrypted with TLS 1.3 when sent via email API
• Secure AI processing - Google's Gemini AI processes behavioral summaries and location context securely; no raw sensor data, names, or personal identifiers are transmitted

Data Transmitted for AI Safety Analysis

To provide accurate safety analysis, the app sends behavioral summaries and location context to Google's Gemini AI via secure encrypted connection (HTTPS/TLS). This includes:

• Activity pattern summaries (e.g., "morning activity 7-9 AM, 5 days/week")
• Stillness duration statistics (e.g., "average daytime rest: 2 hours")
• Routine deviation indicators (e.g., "stillness exceeds learned threshold")
• General location context (e.g., "at home", "2.5 km from home", approximate coordinates)

This data does NOT include:

• Personal information (name, age, contacts)
• Raw sensor data
• Email addresses or account identifiers

Google's AI processes the summary and returns a safety assessment. Google does not use this data for advertising or model training (paid API tier). See Google's Gemini API Terms of Service for details.

Push Notifications for Monitoring Survival

To ensure continuous safety monitoring, the app receives silent push notifications approximately every 6 hours. These notifications:

• Contain no personal data — only a timestamp and message type identifier
• Do not display on the device — they are silent data messages used only to verify the monitoring service is running
• Enable automatic recovery — if the phone manufacturer has stopped the background service, these pushes help restart it
• Prevent OS hibernation — regular delivery tells Android the app is still in use, preventing automatic permission revocation after months of inactivity

Push notifications are delivered via Firebase Cloud Messaging (Google LLC). See Firebase Terms of Service: https://firebase.google.com/terms.

4. Data Sharing and Sub-Processors

To deliver core safety functionality, the App shares specific data with two contracted third-party processors. Each operates under a Data Processing Agreement (where applicable under GDPR Article 28) and processes data solely on our behalf, for the limited purposes described below. We do not sell your data, do not share it with advertising networks, do not use it for analytics, and do not share it with anyone other than the two named processors below.

Named Sub-Processors

• Google LLC — Gemini API. We send anonymized behavioral summaries (motion patterns, stillness durations, approximate location cluster centroids) to Google's Gemini API for AI-based safety analysis and weekly recalibration of personalized thresholds. No names, no email addresses, no raw GPS coordinates of your home, and no device identifiers are transmitted. Google's terms for Gemini API usage are available at https://ai.google.dev/terms. Under the paid API tier, Google does not use this data for advertising or model training.
• Resend, Inc. — Transactional email delivery. When a safety alert is triggered, the alert email content (including the monitored user's current GPS coordinates and the configured family recipient email addresses) is transmitted to Resend solely for delivery of the alert email. Resend processes this data only to send the email and does not retain it for any other purpose. Resend's privacy policy is available at https://resend.com/legal/privacy-policy.

What we never do

• No advertising or analytics: Zero advertising networks, zero analytics services, zero tracking pixels, zero third-party SDKs for marketing.
• No data sales: We will never sell, license, or rent your data to anyone.
• No secondary use: Data is used solely for the safety detection purposes described in Section 2.
• No additional sharing: Beyond Google LLC and Resend, Inc. (named above), we do not share data with any other third party.

International Data Transfers

Both Google LLC and Resend, Inc. are headquartered in the United States. When you use the App in the European Economic Area (including Bulgaria and Germany), the United Kingdom, or Switzerland, your data may be transferred to, processed, and stored in the United States or other jurisdictions where these sub-processors operate.

These transfers are governed by:

• Standard Contractual Clauses approved by the European Commission under GDPR Article 46, incorporated into the data processing agreements with both sub-processors.
• Google's certifications under the EU–US Data Privacy Framework, where applicable.
• Resend's contractual safeguards for cross-border transfers, including Standard Contractual Clauses incorporated into their standard Data Processing Agreement.

By installing and using the App in a region subject to cross-border data transfer regulations, you consent to these transfers as a necessary condition for the safety monitoring functionality to operate.

Lawful Basis for Processing (GDPR)

For users in the European Economic Area, the United Kingdom, and Switzerland, our legal bases for processing personal data under GDPR Article 6 are:

• Consent (Article 6(1)(a)): By installing the App, granting the requested permissions, and configuring email recipients, both the monitored person and their caregivers explicitly consent to the data collection, processing, and sharing described in this policy. Consent may be withdrawn at any time by uninstalling the App or by using the in-app "Reset Learning" function.
• Legitimate interests (Article 6(1)(f)): Safety monitoring of vulnerable elderly users to prevent harm, with the explicit knowledge and consent of the monitored person and their caregivers. This interest is not overridden by individual rights and freedoms because monitoring is opt-in, can be disabled at any time, and is limited to the minimum data necessary for safety detection.

5. Data Retention and Deletion

You have complete control over your data:

• Retention period: Behavioral data is retained until app uninstall OR "Reset Learning" button is triggered
• Immediate deletion on uninstall: Android automatically deletes all app data when you uninstall
• Immediate deletion on reset: The "Reset Learning" button (accessible from your device) deletes all behavioral data immediately - preserving dignity and autonomy
• No cloud backups of your personal data: All detailed data is stored locally and always deleted completely
• Complete control: You maintain full control over your data lifecycle

6. Your Rights

You have the following rights regarding your data:

• Access: View your behavioral data via the Status Dashboard
• Delete: Delete all data via "Reset Learning" button or app uninstall
• Update: Update email recipient addresses anytime through Settings
• No account required: Privacy-by-design means no account creation or registration
• Maintain autonomy: "Reset Learning" is accessible from your device - you are always in control

7. Children's Privacy

How Are You?! is not directed at children:

• Not for children under 13: COPPA compliant - we do not knowingly collect data from children
• Target audience: Adult children (30+) setting up the app for elderly parents (60+)
• No data from minors: We do not collect or process data from anyone under 13

8. Changes to Privacy Policy

We may update this Privacy Policy from time to time:

• Updates posted here: Changes will be published at this URL
• In-app notification: Material changes will be announced in-app when you launch the app
• Last updated date: Always visible at the top of this policy

9. Contact Information

If you have questions about this Privacy Policy, the App, or wish to exercise any of your data protection rights under GDPR or other applicable privacy laws:

• General contact and data protection inquiries: developer@howareu.app
• Response time: We aim to respond to all data protection inquiries within 30 days as required by GDPR Article 12.