Privacy Policy

1. Introduction

Qash Solutions Inc. ("we," "us," or "our") operates myguide.health (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Business Information:
Company: Qash Solutions Inc.
DUNS Number: 119536275
Location: Texas, United States
Contact: admin@myguide.health
Response Time: Within 5 business days

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Eligibility

Our Service is available only to users who are at least 18 years of age. By using the Service, you represent and warrant that you are at least 18 years old. We do not knowingly collect information from individuals under 18.

3. Geographic Scope

Our Service is intended for use by residents of the United States only. By using our Service, you consent to the transfer and processing of your information in the United States.

4. Information We Collect

4.1 Personal Information

We collect the following personal information:

• Email address (for authentication and communication)
• Phone number (for SMS notifications and authentication)
• First and last name
• Profile image (optional)
• Email and phone verification status
• User preferences (theme, notification settings)
• Account creation and last login timestamps

4.2 Elder and Care Information

If you use our caregiving features, we collect:

• Elder name, date of birth, and profile image (optional)
• Care notes and group membership information

4.3 Health and Medical Information

With your explicit consent, we collect and process sensitive health information:

• Medications: Names, dosage, frequency, prescribing doctor, start/end dates, reminders, supply tracking, medication logs (timing, status: taken/missed/skipped), voice transcripts, and AI analysis
• Supplements: Names, dosage, frequency, logs with timing and status, voice transcripts
• Diet Information: Meal types, food items, timestamps, voice transcripts, AI nutritional analysis
• Medical Assessments: Dementia screening results, drug interaction data, medication side effects correlation, schedule conflict detection

Important: You must provide explicit consent before accessing medical features. Your consent expires after 90 days and requires renewal. You may revoke consent at any time through your account settings.

4.4 Voice Data

• Voice recordings when you use voice-enabled medication or diet logging
• Voice transcripts with confidence scores

4.5 Location Data

• Optional geolocation data for caregiver check-in/check-out during shift sessions

4.6 Files and Documents

• Uploaded files (profile images, elder photos, documents)
• File metadata (path, name, type, size, category, upload timestamps)

4.7 Usage and Activity Data

• Session information (session ID, device information, user agent, platform, language)
• Session duration, last activity timestamp, page views
• User actions (medication logs, diet entries, settings changes)
• All activity is logged with action type, timestamp, and details

4.8 Subscription and Trial Data

• Phone number hash (to enforce one trial per phone number)
• Trial start/end dates
• Subscription status and tier (Family, Single Agency, Multi Agency)
• Storage usage and limits
• Stripe customer ID and subscription ID (payment details handled by Stripe)

4.9 Technical and Security Data

• IP address (optional, collected only for medical consent audit trails)
• Browser and device information (user agent)
• Bot protection challenge responses

5. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our Service
• To authenticate your identity and manage your account
• To enable caregiving features (medication tracking, diet logging, health summaries)
• To send SMS and email notifications for medication reminders and health alerts
• To generate AI-powered health summaries and analysis
• To detect drug interactions and medication side effects using FDA data
• To enable voice-based logging features
• To process subscription payments and manage billing
• To enforce trial limits (one trial per phone number)
• To protect against bots and fraudulent activity
• To maintain audit trails for medical consent and data access (HIPAA-aligned practices)
• To comply with legal obligations

We do not send marketing communications. All emails and SMS messages are transactional only (verification codes, medication reminders, health alerts).

6. Third-Party Services

We use third-party service providers to support our Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data.

6.1 Infrastructure and Storage

Google Firebase/Google Cloud

• Firebase Authentication (email/password and phone number authentication)
• Cloud Firestore (database for all user and health data)
• Firebase Cloud Storage (file storage for images and documents)
• Firebase Cloud Messaging (push notifications)
• Firebase App Check with reCAPTCHA v3 (bot protection)
• Firebase Analytics (optional, only if you consent to analytics cookies)

Data Shared: All user data, health records, files, authentication credentials, device tokens, and session data.

6.2 Artificial Intelligence

Google Gemini AI

We use Google Gemini AI to generate daily health summaries, analyze diet entries, detect medication compliance patterns, and provide an AI chat assistant for caregivers.

Data Sent to Gemini: Medication logs and schedules, supplement logs, diet entries, elder names and ages, health conditions (if provided), user chat messages, and voice transcripts.

API Endpoint: https://generativelanguage.googleapis.com/v1beta/models/gemini-pro:generateContent

6.3 Communication Services

Twilio (SMS)

• Purpose: SMS verification codes (OTP), medication reminders, health alerts
• Data Shared: Phone numbers and SMS message content (medication names, alerts)

SendGrid (Email)

• Purpose: Email verification and notifications
• Data Shared: Email addresses and notification content

6.4 Payment Processing

Stripe

• Purpose: Subscription payments and billing management
• Data Shared: Stripe customer ID and subscription ID. Payment information is handled directly by Stripe and never stored on our servers.

6.5 Voice Services

Browser Web Speech API and Google Cloud Speech-to-Text

• Purpose: Voice-enabled medication and diet logging
• Data Shared: Audio recordings and voice transcripts

6.6 Medical Data

FDA API (OpenFDA)

• Purpose: Drug interaction detection, medication safety information, side effect data
• Data Shared: Medication names only (for lookup). No personal health information is sent to the FDA.
• API Endpoint: https://api.fda.gov/drug/label.json

6.7 Security Services

Cloudflare Turnstile and Google reCAPTCHA v3

• Purpose: Bot protection and CAPTCHA verification
• Data Shared: Challenge responses, browser metadata, user interactions, device information

7. Cookies and Tracking Technologies

7.1 Essential Cookies (Always Active)

These cookies are necessary for the Service to function:

• Authentication tokens (Firebase Auth session cookies)
• Session management (user session state)

7.2 Optional Cookies (Require Your Consent)

Analytics Cookies: Track user behavior and usage patterns (Firebase Analytics)

Marketing Cookies: Currently not used

7.3 Local Storage

We store the following data in your browser's local storage:

• app_session_id - Session identifier (persists across page reloads until logout)
• app_session_data - Session metadata
• app_session_start - Session start timestamp
• cookie-consent - Your cookie preferences

7.4 Session Tracking

We collect session data including:

• Session ID, user ID (when logged in)
• Device information (user agent, platform, language)
• Session duration, last activity timestamp
• Page views and user actions

Sessions expire after 24 hours of inactivity and are automatically deleted.

7.5 Cookie Consent Management

When you first visit our Service, you will be asked to consent to optional cookies. Your consent preferences are stored in local storage and in our database with a timestamp and version number. You can change your preferences at any time through the cookie settings.

7.6 Do Not Track

We respect Do Not Track (DNT) browser signals. If your browser sends a DNT signal, we automatically disable analytics cookies and do not track your browsing behavior beyond what is necessary for the Service to function.

8. Data Sharing

8.1 Within the Application

Group Members:

• Family members in the same group can view shared elders' data
• Permission levels control who can view vs. edit
• Group admins have full access to group data

Caregivers (Agency Model):

• Professional caregivers can only access elders they are specifically assigned to
• Agency super admins manage caregiver assignments and have access to all groups within their agency
• Strict isolation is enforced between different agencies

Doctor Visit Summaries:

• You can share summaries with specific users
• Summaries can be exported as PDF or JSON for doctor appointments

Shift Handoff Notes:

• Shared between caregivers working with the same elder
• Includes medication administration, meals, and notable events

8.2 External Sharing

We do not automatically share your data with healthcare providers. You must manually export and share data with your doctors or hospitals. The Service provides export capabilities (JSON, CSV, PDF) for this purpose.

8.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

9. Data Security

We implement multiple layers of security to protect your information:

9.1 Infrastructure Security

• All data stored in Firebase/Google Cloud with enterprise-grade security
• Data encrypted in transit (HTTPS/TLS) and at rest
• Firebase App Check validates all requests using reCAPTCHA v3

9.2 Access Control

• Authentication required for all operations (no anonymous access)
• Role-based permissions (admin, caregiver, family member)
• Ownership-based access control (users can only access their own data)
• Caregiver assignment validation (caregivers can only access assigned elders)
• Group membership validation

9.3 Data Protection Measures

• Phone numbers hashed before storage (for trial enforcement)
• Protected fields (users cannot modify: ID, creation date, trial dates, subscription status)
• Session expiry after 24 hours of inactivity

9.4 Medical Data Security

• Explicit consent required before accessing medical features
• Consent expires after 90 days (automatic re-consent required)
• All medical feature access is logged with audit trails
• IP address and user agent logged for medical consent audit trails (optional)

9.5 Security Limitations and Disclaimer

You acknowledge and agree that:

• We cannot guarantee the absolute security of your data
• You transmit information to us at your own risk
• We are not responsible for any circumvention of privacy settings or security measures contained on the Service
• Any unauthorized access, use, or disclosure of your information due to factors outside our reasonable control is not our responsibility
• You are responsible for maintaining the security of your account credentials and for any activities that occur under your account

In the event of a security breach affecting your personal information, we will comply with applicable data breach notification laws and notify affected users as required by law.

10. Data Retention and Deletion

10.1 Active Accounts

We retain your data for as long as your account is active or as needed to provide you with the Service.

10.2 Account Deletion

When you delete your account:

• Free/Trial Accounts: Data is permanently deleted immediately upon account deletion
• Paid Subscriptions: Your data and access remain available until the end of your current subscription period, after which all data is permanently deleted

10.3 What Gets Deleted

Complete data deletion includes:

• User profile and account information
• All groups (if you are the admin)
• All elders and their data
• All medications, supplements, and logs
• All diet entries
• All activity logs and session data
• All notification logs and reminder schedules
• All AI-generated summaries and chat history
• All invites and invite acceptances
• All uploaded files (profile images, documents) in Firebase Storage
• Phone number hash (trial enforcement data)
• Medical consents and access logs
• Cookie consent preferences

10.4 Session Data

Sessions automatically expire and are deleted after 24 hours of inactivity.

10.5 Backup Retention

We do not maintain backup retention periods. Data is permanently deleted as described above.

11. Your Rights

11.1 Access and Portability

• View Your Data: Access all your information through your dashboard
• Export Your Data: Download your complete data as JSON or CSV files at any time
• Export includes: user profile, groups, elders, medications, logs, diet entries, and activity logs

11.2 Deletion (Right to be Forgotten)

• Delete your account and all associated data at any time through account settings
• For paid accounts, data deletion occurs at the end of the current subscription period

11.3 Consent Management

• Medical Features: Provide, renew (every 90 days), or revoke consent for medical features
• Cookies: Manage cookie preferences (analytics, marketing) at any time
• Notifications: Control notification preferences through your settings

11.4 Correction

• Update or correct your personal information through your account settings

11.5 Opt-Out

• SMS Notifications: Disable SMS alerts through notification settings
• Email Notifications: Disable email alerts through notification settings
• Analytics: Disable analytics cookies through cookie preferences or enable Do Not Track in your browser

To exercise any of these rights, contact us at admin@myguide.health. We will respond within 5 business days.

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you within 72 hours of discovering the breach. Notification will be sent to your registered email address and may also be posted on our Service.

13. Medical Disclaimer

Our Service is not a substitute for professional medical advice, diagnosis, or treatment. The AI-generated summaries, drug interaction detection, and other medical features are provided for informational purposes only and should not be relied upon as medical advice.

Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read or received through our Service.

FDA drug interaction data is provided verbatim from the OpenFDA API and may not be complete or up-to-date. We are not responsible for any errors or omissions in FDA data.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy and post the updated policy on this page.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after we post any modifications to the Privacy Policy constitutes your acknowledgment of the modifications and your consent to abide by the modified policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: admin@myguide.health
Company: Qash Solutions Inc.
DUNS Number: 119536275
Location: Texas, United States

We will respond to all inquiries within 5 business days.