Privacy Policy
Last updated: May 4, 2026
At OdeCare (“we,” “us,” or “our”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hardware devices, mobile application, and web dashboard (collectively, the “Services”).
Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy.
1. Our Privacy-First Approach
OdeCare is built on a foundation of privacy. Our radar-based monitoring technology is specifically designed to protect the dignity and privacy of those being monitored:
- No cameras: We never capture images or video
- No audio: We do not record sounds or conversations
- No biometrics collected server-side: We do not store fingerprints, facial data, or other biometric identifiers. Face ID and fingerprint authentication in the app happens entirely on your device via the OS secure enclave — this data never reaches our servers.
- Local processing: Motion and presence data is processed on-device whenever possible; only derived events (e.g., a fall alert) are transmitted to our servers
2. Information We Collect
2.1 Device Sensor Data
Our hardware sensors collect anonymized motion and environmental data, including:
- Presence and movement patterns (detection of presence or absence in a monitored area)
- Fall detection events
- Environmental readings (temperature, humidity, gas levels)
- Device status and connectivity information (signal strength, battery level, firmware version)
This sensor data is processed on-device. Only derived alert events are transmitted off-device.
2.2 Account Information
When you create an account, we collect:
- Name and email address
- Phone number (used for alert delivery)
- Password (stored as a cryptographic hash; we never store plain-text passwords)
- Notification and alert preferences
2.3 Mobile Application and Usage Data
When you use our mobile application, we may collect:
- Features used and actions taken within the app
- Device type, operating system version, and app version
- IP address (used to derive approximate country/region; precise GPS location is never collected or requested)
- Push notification tokens (used solely to deliver alerts to your device)
- Crash reports and diagnostic data (collected anonymously to improve stability)
We do not collect precise GPS location. IP-based location is used only at the country/region level for compliance and service delivery purposes.
2.4 Third-Party SDKs and Services
Our mobile application integrates the following third-party SDKs that may collect limited technical data:
- Firebase Cloud Messaging (FCM) via
expo-notifications— used to deliver push notifications to your device. FCM collects push notification tokens and device platform/OS version to route messages. FCM does not receive any health, sensor, or personal data from OdeCare. Firebase Privacy Policy - Expo Update Service via
expo-updates— used for over-the-air app updates. It collects device platform, Expo SDK version, and update channel identifier. No personal data is transmitted. Expo Privacy Policy - expo-local-authentication — enables Face ID and fingerprint login in the app. All biometric matching occurs locally on your device using the OS secure enclave. No biometric data is ever transmitted to OdeCare or any third party.
- expo-secure-store — stores authentication tokens in your device's encrypted secure storage. This data never leaves your device.
We do not use advertising SDKs, behavioural tracking SDKs (such as Amplitude or Mixpanel), crash reporting SDKs (such as Sentry), or share data with ad networks or data brokers.
3. How We Use Your Information
We use the collected information to:
- Provide, operate, and maintain our monitoring Services
- Deliver real-time alerts and push notifications when events are detected
- Authenticate your account and ensure session security
- Improve our products and develop new features
- Provide customer support and respond to inquiries
- Ensure the security and integrity of our systems
- Comply with applicable legal obligations
- Conduct anonymized, aggregated analytics to understand how our Services are used
We do not use your personal data for targeted advertising, and we do not sell your data.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Delivering monitoring alerts and push notifications | Performance of a contract (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Art. 6(1)(a)) — you may withdraw consent at any time |
5. Data Storage and Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your device and our servers uses TLS encryption
- Encryption at rest: Stored data is encrypted using industry-standard algorithms
- Access controls: Access to production systems is restricted to authorised personnel using multi-factor authentication
- Regular security reviews: We conduct periodic security audits of our infrastructure and application code
For business customers, we offer on-premise data storage options to meet specific compliance requirements.
6. Data Retention
We retain your data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion, plus 30 days for recovery |
| Motion and presence event data | 90 days (configurable for business customers) |
| Alert history | 1 year |
| Push notification tokens | Until notification opt-out or account deletion |
| Crash and diagnostic logs | 90 days |
| Anonymised, aggregated analytics | May be retained indefinitely |
Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law.
7. Data Sharing and Disclosure
We do not sell your personal data. We may share information only in the following circumstances:
- Service providers: We share data with trusted third-party vendors (hosting, push notifications) who process data on our behalf under strict data processing agreements. These vendors are prohibited from using your data for their own purposes.
- Emergency services: If you have opted in to emergency dispatch features, alert data may be shared with emergency responders.
- Legal requirements: We may disclose data when required by applicable law, court order, or to protect the rights, property, or safety of OdeCare, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.
- With your explicit consent: For any other purpose, only with your prior written consent.
8. International Data Transfers
OdeCare operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Firebase and Expo infrastructure operates), which may not provide the same level of data protection as your home jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) where applicable
You may request a copy of the applicable safeguards by contacting us at hi@odecare.com.
9. Your Privacy Rights
9.1 Rights for All Users
Regardless of your location, you may:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention obligations)
- Portability: Receive your data in a structured, machine-readable format
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
9.2 Additional Rights for EEA/UK Users (GDPR)
If you are located in the EEA or UK, you also have the right to:
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national supervisory authority in the EU)
9.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, and the categories of third parties with whom we share it
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioural advertising. No opt-out is required, but you may contact us to confirm.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond the purposes permitted under CPRA
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights
To exercise any California rights, contact us at hi@odecare.com. We will respond within 45 days.
9.4 How to Exercise Your Rights
To exercise any of the above rights, contact us at hi@odecare.com with the subject line “Privacy Rights Request.” We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
You may also delete your account directly from within our apps: Mobile app: Settings → Security → Delete Account · Web dashboard: Settings → Danger Zone → Delete Account. This will initiate deletion of your personal data within 30 days.
10. Children's Privacy
Our Services are not intended for use by children under the age of 16 (or under 13 in jurisdictions where 13 is the minimum age). We do not knowingly collect personal information from children below this age. If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete that information promptly.
If you believe we may have collected information from a child, please contact us at hi@odecare.com.
11. Push Notifications
Our mobile application may send push notifications to alert you of detected events (e.g., fall detection, presence alerts). Push notification tokens are stored on our servers solely for the purpose of delivering these alerts and are processed via Firebase Cloud Messaging (FCM).
You may disable push notifications at any time through your device's operating system settings (iOS: Settings → Notifications → OdeCare; Android: Settings → Apps → OdeCare → Notifications). Disabling notifications will not affect your ability to view alerts within the app.
12. Account Deletion
If you create an account with OdeCare, you may delete your account at any time from within our apps: Mobile app: Settings → Security → Delete Account · Web dashboard: Settings → Danger Zone → Delete Account. You can also request deletion by contacting hi@odecare.com.
Upon deletion, your account is immediately deactivated and you are logged out from all devices. Your personal data will be permanently removed within 30 days, except where retention is required by applicable law (e.g., billing records).
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:
- Sending an email to the address associated with your account, and/or
- Displaying a prominent notice within the app
The updated policy will be effective as of the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Services after changes take effect constitutes your acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hi@odecare.com
Website: odecare.com
For EEA/UK users, OdeCare acts as the data controller for the personal data you provide. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.