Senior Thrive

SeniorThrive brings older adults, families, and caregivers into one circle of support
Log In
Try for Free

SeniorThrive Privacy & Data Sharing Policy

Last Updated and Effective Date: May 20, 2025

This policy replaces all previous versions.

Your Privacy at a Glance (Key Takeaways)

We know privacy policies can be long, so here’s a quick overview:

  • We Collect Your Info: To provide and improve SeniorThrive, and to keep it secure.
  • Your Health Info is Special (PHI): It gets extra protection and is only shared with your explicit consent through ThriveCircle.
  • You’re in Control: You can see, change, or ask us to delete your information. You also control marketing communications.
  • Strong Security: We use robust measures to protect your data.
  • ThriveCircle Sharing: You decide what PHI is shared with whom in your care circle.
  • Our Full Terms: This policy works together with our Terms of Service, which has more legal details.
  • Questions? We’re here to help. Contact us at privacy@seniorthrive.com.

Respecting Your Privacy: Secure & Trustworthy

In the digital age, privacy is vital—especially when it involves your home and health. At SeniorThrive, we place your privacy and security at the core of our service. We’re not just creating a platform; we’re building a trusted environment where we are deeply committed to protecting your safety and confidentiality.

Our Commitment to Health Data Privacy (HIPAA)

SeniorThrive is committed to protecting the privacy and security of your Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws. When we handle PHI on behalf of healthcare providers or as part of our services, we act as a “Business Associate” under HIPAA and adhere to the required safeguards and agreements.

Scope & Acceptance

By creating an account or using the SeniorThrive web app or any ThriveCircle feature (“Services”), you confirm that you have read, understood, and agree to this entire Privacy & Data Sharing Policy and our Terms of Service (which are incorporated herein by reference and govern your use of our Services). You are also responsible for taking reasonable steps to protect your account, such as using a strong password and keeping your login credentials confidential.

  • Who’s Covered: All users—including Focus Older Adults (OAs), Circle Administrators, Professional Caregivers, and Family Members—whenever you access any SeniorThrive feature.

Information We Collect

We collect and process the following categories of information:

  • Account & Contact: Name, email, phone number, password.
  • Device & Usage: Device type, operating system, IP address, browser type, features used, errors encountered.
  • Location (with your consent): Precise or coarse GPS data to enable location-based services.
  • Profile & User-Generated: Photos you upload, free-text entries, support requests.
  • Health & Fitness (if you opt in):
  • PHI: Activities of Daily Living (ADL), Instrumental ADL, BMI, medication logs, fall incidents, wellness check-ins, mood/symptom tracking, vital signs.
  • Non-PHI: Aggregate metrics (ThriveScore), general activity counts.
  • Household & Environmental: Room scan photos, pet information, household to-do lists.
  • Financial (if you transact): Payment details collected via secure third-party processors (we never store full card numbers).
  • Cookies & Tracking:
  • We use cookies, beacons, and similar technologies for analytics and personalization.
  • Marketing Cookies (Optional): If you opt in, we and selected third parties may use these to measure ad performance and serve relevant ads.
  • De-Identification: When processing data for analytics or research, we strip direct identifiers (name, email, device ID) and employ methods consistent with recognized de-identification standards (such as those outlined under HIPAA) to prevent re-identification. We avoid combining this de-identified data with other datasets that could lead to re-identification unless you explicitly opt in.

Tracking & Third-Party Analytics

We and selected third-party partners may link your SeniorThrive web-app usage with activity on other websites for analytics, advertising measurement, or retargeting.

  • Cookie Banner Controls: Our cookie banner offers at least three tiers—Necessary, Functional, and Marketing. You choose which to allow.
  • Browser Settings: You can disable or block third-party cookies in your browser (Chrome, Safari, Firefox, etc.).
  • Do-Not-Track: While browsers may send a “Do Not Track” signal, enforcement varies. Use your cookie banner choices and browser settings for reliable control.

How We Use & Share Your Information

  • App Functionality & Security: To provide, maintain, and secure our Services, including authentication, fraud prevention, uptime monitoring, customer support.
  • Personalization & Analytics: Content recommendations, troubleshooting, feature testing, service improvement.
  • Care Collaboration (ThriveCircle): With your explicit approval, share precise data categories with caregivers and family as detailed in the ThriveCircle Addendum.
  • Communication: Notifications, onboarding emails, product updates, service announcements (you control marketing opt-in/out).
  • Third-Party Services & Advertising: We share information with third-party service providers who assist us in operating our Services, only under strict confidentiality agreements (including Business Associate Agreements where PHI is involved). Advertising data is shared only with your opt-in.
  • Legal Compliance: Responding to lawful requests from public and government authorities, complying with legal processes, enforcing our terms and conditions, protecting our operations or those of any of our affiliates, protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others; and allowing us to pursue available remedies or limit the damages that we may sustain.
  • Business Transfers: In a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be sold or transferred as part of that transaction. Your rights and protections regarding your PHI will travel with it.

Integration with Third-Party Services

  • YouTube API Services: Enables video features (e.g., embedded tutorials, SeniorThrive Explores series).
  • Other Integrations: Fitness trackers, voice assistants, analytics platforms—all vetted for appropriate privacy and security standards, including data processing agreements or Business Associate Agreements where necessary.

Terms of Use with YouTube:

Third-Party Privacy Policies:

  • For video functionality, we comply with Google’s Privacy Policy. Please review it to understand how Google handles data in these contexts.

Your Rights & Choices

  • Access & Correction: View or edit your account details and PHI entries at any time through your account settings.
  • Export & Deletion: Download your data (e.g., in CSV/JSON format) or request permanent deletion of your account and associated data, subject to legal retention requirements and our data retention policies.
  • Consent Management: Toggle data-sharing settings in Settings → Privacy, especially for ThriveCircle features.
  • Cookie Controls: Adjust cookie preferences via our cookie banner or your browser settings.
  • Email Opt-Out: Every marketing email footer has an “Unsubscribe” link; you can also adjust preferences under Settings → Notifications.
  • Children’s Privacy: We do not knowingly collect personal information from children under 13 (or a higher age threshold where applicable by law). Our services are not directed to children. If we learn we have collected a child’s personal information, we will promptly delete it.
  • State-Specific Privacy Rights: Depending on your state of residence (e.g., California), you may have additional privacy rights regarding your personal information. Please contact us if you have questions about rights that may apply to you.

Email Communication & Consent

  • Opt-In Required: During signup, you explicitly consent to receive emails—each opt-in is logged with a timestamp.
  • Confirmation Email: After you opt in, we send a verification link before any regular communications begin.
  • Types of Messages: Welcome/onboarding, wellness reminders, product updates, community news, legal/security notices.
  • Withdraw Consent: Use the “Unsubscribe” link in any email or adjust in Settings → Notifications.
  • Third-Party Delivery: We use trusted providers (e.g., ActiveCampaign, OneSignal) under strict confidentiality; we never sell your email address.

Security Measures

We employ robust technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and disclosure. These include:

  • Encryption: AES-256 at rest; TLS 1.2+ in transit.
  • Access Controls: Role-based permission checks on every PHI request.
  • Audit & Breach Monitoring: Immutable logs of all PHI actions; automated alerts for suspicious activity.
  • Business Associate Agreements (BAAs): We enter into BAAs with any third party handling PHI on our behalf, as required by HIPAA.
  • Regular Security Assessments: We conduct periodic security reviews and vulnerability assessments.

While we take significant measures to protect your data, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach involving your personal information where notification is required by law, we will notify you in accordance with applicable legal requirements.

Changes to This Policy & Contact

We’ll post updates to this Privacy Policy here and notify you (e.g., via email or in-app notification) at least 30 days before material changes take effect. Your continued use of SeniorThrive after such notice constitutes your acceptance of the revised policy.

  • Questions or Complaints: privacy@seniorthrive.com | (415) 555-1234
  • Accessibility: We are committed to making this policy accessible. If you need it in an alternative format, please contact us.

Acknowledgement

By continuing to use SeniorThrive—via the web app or ThriveCircle features—you confirm you’ve read, understood, and accepted this Privacy & Data Sharing Policy and our Terms of Service in their entirety.

Governing Law & Our Terms of Service

This Privacy Policy and any disputes related to it or your use of SeniorThrive Services will be governed by and construed in accordance with the laws of the State of [Insert Your State, e.g., California], without regard to its conflict of law principles.

Our Terms of Service contain important provisions regarding dispute resolution (which may include arbitration and a class action waiver), limitations on liability, and other terms that govern your use of our Services. Please review them carefully.

International Data Transfers

SeniorThrive is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information, including personal data and PHI, may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States might not be as comprehensive as those in your country. By using our Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share it as described in this Privacy Policy.

ThriveCircle Data-Sharing Addendum
This Addendum applies only when you use any ThriveCircle features centered on a Focus Older Adult’s (OA’s) care. It details how data, especially Protected Health Information (PHI), is shared within a ThriveCircle.

Key Definitions

  • PHI (Protected Health Information): Information that relates to your past, present, or future physical or mental health or condition, the provision of health care to you, or the past, present, or future payment for the provision of health care to you, and that identifies you or for which there is a reasonable basis to believe it can be used to identify you. Examples include medication logs, fall incidents, vital signs, and mood/symptom entries.
  • Non-PHI: Other data that is not PHI. Examples include room scans (unless they incidentally contain PHI), general appointments, and to-do lists.
  • Roles:
  • Focus OA: The older adult whose data lies at the heart of the Circle.
  • Circle Admin: Manages membership & shared household information.
  • Professional Caregiver: Enters and views clinical PHI necessary for care, often operating under a BAA with SeniorThrive or their employing agency.
  • Family Member: Views approved data categories, adds non-PHI entries, and may sync calendars.

 

Role-Based Permissions & PHI

Action / Category
Focus OA
Circle Admin
Professional Caregiver
Family Member
PHI?
Medications
PHI
Fall Incident Reports
PHI
Wellness Check-Ins & Mood Logs
PHI
Vital Signs & Clinical Notes
PHI
Medical Appointments
PHI
General Appointments
Non-PHI
Household / Room Scans
Non-PHI
Calendar Sync (External Apps)
Non-PHI

Footnotes:

  1. Explicit OA consent required before any access.
  2. Sensitive household items (e.g., room scan photos) require OA/Admin approval for sharing.
  3. Only non-PHI metadata (e.g., event time, title, location for general appointments) syncs unless you expressly opt in to share more details that might constitute PHI.

Consent Workflows & Modals

We use clear, step-by-step consent processes:

  • PHI Category Toggle:
  • Location: Settings → Privacy → individual toggles with [Learn More] links (e.g., to a relevant FAQ or section explaining #phisharing-medications).
  • Modal #1 (“Share PHI Data?”):
  • Title: “Share Your [Category] with [Role Name]?”
  • Body: “You’re about to share your [Category]—sensitive health information—with [Role Name]. This data is encrypted, and you can revoke access at any time in Settings.”
  • Buttons: [Cancel] [Confirm & Share]
  • Learn More: Links back to this Addendum’s Role-Based Permissions table.
  • Invite Member:
  • Trigger: “Invite Caregiver” or “Invite Family” in ThriveCircle.
  • Modal #2 (“Inviting [Role Name]”):
  • Title: “Invite [Role Name] to Your ThriveCircle”
  • Body: “They’ll view your shared categories and, for caregivers, may enter clinical updates. You control every permission in Settings.”
  • Buttons: [Back] [Send Invite]
  • Learn More: Anchors to “Role-Based Permissions” above.
  • Connect External Calendar:
  • Trigger: “Connect Calendar” for Admins or Family.
  • Modal #3 (“Connect External Calendar?”):
  • Title: “Sync ThriveCircle with Your Calendar”
  • Body: “You’ll sync appointment events (typically non-medical unless specified) to [Google/Apple Calendar]. No sensitive health data leaves SeniorThrive unless you explicitly opt in to share more.”
  • Buttons: [Cancel] [Allow Sync]
  • Learn More: Points to the Integration section under “Non-PHI Calendar Sync.”

Audit & Revocation

  • Immediate Enforcement: Revoking consent via Settings → Privacy instantly hides all affected PHI from the relevant Circle member(s).
  • Notifications: In-app toasts and optional email alerts to impacted members:
  • Example: “Access to [Focus OA Name]’s [Category] data was revoked by [Focus OA Name/Circle Admin Name] on May 20, 2025.”

 

Data Retention & Portability

  • Active PHI: Remains accessible within an active ThriveCircle according to the permissions you’ve set.
  • Post-Circle/Account Closure: Upon ThriveCircle deletion or Focus OA account closure (including in the event of death), PHI is archived for a period of six months. This retention period supports data recovery needs and allows legally designated representatives to request data export. After this period, PHI is securely purged from our active systems, subject to any overriding legal or regulatory retention obligations.
  • Export: You or your legally designated representative can request an export of your data.

 

Appendix: Glossary & Anchors (Illustrative)

  • PHI vs. Non-PHI definitions (as above)
  • Role-Based Permissions (link to section B)
  • De-Identification (link to main policy section #deidentification-link)
  • Tracking & Analytics (link to main policy section #tracking-practices-link)