ElderoakElderoak

Privacy policy

Effective: May 12, 2026

Summary

Elderoak is a senior-care coordination app for families. To do its job, it stores health-related information — medications, appointments, vitals, observations, and emergency contacts — tied to the family group you belong to. We do not sell your information. We do not run cross-app or cross-website tracking. The data your family enters is visible only to members of your family group.

1. Information we collect

Account information

When you create an account we collect your email address and name. If you sign in with Apple, we receive Apple's relayed email plus the name you choose to share.

Family + care information

When you onboard, you create or join a family group. Inside that group, family members may add: cared-for people (name, relationship, medical info, emergency contacts); paid aides (name, contact, shift assignments); medications (drug name, dosage, schedule, refill status); appointments (date, doctor, location, notes, optional doctor voice notes); observations and vitals (blood pressure, blood sugar, mood, pain levels, free-text notes); documents you upload to the family vault (advance directives, insurance cards, lab reports, etc.); aide check-ins and handoff notes; daily wellness check-ins from the cared-for person.

Device + technical information

We collect a device push-notification token (so we can deliver medication reminders), the language of your device, and basic diagnostic details (build version, OS version) when you contact support.

Voice recordings

If you use the "record what the doctor said" feature, audio is captured by Elderoak with your explicit tap and stored in your family group's private storage. Audio is not transcribed externally and not used for any purpose other than playback to your family.

Document scans + photos

When you scan or upload medical documents, the resulting images are stored in your family group's private storage. We do not run OCR on the server beyond the user action that initiated it (e.g. parsing a prescription label you scanned).

Apple Watch fall detection events (Elderoak is a relay, not the detector)

Apple Watch — not Elderoak — runs the fall-detection logic. Apple's CMFallDetectionManagerframework performs the sensor processing, fall-event classification, the on-watch prompt to the wearer, and Apple's automatic call to emergency services. Elderoak does not detect falls and is not part of Apple's emergency-services flow. If the cared-for person wears an Apple Watch and has granted Elderoak permission to receive fall notifications (a one-time iOS system prompt on first launch of the Elderoak Watch app), Elderoak subscribes to Apple's delegate stream. When watchOS publishes a detected fall to that stream, the event payload Elderoak receives contains no biometric, motion, or location data — only a timestamp and the family-group ID. On receiving it, Elderoak relays a single push notification to the family caregivers in the family group with the wearer's display name and the message “[wearer]'s Apple Watch detected a fall — tap to call them and check in.” Notification delivery is best-effort and not guaranteed (see Terms §6c). Fall events are retained for 90 days in the family group's notification log for caregiver review and then auto-deleted. You can revoke Elderoak's permission to receive fall notifications at any time via iOS Settings → Apple Watch → Privacy & Security → Fall Detection. Revoking does not affect Apple's own fall-detection flow.

2. How we use your information

  • To operate the app — show medication schedules, appointment timelines, family member assignments, etc.
  • To deliver push notifications you've enabled (medication reminders, missed-dose alerts, daily check-in pings).
  • To honor in-app emergency actions — the SOS button can notify family members or initiate a phone call to 911 with your explicit hold-to-confirm gesture.
  • To respond to support requests when you email us.
  • To enforce our terms of service and protect against fraud.

We do not sell your information, run third-party advertising tracking, or share family-group data with anyone outside your family group.

3. Service providers we share data with

Elderoak runs on the following infrastructure. Each provider processes only the data needed to do its job, and is contractually bound to keep it confidential:

  • Supabase — our database, authentication, and file storage provider. Your account, family-group data, and uploaded files are stored on Supabase-managed infrastructure (US region by default).
  • Apple Push Notification service (APNs) — used to deliver notifications to your iPhone, iPad, and Apple Watch. We send the notification text + a deep-link target; we do not pass family-group health information through these services. When Elderoak launches on Android, Google Firebase Cloud Messaging (FCM) will play the equivalent role.
  • Apple App Store — handles account sign-in (Sign in with Apple) and any subscription purchases. Elderoak receives the entitlement state (free vs Pro) and the user identifier; we do not see your payment method or store credentials. The Google Play Store will fulfil the same role once the Android version is available.
  • Apple Watch fall detection— when you enable Family fall alerts, Apple'sCMFallDetectionManagerruns entirely on the watch. Apple does not transmit raw motion data to Elderoak; we receive only the user-interaction-timeout events described above. Apple's own emergency-services calling, when triggered, is handled end-to-end by Apple and the carrier — Elderoak's servers are not involved in that path.

We do not use third-party analytics, advertising SDKs, or tracking pixels. There is no Stripe or web checkout — all subscriptions are handled by the App Store (and the Play Store, once the Android app launches).

4. Subscriptions

Elderoak Pro is sold today as an auto-renewing subscription on the Apple App Store. Apple handles billing. Your subscription state syncs back to Elderoak so the same entitlement applies on iOS and on the web dashboard. Cancel any time in iOS Settings → Apple ID → Subscriptions. Refund requests go through Apple's reportaproblem.apple.com — we cannot process refunds directly because we never received your payment. When the Android app launches, the Google Play Store will handle billing under the same model (Google Play subscription manager for cancellations, Google Play refund flow for refunds).

5. Your choices

  • Notifications: turn off any notification type from Settings → Notifications inside the app.
  • Face ID / biometric lock on the documents vault: enable or disable from Settings.
  • Account deletion:delete your account yourself from inside the iPhone app (Settings → Account → Delete my account) — the deletion runs in seconds. If you can't access the app, email from the address on the account and we will complete the deletion within 7 calendar days. Audit logs and aggregate metrics may be retained in de-identified form. See the account-deletion guide for the full list of what gets removed.
  • Family-group leave:you can leave a family group from Settings. Doing so removes your access; the group's data remains for the other members.

6. Children

Elderoak is not directed to children under 13 and is not intended for them. If you believe we have inadvertently received information from a child under 13, please email and we will delete it.

7. Security

We use TLS in transit, encryption at rest on the Supabase platform, and row-level security policies that restrict every query to the calling user's family group. The documents vault adds a Face ID gate on top of that. No system is perfectly secure; if you discover a vulnerability, please email .

8. Health information disclaimer

Elderoak is a family-care coordination tool, not a medical device, medical service, or emergency service. The information stored in the app is for your family's use; do not rely on Elderoak for diagnosis, treatment decisions, or emergency response. The SOS / get-help button in the app sends a notification to your family group — it does not call 911 or any emergency service. The Apple Watch family fall-alert push is a supplementary, best-effort relay of a signal Apple Watch publishes; it does not detect falls itself, does not place emergency calls itself, and does not replace Apple Watch's built-in emergency-services flow or a direct 911 call. In any real emergency, call 911 (or your local equivalent emergency number) directly — do not wait for an Elderoak notification.

9. International users

Elderoak is operated from the United States. By using the app, you understand your information will be processed on US infrastructure. Where required by law, we will honor data subject rights (access, correction, deletion). Email to exercise any of these.

10. Changes to this policy

We will update the effective date at the top whenever this policy changes. Material changes will be surfaced in the app before they take effect.

11. Contact

Questions or requests: email .