Plain-language summary: AidFone is a caregiving tool. We collect only what is necessary to make the app work. We never sell your data. We never sell the senior's data. Raw audio is never stored or transmitted. This document explains exactly what we collect, why, and who sees it.
AidFone Inc. is a software company incorporated in Quebec, Canada. We build an AI-powered smartphone accessibility application for seniors and digitally excluded populations.
For all privacy-related questions, requests, and concerns:
We are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law, and to Quebec's Act Respecting the Protection of Personal Information in the Private Sector (commonly called Law 25 or Act 25), which is among the most stringent privacy laws in North America.
AidFone involves two distinct users:
| User Type | Role | Account Holder? |
|---|---|---|
| Caregiver | Family member or designated person who subscribes, configures the app, and monitors the senior remotely via the web dashboard | Yes — the caregiver creates and manages the account, accepts these terms, and controls all settings |
| Senior (Device User) | The person using the AidFone-configured smartphone on a day-to-day basis | No — the caregiver configures the device on their behalf. The caregiver is responsible for obtaining the senior's informed consent where required by law. |
Caregiver's responsibility: By subscribing to AidFone, you confirm that you have obtained the express informed consent of the person who will use the device, or that you are legally authorized to act on their behalf (e.g., as their legal guardian, mandatary, or power of attorney holder under applicable Quebec or Canadian law).
| Data | How Collected | Purpose |
|---|---|---|
| Full name | Account registration | Account identification |
| Email address | Account registration | Authentication, billing receipts, service communications |
| Password (hashed) | Account registration | Authentication — never stored in plain text |
| Phone number(s) | Onboarding setup | Emergency notification cascade (EES) |
| Billing information | Stripe payment processor | Subscription billing — AidFone never stores full card numbers |
| Billing address | Stripe payment processor | Tax calculation (GST/QST) |
| IP address | Automatically on login | Security, fraud prevention, geographic compliance |
| Data | How Collected | Purpose |
|---|---|---|
| First name or nickname | Entered by caregiver | Personalization of the interface |
| Contact list (selected family/friends) | Entered by caregiver | Populate call buttons on the senior's interface |
| Contact photos | Uploaded by caregiver | Display recognizable face on each call button |
| GPS / device location | Senior's device, when Left Home Alert is enabled | Notify caregiver if the senior leaves a configured geographic zone |
| Call history | Senior's device | Activity monitoring on caregiver dashboard |
| App activity data | Senior's device | Activity dashboard — last app use, screen interactions |
| Device information | Senior's device | Diagnostics, compatibility, push notifications |
| Battery level | Senior's device | Low battery alerts to caregiver |
GPS location: Location data is only collected when the Left Home Alert feature is active. Location is used solely to trigger caregiver notifications. We do not build movement profiles, share location data with third parties for commercial purposes, or retain historical location data beyond 30 days.
The AidFone voice assistant allows seniors to issue spoken commands (e.g., "Call Marie," "What time is it?"). When a spoken command is processed:
We collect personal information only for the following specific, explicit purposes:
We do not use your data for: advertising, sale to third parties, behavioral profiling for commercial purposes, or any purpose not listed above.
AidFone uses the following third-party service providers. Each is engaged solely to deliver AidFone's service and is bound by appropriate data processing agreements.
| Provider | Role | Data Shared | Location |
|---|---|---|---|
| Supabase | Backend database & authentication | Account data, caregiver/senior configuration, activity logs | Cloud infrastructure (region disclosed in database configuration) |
| Google Firebase (FCM) | Push notification delivery | Device push notification tokens | United States (Google LLC) |
| Stripe | Payment processing | Caregiver billing info, subscription status | United States (Stripe Inc.) — PCI-DSS compliant |
| Anthropic (Claude API) | Voice assistant processing | Transcribed text of complex voice commands only — no audio | United States (Anthropic PBC) — subject to Anthropic's privacy policy |
| Google Play | App distribution | App download and device info as per Google's policies | United States (Google LLC) |
Cross-border transfers — Quebec Law 25: Some service providers process data outside of Quebec and Canada. Before transferring personal information outside Quebec, AidFone has conducted a Privacy Impact Assessment (PIA) to ensure each provider offers a level of protection equivalent to Quebec Law 25. Caregivers have the right to request details of these assessments by contacting our Privacy Officer.
We do not sell, rent, or trade personal information with any third party for commercial or advertising purposes.
When a senior activates the emergency (SOS) button, AidFone initiates the Emergency Escalation Service:
Important limitation: The EES is an assistive communication tool, not a certified emergency response system. AidFone is not a medical device. If caregivers are unavailable, 911 will be dialed automatically — however, AidFone cannot guarantee response times or outcomes. In any life-threatening emergency, the primary resource remains local emergency services (911).
EES event data (time, caregiver notification status) is retained for 90 days to allow caregiver review, then deleted.
Distress Detection is a feature in development and is not currently active in the version of AidFone available today. This section describes how it will operate when launched, so you can make an informed decision in advance.
When enabled, Distress Detection monitors ambient sound on the senior's device in the background. It uses an AI model to detect specific audible distress signals — such as a cry of pain or a call for help — in the senior's own voice. If a signal is detected above a confidence threshold, it sends an alert to the caregiver.
| Principle | What It Means |
|---|---|
| On-device processing only | All audio analysis happens on the senior's phone. No raw audio is ever transmitted to AidFone servers or any third party. |
| Zero audio storage | Audio buffers are processed in RAM and immediately overwritten. AidFone does not store any recordings. |
| Voice identity on-device only | Voice enrollment samples used to anchor detection to the senior's voice are stored solely on the senior's device and deleted immediately upon account cancellation. |
| Detection metadata only | What is transmitted to the caregiver is only: event timestamp, detection type (e.g., "possible distress"), and confidence level. Not audio. |
| Audible signals only | Distress Detection can only detect sounds that are audible. It cannot infer internal states, emotions, or medical conditions. |
Activating Distress Detection will require a separate, explicit double-consent step: the caregiver must confirm they have the senior's express informed consent for continuous ambient audio monitoring. This consent will be documented and retained.
This feature involves voice-pattern data that may qualify as biometric-adjacent information under Quebec Law 25. It will be activated only after AidFone has completed the required Privacy Impact Assessment and obtained appropriate legal review.
| Data Type | Retention Period |
|---|---|
| Account data (caregiver) | Duration of active subscription + 30 days after account deletion request |
| Senior device configuration | Duration of active subscription + 30 days after deletion |
| GPS location history | Maximum 30 days rolling window |
| Call history / activity logs | Maximum 90 days rolling window |
| EES event logs | 90 days |
| Billing records | 7 years (required by Canadian tax law) |
| Voice assistant transcriptions | Not retained — processed in real time, not stored |
| Anonymized analytics | Indefinitely (cannot be linked to individuals) |
When a subscription is cancelled and the deletion period lapses, all personal information associated with the account is permanently deleted from active systems. Anonymized aggregate data may be retained for service improvement.
You have the following rights with respect to your personal information and the senior's information managed through your account:
You may request a copy of all personal information AidFone holds about you or the senior in your care. We will respond within 30 days of a written request.
You may request correction of any inaccurate or incomplete information. Most caregiver and senior profile data can be corrected directly in the web dashboard.
You may request deletion of your account and all associated personal information. Requests are fulfilled within 30 days, subject to mandatory legal retention obligations (e.g., billing records under tax law).
You may request that your personal information be provided to you in a structured, commonly used, machine-readable format (e.g., JSON or CSV). This right applies to data you provided to AidFone directly.
You may withdraw consent for optional data processing at any time. Withdrawal of consent for core service functions (e.g., location for Left Home Alert) will disable the corresponding feature. Withdrawal of consent for the entire service constitutes account cancellation.
If you believe your privacy rights have been violated, you may contact:
To exercise any of these rights, contact our Privacy Officer at: privacy@aidfone.com
AidFone takes the following security measures to protect personal information:
In the event of a security breach involving personal information, AidFone will notify affected individuals and the relevant regulatory authority (CAI and/or OPC) within the timeframe required by applicable law.
AidFone is not intended for use by persons under the age of 18 and is not directed at children. If you believe a minor's personal information has been submitted to AidFone, please contact us at privacy@aidfone.com and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, features, or applicable law. When we make material changes, we will:
Your continued use of AidFone after the effective date of any revised policy constitutes your acceptance of the updated terms. If you do not agree with the updated policy, you may cancel your subscription before the effective date.
Normand Lapointe — Privacy Officer, AidFone Inc.
Email: privacy@aidfone.com
Response time: We aim to acknowledge requests within 2 business days and resolve them within 30 calendar days, as required by PIPEDA and Quebec Law 25.