ctFamilyMinder

Privacy Policy

Effective date: May 24, 2026
Last updated: May 26, 2026

This Privacy Policy explains how CozziTech LLC (“we,” “us,” or “our”) collects, uses, discloses, stores, and protects information when you use the ctFamilyMinder mobile application, web application, and related services (collectively, the “Service”).

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who we are

Data controller: CozziTech LLC
Contact: privacy@cozzitech.com
App identifier (iOS / Android): com.ctfamilyminder.app

2. About the Service

ctFamilyMinder is a family care-coordination application that helps families keep everyone on the same page when caring for a loved one. Within a private “Family” workspace, members invited by the family owner can share appointments, medication schedules, allergies, notes, tasks, documents, contacts, and chat messages tied to one or more “Care Profiles” (the person being cared for).

The Service is not a medical device, electronic health record (EHR), telemedicine provider, pharmacy, or substitute for professional medical advice. It is a personal organization and communication tool.

3. Information we collect

3.1 Information you provide directly

Account information. Name, email address, password (stored only as a salted hash — never in plaintext), and optional phone number. Biometric/passkey credentials (Face ID, Touch ID, fingerprint, WebAuthn). The biometric data itself never leaves your device — we store only the public key portion of a device-bound credential.

Care Profile information about the person you are caring for (who may or may not be you): identifying details, insurance information, medical conditions, dietary restrictions, mobility and cognitive concerns, advanced directives, allergies, medications and intake logs, appointments and visit summaries, notes, tasks, uploaded documents (insurance cards, lab results, hospital discharge summaries, imaging, vaccination records, legal documents), and emergency contact information.

Family directory contacts. Names, addresses, phone numbers, email addresses, and notes for physicians, pharmacies, hospitals, caregivers, schools, insurance, emergency contacts, and others. When typing an address we use the Mapbox Search Box API (see Section 6) for type-ahead suggestions.

Communications. Chat messages you send to other members of your Family workspace, invitations you send, and email you send to our support address.

3.2 Information collected automatically

  • Authentication and session data: opaque session/refresh tokens, device platform identifier, device nickname.
  • Server logs: IP address, user agent, request timestamps, error traces. Kept no longer than 90 days.
  • Crash and diagnostic data from the mobile app, if you opt in at the OS level.

3.3 Information we do not collect

  • Precise device location in the background.
  • Advertising identifiers (IDFA / AAID).
  • Third-party analytics SDKs that track you across other apps or websites.
  • Contacts, photos, camera, microphone, or calendar data, except when you explicitly attach a file or photo through the OS share/file picker.

4. Protected Health Information (PHI) and sensitive data

Much of the information you store in a Care Profile is sensitive health information. We treat it accordingly:

  • Encryption at rest. Sensitive fields (medical conditions, allergies, medications, visit summaries, notes, documents, contact details, audit-log diffs, and similar columns) are encrypted in our database and on disk using AES-256-GCM envelope encryption. The data-encryption key is stored in a secrets vault separate from the database, so a database dump alone cannot be decrypted.
  • Encryption in transit. All connections between your device and our servers use TLS 1.2 or higher.
  • Document storage. Files you upload are encrypted before being written to disk and are streamed back only after we re-verify your authentication and Family membership for the relevant Care Profile.
  • Access control. Data is partitioned per Family. Members of one Family cannot access another Family's data. Within a Family, roles (Owner, Admin, Member, Read-Only, Caregiver) govern what each member can see and do.
  • Audit logging. Field-level changes to Care Profile data are recorded with the actor, timestamp, and an encrypted diff so the family can see who changed what.

Note on HIPAA. ctFamilyMinder is sold directly to families for personal use. When used in that capacity it is generally not subject to HIPAA. If you are a Covered Entity or Business Associate and need to use the Service in a HIPAA-regulated workflow, contact us before doing so — a Business Associate Agreement (BAA) is required.

5. How we use information

  • Create and operate your account and Family workspace.
  • Display Care Profile data, appointments, medications, tasks, notes, documents, and chat to authorized family members.
  • Send transactional email (invitations, password resets, security alerts) via our email provider.
  • Provide optional AI-assisted features (for example, parsing a medication list you paste in).
  • Protect the Service from fraud, abuse, and unauthorized access.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your Care Profile data, documents, or chat content for advertising, profiling, or training third-party AI models.

6. Third-party service providers (subprocessors)

We use a small number of carefully selected providers to operate the Service. Each receives only the data necessary for its function and is contractually required to protect it.

ProviderPurposeWhat is shared
Cloud hosting (Linux VM, Postgres in Docker)Hosts the API, database, and uploaded files.All Service data, encrypted at rest.
PostmarkTransactional email (invitations, password resets).Recipient email, sender name, message body.
Mapbox (Search Box API)Address type-ahead suggestions for contacts.The partial address string you type. Proxied through our server so Mapbox does not receive your IP or account ID directly.
OpenAIOptional AI features (e.g., medication-list parsing). We have a BAA with OpenAI; inputs are not used to train OpenAI's models.Only the specific input you submit to an AI feature.
Apple App Store / Google Play StoreDistribution of the mobile app and, if applicable, in-app purchases and subscriptions.Governed by the respective store's privacy policy.
Expo (EAS)Mobile app build and over-the-air update delivery.App binary metadata; no Care Profile data.

7. When we disclose information

  • Within your Family. Information you add is visible to other members at the role permissions set by the Family Owner.
  • Service providers. As listed in Section 6.
  • Legal compliance. When required by law, court order, subpoena, or to protect rights, safety, or property.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets — with notice and the opportunity to delete your data first.
  • With your explicit consent.

8. Data retention

  • Active accounts: retained as long as your account is active.
  • Account deletion: personal data deleted or irreversibly anonymized within 30 days, except where retention is required by law.
  • Backups: encrypted backups retained up to 35 days and then rotated out.
  • Server logs: up to 90 days.

9. Children's privacy

The Service is not directed to children under 13 (under 16 where applicable). We do not knowingly create accounts for children. An adult Family member may include a child as the subject of a Care Profile; the adult account holder is responsible for the data entered and for any consents required. If you believe a child has created an account, contact us and we will delete it.

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and personal data.
  • Export a copy of your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with a supervisory authority (EEA / UK residents).

To exercise any of these rights, email privacy@cozzitech.com from the address associated with your account. We will respond within 30 days.

California residents (CCPA/CPRA): we do not sell or share personal information for cross-context behavioral advertising. You have the right to know, delete, correct, and limit the use of sensitive personal information.

EEA / UK residents (GDPR / UK GDPR): we process your data based on (i) performance of the contract to provide the Service, (ii) your consent for optional features, (iii) our legitimate interests in securing and improving the Service, and (iv) compliance with legal obligations.

10.A. Washington residents — Consumer Health Data (My Health My Data Act)

This section serves as our Consumer Health Data Privacy Policy under the Washington My Health My Data Act (“MHMDA,” RCW 19.373) for Washington consumers and for data collected about Washington consumers.

Categories of Consumer Health Data we collect. When you enter information into the Service, the following categories of consumer health data may be collected about you or the person you are caring for:

  • Individual health conditions, treatment, diseases, or diagnoses (medical conditions, allergies, diagnosis updates).
  • Medications, dosage, frequency, and intake logs.
  • Medical visits, appointments, and visit summaries.
  • Bodily functions, vital signs, symptoms, or measurements (height, weight, blood type, mobility/cognitive notes).
  • Reproductive or sexual health information, if you choose to enter it.
  • Gender-affirming care information, if you choose to enter it.
  • Biometric data — only in the form of on-device passkey/biometric authentication signals; we never receive your fingerprint, face scan, or other raw biometric data.
  • Precise location information related to a health facility — we do not collect precise geolocation. Addresses you type for contacts are entered manually and used for address book purposes only.
  • Any information derived or extrapolated from the above (for example, structured fields parsed by our optional AI medication-list feature).

Sources. All consumer health data is provided directly by you or another member of your Family workspace whom you have authorized. We do not purchase consumer health data, and we do not infer it from third-party data brokers.

How we use it. Solely to provide the Service to you and your Family — display, search, reminders, sharing among members you have authorized, and the optional AI features you affirmatively invoke. We do not use consumer health data for advertising, profiling, or training third-party AI models.

Sharing. We share consumer health data only with the processors listed in Section 6, and only as required to deliver the function you requested. We do not sell consumer health data, and we have not sold consumer health data in the preceding 12 months. We will not share or sell consumer health data without your separate, affirmative authorization as required by MHMDA § 9.

Processors of Consumer Health Data. The subprocessors that may receive consumer health data are: our cloud hosting provider (encrypted at rest); Postmark (only if your health data appears in a transactional email you trigger, e.g., a self-sent reminder body); and OpenAI (only the specific inputs you submit to an optional AI feature, under a Business Associate Agreement and a no-training contractual term). Mapbox, Apple, Google, and Expo do not receive consumer health data.

Your MHMDA rights. As a Washington consumer you have the right to:

  • Confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data.
  • Withdraw consent to our collection and sharing of your consumer health data, at any time.
  • Delete your consumer health data — we will delete it from our active systems, from backups (within the 35-day backup-rotation window described in Section 8), and notify our processors to do the same.
  • Receive a response to a verifiable request within 45 days (extendable once by 45 additional days where reasonably necessary, with notice).
  • Appeal a denial of any of the above requests; if your appeal is denied you may contact the Washington Attorney General at atg.wa.gov/file-complaint.

How to exercise these rights. Email privacy@cozzitech.com with the subject line “MHMDA Request — ctFamilyMinder” from the email address on your account. You may also use the in-app Account Deletion flow (Settings → Account → Delete Account) or the web form at ctfamilyminder.com/account/delete to delete all of your data, including all consumer health data.

Geofencing. We do not use geofences around any in-person health-care facility, and we do not collect, use, or sell location data to identify a consumer near such a facility.

11. Account deletion

You can delete your account at any time:

Deleting your account removes your profile, your authored chat messages, and any Families you own — along with their Care Profiles, all metadata, and the underlying document files in storage. If you are a member of a Family owned by someone else, deleting your account removes your membership and authored content from that Family but does not delete the Family itself or content authored by other members. Deletion is permanent and cannot be undone after the 30-day retention window in Section 8.

12. Payments, subscriptions, and refunds

ctFamilyMinder offers paid subscription plans. Where you purchase a subscription through the Apple App Store or Google Play Store, the purchase, billing, renewal, cancellation, and refund of that subscription are handled entirely by the respective store under its terms — not by us.

  • Apple App Store: manage in Settings → [your name] → Subscriptions on your iOS device. Refunds are requested at reportaproblem.apple.com under Apple's Media Services Terms.
  • Google Play Store: manage in the Google Play Store app → Profile → Payments & subscriptions → Subscriptions. Refunds are requested through play.google.com/store/account/subscriptions or Google Play support, subject to Google Play's refund policy.

We do not receive your full payment card details for store-processed purchases — Apple and Google share only the limited transaction information needed to provision your subscription.

If you purchased directly from our website (not through an app store), our own refund policy applies; contact privacy@cozzitech.com.

Cancelling a subscription stops future renewals; access continues until the end of the paid period. Cancellation alone does not delete your account or data — use Section 11 for that.

13. International transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. Where required, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses).

14. Security

  • AES-256-GCM encryption at rest for sensitive fields and documents.
  • TLS 1.2+ for all data in transit.
  • Salted password hashing (bcrypt).
  • Optional biometric / passkey authentication where private keys never leave your device.
  • Role-based access control and per-Family data partitioning.
  • Field-level audit logging with encrypted change diffs.
  • Regular dependency updates and security review.

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify affected users without unreasonable delay and in any event no later than 60 days after discovery. Where required by the FTC Health Breach Notification Rule (16 C.F.R. Part 318) or applicable state breach-notification laws, we will also notify the U.S. Federal Trade Commission and other regulators within the same 60-day window, and — if a breach affects 500 or more residents of any one state — we will provide notice to prominent media outlets in that state.

15. Permissions requested by the mobile app

  • Face ID / Touch ID / Fingerprint / device passcode — to sign you in without re-typing your password. Biometric data never leaves your device.
  • Notifications — to deliver appointment, medication, and family-chat alerts.
  • Photos / Files — only when you attach a document or image.
  • Camera — only when you choose to scan a document or take a photo to attach.

We do not request location, contacts, microphone, or background location permissions.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced via in-app notice or email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact us

CozziTech LLC
Email: privacy@cozzitech.com
Subject line for privacy requests: “Privacy Request — ctFamilyMinder”

We will acknowledge your request within 7 days and respond substantively within 30 days.