Privacy Policy

Who we are

This service is operated by Familiar Health Foundation, a Delaware C Corporation. Mailing address:

Familiar Health Foundation
2261 Market Street STE 13647
San Francisco, CA 94114

Throughout this policy, “Familiar,” “we,” “us,” and “our” all refer to Familiar Health Foundation.

What we collect

Three buckets:

1. Account information

• Full name, birthday, phone number, email (optional)
• Relationship to the senior (for example, daughter, son, spouse)
• Timezone and language preference
• For the senior receiving calls: their name, birthday, interests, self-reported cognitive stage, and optional ethnicity (used to surface culturally relevant content during calls)

2. Content you give us

• A 1-minute voice recording you make during sign-up (plus six short phrase clips) — used to create your own Familiar Voice
• Photos and videos you upload from your phone, including any captions you write
• Text messages you send to Familiar (questions, journal entries, links, screenshots)
• Call audiofrom the senior’s daily Reminiscence Calls — specifically, the senior’s own spoken side. (The Familiar Voice side is generated by our text-to-speech, so we already have it natively without needing to record it.)

3. Data we derive from the above

• Call transcripts (speech-to-text of both sides of each call)
• Cognitive and behavioral stats (how often a word repeats, how often a name comes back, mood cues, pace of conversation)
• A running summary of the stories, phrases, and preferences the circle shares, so Familiar can call back to them later
• Automatic grouping of people in your photos and short text descriptions of what each photo shows

How we use it

Why we record every Daily Call with Reminiscence AI. Every major Familiar feature depends on the recording. Without it, none of these work:

• Post-call SMS summary — the short text the kids actually read, with the photos and stories revisited
• Tomorrow’s call context — the agent remembers what was discussed today so the next call picks up where this one left off
• Cognitive tracking — vocabulary, repetition, name recall, time orientation, and mood, every call, every day; catches decline months or years before a doctor would
• Second Memory auto-save— stories told during the call save into the family’s shared memory library with nothing for you to type
• Voice-naturalness over time — your real conversational rhythm makes your Familiar Voice sound more like you with every call
• Safety flag escalations — if the call surfaces self-harm risk, a fall, wandering, or distress, the agent texts the caregiver immediately

Other uses tied to the same data:

• Training your own Familiar Voice model from your onboarding recordings, voice notes, and (with explicit consent — see below) call audio
• Answering text questions from members of the circle (“how old is my grandkid turning?”, “show me the photo from Maine”)
• Sending call summaries, photo messages, and voicemail-intercept calls via SMS/voice

Training Familiar’s models with your consent

With your explicit opt-in (toggleable in onboarding and on this page), we use the audio described above to train Familiar’s own voice and time-travel models. The pieces we care about most:

• Listening segments— your loved one’s “mhm,” “haha,” “yeah” reactions during calls. Rarer than long-form speech and the most valuable for training a Familiar Voice that sounds natural
• Onboarding recordings — the 60-second voice sample and short phrase recordings
• Long-form call audio— to improve the Familiar Voice’s conversational range and the time-travel models that, in future, will let the voice speak to your loved one in their own voice from a younger age

What this does NOT mean:we never sell your data; we never use it to train general-purpose AI (ChatGPT, Google, Anthropic); your voice is never used to train another family’s Familiar Voice. Identifying metadata is stripped before any audio enters a training batch. You can revoke training consent at any time from the dashboard, and existing audio is removed from the training pool within 30 days.

HIPAA & regulatory status

Familiar is not HIPAA-regulated today.We are a consumer-health product, not a healthcare provider or insurer. HIPAA applies to “covered entities” (providers, insurers, clearinghouses) and their business associates; Familiar is neither.

We voluntarily adopt many HIPAA-grade technical controls (AES-256 encryption at rest and in transit, access controls, audit logging, the right to delete your data on request). On the roadmap as we approach partnerships with healthcare providers and insurance carriers: SOC 2 first, then HIPAA-readiness. We prefer to be transparent about where we are rather than imply compliance we don’t hold.

Who can see your data

Your circle— the family and friends you invite into the senior’s account — can see everything in the senior’s Second Memory: photos, captions, journal entries, call transcripts, and cognitive metrics. This is intentional: the value of Familiar is that the whole circle remembers together. In V1, there are no per-topic visibility controls. We plan to add granular sharing tiers (friends vs. core family, topic-level gray areas) in a later release.

Familiar employees may access your data only when necessary to debug problems, respond to a support request, or investigate a safety concern. We log every access.

Service providers — the infrastructure partners we use to run Familiar — each see only the data required for their specific job. These include a telephony carrier, cloud compute and storage providers, speech-to-text and AI conversation services, and database/media hosting. We use well-known US-based providers, and each is bound by a data-processing agreement. A current list is available on request via privacy@familiar.health.

Law enforcement — we may disclose data in response to a valid legal request (court order, subpoena) and will notify you where legally permitted.

How we protect it

• In transit: TLS 1.2 or higher on all network traffic
• At rest: encrypted storage for photos, audio, and transcripts (AES-256)
• Access: least-privilege access controls for employees; audit logs on every production-data access
• No engineer access to raw recordings. Familiar employees cannot listen to individual call recordings. The agent itself reads transcripts (to carry context into the next call); the audio sits encrypted at rest with no human eyeballs on it. The only exception is if you explicitly authorize a human review (for example, to investigate a flagged safety escalation) — we ask first, every time.
• Anonymized for training. Identifying metadata (names, birthdays, phone numbers, addresses) is stripped from any audio before it enters a model-training batch. Voice itself is identifiable by nature; we substitute encryption + zero human access + your right to delete instead.
• Voice models:each senior’s circle has its own voice model files, cryptographically isolated from other accounts

No system is perfectly secure. If we discover a breach that affects your data, we will notify you within 72 hours of confirmation.

How long we keep it

While your account is active, we keep your content so the service works as intended. If you cancel, we retain data for 30 days in case you want to restore the account, then permanently delete it. Cognitive-metric history and call transcripts follow the same schedule.

Anonymized, aggregated metrics (for example, “average repetition-rate trajectory across all users on the service”) may be retained indefinitely for research purposes. These cannot be re-identified to you.

Your rights

Regardless of where you live, you can:

• Access a copy of your data — email privacy@familiar.health and we’ll respond within 30 days
• Delete your account and all associated data
• Correct inaccurate personal information
• Port your data to another service (we provide a downloadable export on request)
• Opt out of any future marketing emails

California residents have the additional rights set out in the CCPA. EU/UK residents have the rights set out in GDPR, including the right to lodge a complaint with your local data-protection authority. We don’t sell personal information, so there is no opt-out of sale to exercise.

A note on health data

Familiar is not a healthcare provider. We are not a HIPAA-covered entity and the data we collect is not Protected Health Information (PHI) as defined under HIPAA. That said, the data is often health-adjacent — voice patterns, cognitive metrics, memory-care behaviors — and we treat it with equivalent care: encryption, least-privilege access, audited handling.

Nothing in Familiar is a substitute for medical advice, diagnosis, or treatment. If cognitive metrics flag concerning changes, we recommend bringing the data to the senior’s physician.

Children

Familiar is not directed at children under 13, and we do not knowingly collect data from children. If a caregiver invites a minor grandchild to record a Familiar Voice clip, the grandchild’s parent or legal guardian must provide verifiable consent before we process that recording.

Where we process data

Familiar is hosted in the United States. If you use the service from outside the US, your data will be transferred to and processed in the US. We comply with standard contractual clauses for cross-border transfers where required.

Changes to this policy

We’ll update this page when our practices change. If the changes are material, we’ll notify you by email or SMS before they take effect. The “last updated” date at the top of the page always reflects the current version.

Contact us

Privacy questions, data requests, or complaints:

privacy@familiar.health
Familiar Health Foundation
2261 Market Street STE 13647
San Francisco, CA 94114