Skip to main content
Privacy Dossier

Boojee Companion Care

Privacy Policy

Effective date: [DATE] · Last updated: [DATE] · Version DRAFT-1 / 2026-07-15

Boojee Companion Care ("Companion Care," "we," "us") provides a voice-enabled AI companion for older adults offering daily well-being check-ins, validated wellness screenings, and — with your permission — notifications to a caregiver. This Policy explains what data we collect, how we use and protect it, who we share it with, and the rights you have. Companion Care is wellness support. It is not medical care, not a medical device, and not an emergency service.

This Policy includes our dedicated Consumer Health Data Privacy Policy required by Washington's My Health My Data Act and Nevada SB370 (Section 8). A direct link to it appears on our homepage.

1 · Who we are and how HIPAA applies

For consumers who sign up directly, Companion Care is generally not a HIPAA "covered entity" or "business associate," so HIPAA does not govern the data you give us directly. Instead your data is protected by the Federal Trade Commission Act, the FTC Health Breach Notification Rule, and state consumer-health-data and privacy laws below. We do not claim to be "HIPAA compliant." If we ever provide services on behalf of a health plan or provider that make us a HIPAA business associate, that PHI is handled under a separate Business Associate Agreement and notice.

2 · Information we collect

You provide

  • Account/contact information: name, email or phone, and optionally your caregiver's name and contact.
  • Well-being check-ins: mood rating, whether you slept, took medications, ate, a pain level (optional), and free-text notes.
  • Wellness screening responses: answers and scores for the UCLA-3 Loneliness Scale, PHQ-2, PHQ-9, and GAD-7. These are screening tools, not diagnoses.
  • Voice input: we use speech recognition to convert your words to text. We do not create a "voiceprint" and do not use your voice to identify you. We discard the raw audio after transcription.

Collected automatically (minimal)

  • Basic technical/security data (timestamps, coarse device/browser info, logs) to operate and secure the service. We do not collect precise geolocation, and we do not use geofencing.

We do NOT collect: Social Security numbers, financial account numbers beyond what a payment processor needs, or biometric identifiers (no voiceprints, no face/fingerprint data).

3 · Sensitive / health data

Your mood, loneliness, depression, anxiety, and screening data is health data and is treated as sensitive. We collect and use it only to provide the service you asked for. We ask for your separate, explicit consent before collecting it (see the Informed Consent / Enrollment Agreement).

4 · How we use your information

  • Provide daily check-ins and companionship.
  • Administer and score wellness screenings and show you your results and trends.
  • Detect possible crisis indicators and surface the 988 Suicide & Crisis Lifeline (and 911 for immediate physical danger).
  • With your consent, notify your designated caregiver of alerts or trends.
  • Operate, secure, debug, and improve the service; comply with law.

We do not use your health data for advertising, and we do not sell it. We do not place advertising trackers or third-party analytics that receive your health data on the companion.

5 · How we share information

  • Service providers (processors): we use Amazon Web Services (AWS) to host and store data (Lambda, DynamoDB) and Amazon Polly for text-to-speech, bound by contract to protect your data. A current list of recipient categories is available on request (Section 9).
  • Your caregiver: only the caregiver you designate, only what you consent to (alerts/trends — not raw transcripts), revocable any time.
  • Crisis resources: we surface 988/911 information to you; we are not an emergency service and do not dispatch responders.
  • Legal: if required by law or to protect safety.

We do not sell your personal or health information, and we do not "share" it for cross-context behavioral advertising.

6 · Data retention

We keep your data only as long as needed to provide the service and for a limited period afterward, then delete it on an automated schedule. [STATE RETENTION PERIODS — e.g., check-ins/screenings retained N months; audit logs N months; account data until deletion + N days.] Raw voice audio is discarded promptly after transcription. You can request deletion at any time (Section 7).

7 · Your rights and choices

Depending on where you live, you have the right to: access/know what data we hold and how it's shared; delete your data (we will also ask downstream recipients to delete where required); export/port your data; correct inaccurate data; withdraw consent (including for voice processing or caregiver notification) any time; opt out of any sale/share (we do neither); and limit use of sensitive data (already limited to providing the service).

How to exercise: use the in-app controls or contact us at [privacy@boojee.estate] / [phone]. We verify your identity before acting. We do not discriminate against you for exercising your rights. A caregiver or legally authorized representative acting for someone who cannot may be asked for proof of authority.

8 · Consumer Health Data Privacy Policy (Washington MHMDA / Nevada SB370)

This section is our Consumer Health Data Privacy Policy.

  • Categories of consumer health data collected: mood/well-being indicators; loneliness, depression, and anxiety screening responses and scores; crisis indicators; medication/sleep/eating check-in data; voice input (transcribed to text).
  • Sources: directly from you (typed or spoken).
  • Purposes: to provide the check-in, screening, trend, caregiver-notification, and crisis-resource features you requested — nothing else.
  • Categories shared and with whom: our hosting/processing provider (AWS) under contract; your designated caregiver, with your consent. We do not sell consumer health data and do not share it for advertising.
  • Employee/contractor access to consumer health data is restricted to those who need it to operate the service.
  • Your specific rights: to confirm whether we collect/share your consumer health data, to obtain a list of the third parties and affiliates we share it with, to withdraw consent, and to have your consumer health data deleted (with downstream deletion requests). Contact [privacy@boojee.estate].
  • No geofencing: we do not operate a geofence around any health-care facility.

9 · Notice at Collection (California CCPA/CPRA)

  • Categories collected: identifiers (name, contact); sensitive personal information (health/mental-health data, voice input processed to text); internet/technical activity; caregiver contact you provide.
  • Purposes: to provide and secure the service (Section 4).
  • Sold or shared for cross-context behavioral advertising? No.
  • Retention: see Section 6.
  • Your California rights: to know/access, delete, correct, opt out of sale/share (we do neither), and limit use of sensitive PI; we honor recognized opt-out signals (e.g., Global Privacy Control) where applicable. [Confirm GPC handling.]

10 · Other U.S. state privacy rights

Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws have rights to access, correct, delete, and port data, and to opt out of targeted advertising, sale, and certain profiling. We process sensitive (health) data only with your opt-in consent. Contact [privacy@boojee.estate].

11 · If you are in the EU / UK

We currently intend the service for U.S. residents. If we serve EU/UK users, health data is "special-category" data processed on the basis of your explicit consent (GDPR/UK GDPR Art. 9(2)(a)); you have rights of access, rectification, erasure, restriction, portability, and objection, and rights regarding automated decisions. We would implement an appropriate cross-border transfer mechanism for U.S. storage. Contact [dpo/contact].

12 · Security

We use administrative, technical, and physical safeguards including encryption in transit and at rest, access controls and least-privilege permissions, audit logging, and monitoring. No system is perfectly secure. If a breach of unsecured health data occurs, we will notify affected individuals and regulators as required by the FTC Health Breach Notification Rule and applicable state and (where relevant) HIPAA and GDPR breach rules, within the required timeframes.

13 · Older adults, capacity, and caregivers

Companion Care serves older adults. If you cannot make this decision yourself, a legally authorized representative (such as an agent under a health-care power of attorney, or a guardian) may enroll and consent on your behalf, applying what you would have wanted. Caregiver access is limited, consented, and revocable. A caregiver relationship should never be used to override your choices.

14 · Children

Companion Care is not directed to children under 13 and we do not knowingly collect their data.

15 · Changes

We will post changes here and update the "Last updated" date; material changes affecting health data will be communicated and, where required, re-consented.

16 · Contact

Boojee Companion Care — Privacy: [privacy@boojee.estate][mailing address][phone].