REMEMBERLY PRIVACY POLICY

1. INTRODUCTION

Rememberly LLC ("Rememberly," "we," "us," or "our") provides an AI-powered voice companion service designed for elderly individuals, including those residing in assisted living facilities, memory care facilities, and similar eldercare settings, as well as those living independently (the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service. This Policy applies to:

• Users who subscribe to and use the Service
• Family members and caregivers who may have authorized access to user information
• Visitors to our website (www.remember.ly)

Note: While assisted living facilities may recommend our Service to residents, facilities have no access to any individual user data. Rememberly operates as a direct-to-consumer (B2C) service.

IMPORTANT: By using the Service, you acknowledge and agree to the data collection, use, and sharing practices described in this Policy. If you do not agree with this Policy, you should not use the Service.

2. INFORMATION WE COLLECT

2.1 Voice Capture, Processing, and Transcripts

The Service includes "always-on" voice listening capabilities.

When users interact with the Service, we capture and process audio as follows:

Audio Capture and Processing:

• The device continuously listens for voice interactions when powered on and operational
• When speech is detected, audio is captured by the device's microphone
• Audio may include:
  • The user's voice
  • Voices of visitors, family members, and caregivers
  • Background conversations and ambient sounds
  • Any other audio within range of the device's microphone
• Captured audio is transmitted to our servers (or cloud service providers) for speech-to-text conversion
• Audio is temporarily held in processing queues and cache during transcription
• Audio is discarded immediately after transcription and is not permanently stored

Transcripts Stored:

• We store text transcripts (written versions) of voice interactions
• Transcripts may be retained indefinitely or as specified in your subscription agreement
• Transcripts include the content of conversations but not voice characteristics nor audio recordings

No Expectation of Privacy: There is no expectation of privacy for any conversations that occur within range of the device's microphone when the Service is active and unmuted. All audio captured may be transcribed and stored as text. Users have the option to "mute" the Service at any time to stop the collection and processing of audio from the microphone.

2.2 User Information

We collect information about users provided by you, your authorized family members, or entered into our system, including:

• Name and demographic information
• Medication schedules and reminder preferences
• Activity preferences and interests
• General location information (optional)
• Notes or preferences entered by authorized family members or caregivers
• Close friends and family names and contact information
• Information disclosed by users during conversations with the Service

2.3 Usage Data

We automatically collect information about how the Service is used:

• Frequency and duration of interactions
• Features and functionalities accessed
• Time and date of interactions
• Topics discussed or requested
• Response patterns and engagement metrics
• Service performance and error data

2.4 Device and Technical Information

We collect technical data from devices running the Service:

• Device identifiers and hardware specifications
• IP addresses and network information
• Operating system and software version
• Device location (general area, not precise geolocation)
• Browser type and settings (for Portal access)
• Cookies and similar tracking technologies (on our website and Portal)

2.5 Family Member and Caregiver Information

If you grant family members or caregivers access to user information:

• Name and contact information
• Relationship to the user
• Login credentials and access permissions
• Usage of family portal features

2.6 Information You Provide to Us

We collect information you voluntarily provide through:

• Intake forms on our website
• Email or phone communications with us
• Surveys or feedback requests
• Support inquiries
• Account registration and management

3. HOW WE USE INFORMATION

3.1 To Provide and Improve the Service

We use collected information to:

• Operate and deliver the Service to users
• Provide conversational AI responses
• Deliver medication reminders and information services
• Maintain and improve Service functionality
• Personalize the user experience
• Troubleshoot technical issues
• Provide customer support
• Analyze usage patterns and trends
• Develop new features and enhancements
• Conduct research and development
• Test and optimize Service performance

3.2 Individual Data Not Used for AI Training

We do NOT use individual user conversations, transcripts, or personal information to train our core AI language models.

However, we DO monitor and analyze data to improve Service performance, enhance features, and understand usage patterns. This analysis helps us optimize the Service without using your individual conversations to train the underlying AI models.

3.3 Aggregated and Anonymized Data

We create and use aggregated, anonymized, or de-identified data that does not identify specific individuals for:

• Product development and improvement
• Industry research and analysis
• Benchmarking and comparative studies
• Marketing and promotional purposes
• Thought leadership content (blog posts, white papers, presentations)
• Academic or scientific research
• Sharing with third parties or the public

Anonymized data means data that has been processed so it cannot reasonably be used to identify specific individuals, either alone or in combination with other available information.

3.4 Communications

We may use your contact information to:

• Send service-related notifications and updates
• Respond to inquiries and support requests
• Provide technical support
• Send billing invoices and payment confirmations
• Notify you of material changes to the Service or this Policy
• Send marketing communications (you may opt out as described in Section 9)

3.5 Legal and Safety Purposes

We may use and disclose information when we believe it is necessary to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from government authorities
• Enforce our Terms of Use
• Protect the rights, property, or safety of Rememberly, our users, or the public
• Detect, prevent, or address fraud, security issues, or technical problems
• Investigate potential violations of our policies

4. HOW WE SHARE INFORMATION

4.1 Regarding Assisted Living Facilities

Facilities do NOT have access to any individual user data whatsoever. Rememberly operates as a direct-to-consumer (B2C) service where users or their designated family members subscribe directly. Facilities may only recommend the Service.

To be clear: Facilities cannot access conversation transcripts, user profiles, usage data, or any other individual user information. Only authorized family members or caregivers designated by the user may access user data.

4.2 With Authorized Family Members and Caregivers

If you grant access to authorized family members or caregivers (with proper consent), we may share:

• Conversation transcripts or summaries
• Usage and engagement information
• General activity reports
• Note-taking summaries
• Any other information you have authorized to be shared

4.3 With Service Providers and Subcontractors

We share information with third-party service providers who perform services on our behalf, such as:

• Cloud hosting and data storage (e.g., AWS, Azure, Google Cloud, Lovable)
• Data processing and analytics services
• AI/LLM services
• Customer support platforms
• Payment processors
• Marketing and communication tools
• Security and fraud prevention services

All service providers are contractually required to:

• Use information only for the purposes we specify
• Implement appropriate security measures
• Maintain confidentiality of the information

A list of our primary subprocessors is available upon request by contacting privacy@remember.ly.

4.4 For Legal Reasons

We may disclose information when required by law or when we believe disclosure is necessary to:

• Comply with a subpoena, court order, or other legal process
• Respond to government or regulatory requests
• Enforce our legal rights or defend against legal claims
• Investigate potential violations of law or our policies
• Protect the safety or rights of Rememberly, our users, or the public

When legally permitted, we will provide notice to affected parties before disclosing information in response to legal requests.

4.5 Business Transfers

If Rememberly is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, information may be transferred as part of that transaction. We will notify affected parties of any such transfer and any choices they may have regarding their information.

4.6 With Your Consent

We may share information for other purposes with your consent or at your direction.

4.7 Aggregated and Anonymized Information

We may freely share aggregated, anonymized, or de-identified information that does not identify specific individuals with:

• Business partners
• Researchers and academics
• Industry organizations
• The general public
• Any other third parties

5. DATA RETENTION

5.1 Active Subscription Period

During your active subscription, we retain:

• Conversation transcripts: Two (2) years on a rolling basis
• Audio recordings: Not retained - audio is discarded immediately after transcription
• User profiles and information: For the duration of the subscription
• Usage and analytics data: For the duration of the service relationship

Note on Temporary Audio: While audio is not permanently stored, it may exist briefly (seconds to minutes) in:

• Device memory during capture
• Transmission to servers
• Processing queues and cache during speech-to-text conversion
• System logs (if errors occur during processing)

All temporary audio is automatically purged within 30 days as part of normal system operations.

Protected Health Information (PHI) Redaction: We make reasonable efforts to automatically redact Protected Health Information (PHI) from system logs, error reports, and ephemerally stored data. However, we do not guarantee 100% elimination of PHI from these systems. Our redaction processes are designed to minimize the presence of sensitive health information in operational data, but some PHI may remain in logs or temporary storage due to technical limitations. All such data is subject to our security measures and retention policies described in this Policy.

5.2 After Subscription Ends

When your subscription ends or when a user account is closed:

• Conversation transcripts and user data will be retained for 90 days to allow data export, then deleted
• Audio recordings: Not applicable - audio is not permanently stored
• Backup copies of transcripts may remain in backup systems for up to 90-180 days following deletion from production systems
• Aggregated and anonymized data may be retained indefinitely
• Billing and transaction records may be retained as required for accounting, tax, and legal compliance purposes

5.3 Legal Obligations

Notwithstanding the above, we may retain information longer when:

• Required by applicable law or regulation
• Necessary to comply with legal obligations
• Needed to resolve disputes or enforce our agreements
• Subject to a litigation hold or investigation

5.4 Requesting Deletion

Users or their legal representatives may request deletion of their data by contacting us directly at privacy@remember.ly or through their account settings.

Please note that some information may be retained in anonymized form or as otherwise permitted by law.

6. DATA SECURITY

6.1 Security Measures

We implement reasonable technical, administrative, and physical security measures designed to protect information from unauthorized access, disclosure, alteration, and destruction, including:

Technical Safeguards:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest using AES-256 encryption
• Secure authentication and access controls
• Regular security monitoring and logging
• Firewalls and intrusion detection systems
• Vulnerability scanning and penetration testing

Administrative Safeguards:

• Employee training on data security and privacy
• Background checks for employees with data access
• Confidentiality agreements for all personnel
• Access controls limiting data access to authorized personnel only
• Incident response and breach notification procedures
• Regular security policy reviews and updates

Physical Safeguards:

• Secure data centers with restricted physical access
• Environmental controls and disaster recovery measures
• Redundant systems and data backups

6.2 Third-Party Security Certifications

The 3rd party systems we use to process and store audio recordings, text transcripts, and all other program data are either SOC 2 Type I or Type 2 compliant and we follow industry-standard security frameworks and best practices.

6.3 Limitations on Security

Despite our security efforts, no system is completely secure. We cannot guarantee that:

• Information will be completely secure from unauthorized access
• Security breaches will not occur
• Data will be protected against all potential threats

You acknowledge and accept the inherent security risks of internet-based services and electronic data storage.

6.4 Data Breach Notification

In the event of a data security incident that compromises personal information, we will:

• Investigate the incident promptly
• Take steps to contain and mitigate the breach
• Notify affected users and, as required by law, affected individuals
• Provide information about the nature of the breach and recommended protective measures
• Cooperate with regulatory authorities as required

7. YOUR RIGHTS AND CHOICES

7.1 Access to Information

Access your conversation transcripts and other information through your account on the Rememberly Portal or by contacting us at privacy@remember.ly.

7.2 Correction of Information

If information about you is inaccurate or incomplete, update information directly through your account or contact us at privacy@remember.ly for assistance.

7.3 Deletion of Information

You may request deletion of your data by:

• Withdrawing consent to participate in the Service
• Contacting us at privacy@remember.ly
• Through your account settings

Limitations: Some information may be retained as described in Section 5 (Data Retention) or as required by law.

7.4 Opt-Out of Marketing Communications

You may opt out of receiving promotional emails from us by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@remember.ly
• Updating your communication preferences in your account settings

You cannot opt out of service-related or administrative communications (e.g., billing notices, service updates, security alerts).

7.5 Do Not Track Signals

Our website and Portal do not currently respond to "Do Not Track" browser signals. You may disable cookies through your browser settings, though this may affect functionality.

7.6 State-Specific Privacy Rights

Depending on your location, you may have additional rights under state privacy laws. See Section 9 for information about state-specific rights.

8. CHILDREN'S PRIVACY AND INCIDENTAL CAPTURE

8.1 Service Not Directed to Children

The Service is designed for elderly adults and is not directed to, marketed to, or intended for use by individuals under 18 years of age. We do not knowingly collect personal information directly from children for purposes of providing them services.

8.2 Incidental Capture and Transcription of Visitor Speech

Because the Service uses always-on voice listening, the voices of visitors - including children - may be incidentally captured and transcribed when they visit users.

This incidental capture and transcription may occur when:

• Children visit their grandparents or other elderly relatives
• Minors accompany adult visitors
• Children are present in areas where devices are located and active
• Any other circumstances where minors are within range of the device's microphone

What this means:

• Audio of children's voices may be temporarily captured and processed
• Transcripts (text versions) of conversations involving children may be permanently stored
• Audio of children's voices is not permanently stored (audio is discarded after transcription)

We do not intentionally target, collect, or solicit information from children. However, the nature of always-on listening means that any person in proximity to the device may have their speech captured and transcribed. Users of the service may "mute" the microphone to disable audio capture at any time.

8.3 User Responsibility for Visitor Notice

Users are responsible for:

• Informing visitors that voice capture and transcription is occurring
• Ensuring that parents, guardians, and visitors are aware of the voice capture
• Obtaining any consents required under applicable law for capturing and transcribing visitors' speech, including minors
• Complying with all applicable laws regarding recording in their jurisdiction

Example Visitor Notice: Users should inform visitors: "Voice Recording in Progress - Conversations in this area may be recorded by AI companion technology."

8.4 No Obligation to Monitor or Remove

We do not monitor conversation transcripts to identify whether children's speech is present, and we have no obligation to review or remove transcripts that may incidentally include children's speech.

Our Service is not designed to distinguish between adult and child voices in transcripts, and we do not undertake to filter, flag, or delete transcripts based on the age of speakers.

8.5 Parental Rights and Requests

If a parent or guardian becomes aware that their child's speech was captured and transcribed and wishes to have those transcripts deleted, they may:

1. Contact us directly at privacy@remember.ly
2. Request deletion of specific transcripts
3. Provide sufficient information to identify the date, time, and location of the conversation

We will accommodate reasonable deletion requests, subject to:

• Our ability to identify the specific transcript(s) in question
• Any legal obligations to retain the transcript
• Our standard data retention policies

Note: Audio of the child's voice is not permanently stored and was discarded immediately after transcription, so there is no audio recording to delete.

Response Time: We will respond to verified parental requests within a reasonable timeframe, typically within 30 days.

8.6 COPPA Compliance

This Service is not subject to the Children's Online Privacy Protection Act (COPPA) because:

• The Service is not directed to children under 13
• We do not knowingly collect personal information from children for the purpose of providing them services
• Any collection of children's voices is incidental to the Service's intended use by elderly adults

However, we take the privacy of all individuals, including children, seriously and have implemented the measures described in this section to address incidental capture concerns.

8.7 Contact for Children's Privacy Concerns

If you have questions or concerns about children's privacy or incidental recording, please contact:

Privacy Team
Email: privacy@remember.ly
Phone: (839) 225-5487
Subject Line: "Children's Privacy Inquiry"

9. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

9.1 Categories of Information Collected

We collect the following categories of personal information as defined by California law:

• Identifiers: Name, contact information, online identifiers
• Audio Information: Voice capture (temporarily) and conversation transcripts
• Internet Activity: Usage data, browsing history on our website, Portal activity
• Geolocation Data: Approximate location (general area)
• Inferences: Preferences, characteristics, and behavior patterns derived from usage

9.2 Sources and Purposes

See Sections 2 (Information We Collect) and 3 (How We Use Information) for detailed information about sources and purposes.

9.3 Information Sharing

We share information with the categories of third parties described in Section 4 (How We Share Information).

9.4 Sale and Sharing of Personal Information

We do not "sell" personal information as defined by California law.

We do not "share" personal information for cross-context behavioral advertising purposes.

9.5 Your California Rights

California residents have the right to:

Right to Know: Request disclosure of:

• Categories of personal information collected
• Categories of sources from which information was collected
• Business or commercial purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information collected about you

Right to Delete: Request deletion of your personal information, subject to certain exceptions.

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: we do not sell or share as defined by law).

Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information (Note: conversation transcripts may be considered sensitive personal information).

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

9.6 Exercising Your Rights

To exercise your California privacy rights:

• Email: privacy@remember.ly
• Phone: (839) 225-5487
• Mail: Rememberly, LLC | 32527 Green Bend Ct, Magnolia, TX 77354

We will verify your identity before responding to requests. We will respond within 45 days (extendable by an additional 45 days if necessary).

9.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

9.8 Retention Period

We retain personal information for as long as described in Section 5 (Data Retention).

9.9 California Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10. OTHER STATE PRIVACY RIGHTS

10.1 Virginia, Colorado, Connecticut, Utah, and Other States

Residents of certain states have privacy rights similar to those in California. If you reside in Virginia, Colorado, Connecticut, Utah, or another state with comprehensive privacy legislation, you may have rights including:

• Right to access your personal information
• Right to correct inaccuracies
• Right to delete your personal information
• Right to opt out of targeted advertising and sales
• Right to obtain a copy of your personal information

To exercise these rights, use the contact information in Section 9.6.

10.2 Texas

Texas residents may have rights under the Texas Data Privacy and Security Act (TDPSA) when it becomes effective. We will update this Policy to reflect Texas-specific rights as applicable.

10.3 Nevada

Nevada residents may opt out of the "sale" of personal information. We do not sell personal information as defined by Nevada law.

11. INTERNATIONAL DATA TRANSFERS

The Service is designed for use in the United States. Information collected through the Service is stored and processed in the United States.

If you access the Service from outside the United States, please be aware that:

• Your information may be transferred to, stored, and processed in the United States
• U.S. privacy laws may differ from the laws in your country
• By using the Service, you consent to the transfer of your information to the United States

The Service is NOT designed to comply with GDPR or other international privacy regulations. We do not target or market to individuals in the European Union or other regions with strict data protection laws.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes:

• We will post the updated Policy on our website (www.remember.ly)
• We will update the "Last Updated" date at the top of this Policy
• For material changes, we will provide additional notice by:
  • Emailing users with active subscriptions
  • Posting a prominent notice on our website
  • Providing notice through the Service or Portal

Your Continued Use: Continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically.

13. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Rememberly, LLC
Email: privacy@remember.ly
Phone: (839) 225-5487
Mail: Rememberly LLC, 32527 Green Bend Ct, Magnolia, TX 77354

Data Protection Officer: Jeff Shenk (jeff@remember.ly)

14. EFFECTIVE DATE

This Privacy Policy is effective as of October 1, 2025 and was last updated on November 24, 2025.