Privacy Policy
Last updated: May 7, 2026
Overview
Grand Dan is a voice companion system designed to support people living with Alzheimer's disease. This Privacy Policy describes how we collect, use, and protect information when you use our services. We treat all data related to the person being helped as strictly sensitive.
Information We Collect
- Personal identity information — name, family member names and contact information, home address, and room number. This information is loaded into the AI companion so it can provide personal, meaningful conversations.
- Audio data — voice conversations are streamed in real time to an AI voice assistant for processing. Audio is not stored on our servers beyond what is necessary for conversation logs.
- Conversation logs — transcripts of voice conversations, including timestamps and session duration. These logs are used to identify knowledge gaps, monitor engagement, and detect patterns such as repeated distress signals.
- Location data — GPS coordinates are collected to support location awareness features ("Where am I?"), geofence monitoring, and caregiver safety alerts.
- Device tokens — Apple Push Notification Service (APNs) tokens are registered by iOS and watchOS devices to deliver scheduled audio announcements.
- Mobile phone numbers — collected from caregivers who opt in to SMS alerts. Used only to deliver safety notifications; never shared with third parties or used for marketing.
- Usage data — session timestamps, duration, and frequency of use to understand engagement patterns.
How We Use Information
- To power the conversational AI experience, including loading personal context (name, family, home) into each session.
- To deliver scheduled audio announcements such as weather updates, time checks, and routine reminders.
- To monitor location for safety, including geofence exit alerts to caregivers.
- To detect and alert on repeated distress signals or unusual patterns.
- To provide caregivers with a dashboard showing recent conversations, location history, and alert logs.
- To send SMS safety alerts to caregivers who have opted in, such as geofence exit notifications and distress signal warnings.
- To improve the system over time by identifying knowledge gaps and usage trends.
Who Can Access Information
- Caregivers and family members with authorized accounts can view conversation logs, location history, and alerts for the person they are authorized to support. They cannot access data for other persons.
- System administrators can access all data for maintenance and support purposes.
- The person being helped never has a user account and cannot access the dashboard.
Data Storage and Retention
- Conversation logs are stored for caregiving purposes and reviewed regularly for relevance.
- Location data is stored for monitoring and safety; it is not retained at a granularity or for a period longer than caregiving requires.
- Audio files generated for scheduled announcements are cached on devices and removed from servers after 24 hours.
- Device tokens are updated automatically; stale tokens are removed when push notifications fail.
Data Sharing
We do not sell or share personal data with third parties. Information may be transmitted to the following service providers solely to deliver the functionality described above:
- Hume AI — for real-time conversational voice processing (speech-to-speech via EVI) and text-to-speech synthesis for scheduled announcements.
- Apple Push Notification Service — to deliver scheduled audio announcement notifications to iOS and watchOS devices.
- Twilio — to deliver SMS safety alert messages to caregivers who have opted in.
All other service providers (mapping, weather) are used only for feature functionality and are not involved in data storage.
Security
We take security seriously, especially given the sensitive nature of the data we handle:
- All audio connections require authentication before any audio reaches the AI assistant.
- Data is access-controlled: caregivers see only the persons they are authorized for.
- Geofence exits and distress signals trigger immediate caregiver alerts.
- Location data is not logged at a granularity beyond what caregiving requires.
Prototype note: The current prototype uses a device ID as a shared secret for authentication. This is a temporary measure and will be replaced with proper authentication before any real-world deployment.
SMS Communications
Caregivers may opt in to receive SMS text messages for safety alerts — for example, when the person they support exits a geofence or triggers a distress signal. By providing a mobile number and opting in, you agree to receive these messages.
- Message frequency: Alert frequency varies based on activity. During normal operation, most caregivers receive fewer than a few messages per week. Unusual events such as geofence exits may trigger additional messages.
- Message and data rates may apply. Standard carrier rates for messaging and data apply to all SMS messages we send.
- We do not share mobile numbers with third parties for marketing purposes. Phone numbers are used solely to deliver safety alerts through Twilio.
- To stop receiving messages, reply STOP to any message at any time.
- To request help, reply HELP or contact us at tworock.io/contact.
Children and Vulnerable Adults
This system is specifically designed to support a vulnerable adult. The person being helped does not create an account. All access is managed through authorized caregiver accounts.
Your Rights
If you are a caregiver using the service, you may request access to, correction of, or deletion of the data associated with the person you support. Contact us at the email below to make a request.
Changes to This Policy
We may update this Privacy Policy as the system evolves. Any changes will be posted on this page with an updated date.
Contact
If you have questions about this Privacy Policy or how we handle your data, please contact us: