Legal
Privacy Policy
May 14, 2026
Introduction
Avenant builds technology that accompanies people through the later chapters of life. Because the people we serve include elderly individuals who may be vulnerable, and because the data we handle includes health information, biometric identifiers, and intimate memories, we treat privacy not as a compliance obligation but as a core design principle.
This policy explains what personal data Avenant collects, where it is stored, how it is protected, how long we retain it, and what rights you hold. It applies to the Avenant Companion application, the Avenant Connect application for families and care networks, and this website.
Who We Are
Avenant is the data controller for all personal data collected through our products and this website.
If you have questions about how we handle your personal data, or wish to exercise any of your rights, please contact our Data Protection Officer at privacy@avenant.care.
What We Collect
The table below provides a complete, structured account of every category of personal data we collect — including where it is stored, how it is encrypted, how long we retain it, and for what purpose. We collect only what is strictly necessary to deliver the service.
Biometric data (faceprints and voiceprints) is processed exclusively on-device. Raw images and audio recordings are never stored. Functional health indicators are self-reported by the user and collected under the WHO International Classification of Functioning, Disability and Health (ICF) taxonomy, solely to adapt the companion experience to the user's accessibility needs.
| Data | Storage | Encryption | Retention | Purpose |
|---|---|---|---|---|
| Account & Identity | ||||
Name | Platform | AES-256 at rest · TLS 1.3 in transit | Until account closure + 30-day grace period | Personalisation & authentication |
Email address | Platform | AES-256 at rest · TLS 1.3 in transit | Until account closure + 30-day grace period | Authentication & notifications |
Password Stored as a bcrypt hash; plaintext is never retained. | Platform | bcrypt (cost 12) | Until account closure | Authentication |
Phone number | Platform | AES-256 at rest · TLS 1.3 in transit | Until account closure + 30-day grace period | Emergency escalations & notifications |
Faceprint Facial embedding used for recognition only; raw images are never stored. | Device | AES-256 at rest | Until account closure; auto-purged after 90 days without an active session | Avatar personalisation, familiar face recognition, and conversation risk handling |
Voiceprint Voice embedding used for speaker recognition only; raw audio is never stored. | Device | AES-256 at rest | Until account closure; auto-purged after 90 days without an active session | Avatar personalisation, speaker identification, and conversation risk handling |
| Health & Medication | ||||
Medication record Names, dosage, schedule and side-effect notes entered by the user. | DevicePlatform | AES-256 at rest · TLS 1.3 in transit · E2E | Until account closure; auto-purged after 12 months without an active session | Medication tracking, reminders, adherence monitoring and personal health journaling |
Prescriber details Optional field, only stored if entered by the user. | DevicePlatform | AES-256 at rest · TLS 1.3 in transit · E2E | Until account closure; auto-purged after 12 months without an active session | Contact reference |
Functional health indicators Self-reported cognitive, hearing, mobility, speech and vision indicators per the WHO ICF taxonomy. | DevicePlatform | AES-256 at rest · TLS 1.3 in transit · E2E | Until account closure; auto-purged after 12 months without an active session | Accessibility adaptation (subtitles, speech pacing, vocabulary complexity, turn timing) and context awareness |
| Memories | ||||
Conversation memories Significant moments, preferences and personal details surfaced or confirmed during companion conversations. | Platform | AES-256 at rest · TLS 1.3 in transit · E2E | Until account closure; auto-purged after 12 months without an active session | Continuity of personalised companion experience across sessions |
Shared media & content Photos, voice notes and messages sent by Connect account members to the resident. | Platform | AES-256 at rest · TLS 1.3 in transit · E2E | Until account closure or sending member's request; auto-purged after 12 months without an active session | Family connection, reminiscence and emotional wellbeing |
| Device & Session | ||||
Device identifier Anonymised local ID with no link to personal identity. | Device | Local keychain / secure enclave | Session only | Security & fraud prevention |
Push notification token | Platform | TLS 1.3 in transit | Until revoked or app uninstalled | Medication reminders |
OS & app version | Platform | TLS 1.3 in transit | 30 days | Compatibility & crash diagnostics |
| Usage & Analytics | ||||
Feature interactions Aggregated counts only; no personally identifiable information attached. | Platform | TLS 1.3 in transit · anonymised | 90 days rolling | Product improvement |
Crash & error logs Stack traces only; no health or personal data included. | Platform | TLS 1.3 in transit | 30 days | Stability & debugging |
- E2E ·
- End-to-end encrypted · readable only on authorised devices.
- Device ·
- Stored locally; never leaves the device without explicit user-initiated sync.
- Platform ·
- Avenant’s cloud infrastructure. All platform data is tenant-isolated and held behind region-specific VPCs in accordance with GDPR, Law 25 (Québec), and HIPAA requirements. Access is governed by a strict least-privilege model, logged in tamper-evident immutable journals, and subject to ongoing compliance audits.
How We Use Your Data
We use personal data strictly for the purposes stated in the table above. We do not sell personal data, share it with advertisers, or use it to train general-purpose AI models.
Health data, biometric identifiers, and conversation memories are processed exclusively within Avenant's systems and are never disclosed to third parties without your explicit consent, except where required by law or in a genuine emergency escalation. In the latter case, only the minimum necessary information is shared with your designated emergency contact.
Storage & Security
All platform data is held on servers located in the European Union. Each user's data is tenant-isolated — logically and cryptographically separated from all other tenants — and stored behind region-specific Virtual Private Clouds (VPCs) in accordance with GDPR, Law 25 (Québec), and HIPAA requirements.
Biometric and health data is end-to-end encrypted: encryption keys are derived on the resident's device and are never transmitted to our servers in plaintext. Access to platform infrastructure is governed by a strict least-privilege model: all administrative access is authenticated via hardware security keys, logged in tamper-evident immutable journals, and subject to regular independent compliance audits.
Data Retention
We retain personal data only for as long as it is needed for its stated purpose. Because the people we serve may lose the capacity to actively manage their account, we apply automatic inactivity-based retention caps in addition to user-initiated deletion:
- Biometric data (faceprint and voiceprint) is automatically purged after 90 days without an active session, even if the account remains open.
- Health data, medication records, conversation memories, and shared media are automatically purged after 12 months without an active session.
- Core identity data (name, email address, phone number) is retained until account closure, with a 30-day grace period for accidental closure.
When an account is closed — whether by the user, a legal representative, a care facility, or by automatic inactivity detection — all personal data is irreversibly deleted within 30 days.
Your Rights
Depending on your jurisdiction, you hold the following rights regarding your personal data:
- Right of access: you may request a copy of all data we hold about you.
- Right to rectification: you may correct inaccurate or incomplete data.
- Right to erasure: you may request deletion of your data at any time.
- Right to data portability: you may request your data in a structured, machine-readable format.
- Right to restrict processing: you may request that we limit how we use your data while a dispute is resolved.
- Right to object: you may object to any processing not strictly necessary to deliver the service.
- Right to lodge a complaint: you may contact your national or provincial supervisory authority at any time.
These rights apply under the GDPR (EU and EEA), Law 25 (Québec, Canada), and HIPAA (United States) as applicable to your situation. To exercise any of these rights, contact us at privacy@avenant.care. We will respond within 30 days.
Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, legal requirements, or product features. When we make material changes, we will notify active users through the application and update the Last Updated date at the top of this page.
Your continued use of Avenant's services after any change constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.