Privacy Policy
Last updated: February 2026
1. Introduction
OurTurn ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications and web services (collectively, the "Service").
OurTurn is a wellness and daily living support tool for families. It is NOT a medical device and does not provide medical advice, diagnosis, or treatment.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, name, password (encrypted)
- Care Profile: Information about your loved one including name, date of birth, home address, emergency contacts, and biographical details you choose to share
- Care Plan Data: Daily tasks, schedules, and instructions you create
- Check-in Data: Mood ratings, sleep quality ratings, and voice notes
- Journal Entries: Notes and observations you record
- Voice Recordings: Audio recordings made through the app (transcribed and stored)
2.2 Information Collected Automatically
- Location Data: GPS location when using location features (with explicit consent)
- Device Information: Device type, operating system, app version
- Usage Data: Features used, timestamps, app interactions
- Push Notification Tokens: For delivering notifications to your devices
3. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Sync data between family members in your care circle
- Send task reminders and safety alerts
- Generate AI-powered care suggestions (processed securely)
- Improve our services and develop new features
- Communicate with you about your account and updates
- Ensure the security of our Service
4. Data Sharing and Disclosure
We do not sell your personal data. We may share information:
- Within your Care Circle: Family members you invite can see shared care data
- Service Providers: We use trusted third parties for hosting (Supabase), email (Resend), AI processing (Google), and payments (Stripe, RevenueCat)
- Legal Requirements: When required by law or to protect rights and safety
4.1 Our Third-Party Processors
- Supabase (database hosting, EU region) — stores all account data, care plans, check-ins, and journal entries. DPA available at supabase.com/privacy
- Google Gemini AI — processes AI Care Coach conversations and transcribes voice notes. Conversation content is sent to Google's API for processing. Google's AI data retention policies apply (see ai.google.dev/terms)
- Google Maps — displays location data on maps within the app. Location coordinates are sent to Google for map rendering only
- Stripe (web payments) — processes subscription payments. Card data is handled entirely by Stripe and never touches our servers. See stripe.com/privacy
- RevenueCat (mobile payments) — manages in-app purchase subscriptions on iOS and Android. See revenuecat.com/privacy
- Resend (email service) — sends notification emails, daily summaries, and safety alerts. Email addresses and notification content are shared with Resend for delivery
- Sentry (error monitoring) — captures error reports and crash data to help us fix bugs. May include device info, app version, and error context. See sentry.io/privacy
All third-party processors are bound by Data Processing Agreements (DPAs) or equivalent contractual safeguards. For EU-to-US transfers, we rely on Standard Contractual Clauses (SCCs).
5. Data Storage and Security
- Data is stored on secure servers in the European Union (GDPR-compliant)
- All data is encrypted at rest and in transit
- We implement industry-standard security measures
- Voice notes are stored with encryption
- Location data is retained for 30 days, then automatically deleted
6. Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Data Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, go to Settings > Privacy & Data in the app, or contact us at privacy@ourturn.care.
7. Location Data
Location tracking is optional and requires explicit consent. You can:
- Enable or disable location features at any time
- Choose which family members can see location
- Set up safe zones that trigger notifications
Location data older than 30 days is automatically deleted.
8. Children's Privacy
OurTurn is not intended for children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.
9. Data Retention
- Account data: Retained until you delete your account
- Care plan data: Retained until you delete your account
- Check-in history: Retained for 2 years or until account deletion
- Location data: Automatically deleted after 30 days
- Voice recordings: Audio files are automatically deleted after transcription (GDPR data minimisation). Transcripts can be deleted by caregivers at any time, or are removed when you delete your account
10. International Transfers
Your data is primarily stored in the EU. When we use service providers outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
In the event of a data breach that poses a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, in accordance with GDPR Articles 33 and 34.
For privacy-related questions or to exercise your rights:
- Email: privacy@ourturn.care
- Address: Bucharest, Romania