Mobile App Privacy Policy

Latest update on January 02, 2026

LUVVI — MOBILE APP FOR FAMILY PRIVACY POLICY

Effective Date: [JANUARY 02, 2026]

Last Updated: [JANUARY 02, 2026]


1. INTRODUCTION

LuvviCare (“Luvvi,” “we,” “our,” or “us”) provides a secure, family-centered communication platform that helps connect authorized family members with their loved ones receiving care in hospitals and healthcare facilities — including NICUs, PICUs, long-term care, rehabilitation, palliative care, hospice, and other settings.

Our Privacy Commitment

  • We do not sell personal data or share it for advertising or profiling.

  • We apply applicable safeguards under HIPAA, GDPR, and other data protection laws.

  • The healthcare facility remains the controller of your loved one’s health information and determines what information may be shared via Luvvi.

2. SCOPE AND CONSENT

This Privacy Policy applies to:

  • Family members, legal guardians, and other authorized individuals (“Family Members,” “you”) using the Luvvi Care App.

  • Use of the app on iOS, Android, and web browsers.

  • All communication and interactions through the platform, including messaging, photo/video updates, livestreaming, Audio Care, and educational content.

By accessing or using the app, you confirm that you understand and agree to this Privacy Policy.

Access to the app requires two-factor authentication via SMS One-Time Password (OTP).

3. INFORMATION WE COLLECT

 

3.1 Information from Healthcare Facilities

Shared under the facility’s control, including:

For NICU/PICU or pediatric care:

  • General care updates (diagnosis, gestational age, feeding status, vital signs)

  • Growth and developmental progress

  • Photos, videos, milestone notes, and progress updates

For adult care (rehabilitation, hospice, long-term care, palliative care):

  • General condition and care updates

  • Therapy participation and activity notes

  • Visitation and communication status

We do not directly access facility medical record systems. All information is shared under the healthcare facility’s authorization.

3.2 Information You Provide

  • Account Information: Name, phone number, email, relationship to the patient, and preferred language

  • Communication Content: Responses to care updates, participation in video calls or livestream options (when supported)

  • Audio Care Content: Voice recordings, lullabies, spoken messages, or selected comforting audio

  • Parental Tracking (NICU/PICU only): Skin-to-skin time, pumping sessions, feeding logs, visit logs

  • Language and Accessibility Settings

3.3 Automatically Collected Information

  • Device Information: Device type, operating system, app version, language settings

  • Security and Access Logs: Login attempts, IP address, session details, authentication records

  • Usage Insights: Features used, content viewed, screen navigation (anonymized where possible)

  • Performance Logs: Loading times, error reports, crash diagnostics (non-identifiable)

4. HOW WE USE YOUR INFORMATION

4.1 Platform Services

  • Deliver secure messaging, photo, video, and care updates

  • Enable livestreaming or two-way video when authorized

  • Support Audio Care features for comfort playback

  • Send real-time push notifications (no sensitive information included)

4.2 Care Support Features

  • Display growth trends, milestones, and developmental insights (NICU/PICU)

  • Provide educational resources based on care stage

  • Offer automatic or manual translation

  • Help coordinate family access and authorized communication

4.3 Operations and Compliance

  • Enforce authentication, prevent unauthorized access, and block unsafe device environments

  • Maintain required audit trails under HIPAA and GDPR

  • Provide technical support and resolve user requests

  • Improve platform features using aggregated or anonymized analytics

5. INFORMATION SHARING

We only share information as described below:

5.1 With Healthcare Facilities

  • Hospitals determine which updates and media can be shared

  • Audio Care recordings may be made available to care teams

  • Communication logs may be stored per facility policies and legal requirements

5.2 With Service Providers (Processors)

We may use vetted third-party providers to support app delivery, including:

  • Secure cloud hosting

  • SMS authentication

  • Push notification platforms (without PHI)

  • Translation services (deleted immediately after processing)

All service providers are contractually required to follow strict privacy and security standards.

5.3 With Sponsors (When Applicable)

  • Sponsors may display branding within the app

  • Sponsors never receive personal or health information

  • Only aggregated, anonymized usage insights may be shared

5.4 Legal Requirements

We may disclose information when required to:

  • Respond to valid legal orders or subpoenas

  • Enforce safety, prevent fraud, or protect individuals from harm

  • Meet obligations relating to public health or compliance laws

❗ We do not share data for marketing, advertising, or unrelated third-party access.

6. DATA SECURITY

We implement multiple protective measures, including:

  • Encryption: AES-256 for stored data; TLS 1.3 for data transmission

  • Authentication: Two-factor login verification and device integrity checks

  • Device Protection: Limits usage on jailbroken or rooted devices, blocks screen recording

  • Architecture: Zero-trust security model and least-privilege access

  • Testing: Regular security reviews and third-party penetration testing

  • Compliance: Designed to meet HIPAA, GDPR, and relevant international standards (ISO 27001 and HITRUST in process)

7. DATA LOCATION AND INTERNATIONAL TRANSFERS

  • Your data is hosted in secure data centers appropriate to your region when possible.

  • If data must be transferred internationally, we use approved legal mechanisms (such as Standard Contractual Clauses).

  • All data transfers are encrypted and handled in compliance with applicable data protection laws.

8. YOUR RIGHTS

8.1 Under HIPAA (United States)

You may have the right to:

  • Access certain health information shared through Luvvi

  • Request corrections to shared information

  • Obtain disclosure records

  • Request communication preferences

8.2 Under GDPR (EU, UK, Switzerland)

You may have the right to:

  • Access, correct, or delete your personal data

  • Restrict or object to certain processing

  • Request data portability

  • Withdraw consent where applicable

8.3 How to Exercise Your Rights

9. CHILDREN’S PRIVACY

The Luvvi Care App is intended for adult use (18+) by parents, guardians, and authorized family members. We do not collect personal information directly from children. All child-related data is provided by healthcare facilities or by the child’s parent/legal guardian.

10. DATA RETENTION


Type of Data

Health Information - As required by law or by healthcare facility

Audio Care Recordings - Until you delete or close your account

Account Information - Active use + up to 3 years

Security/Audit Logs - 6 years (HIPAA)
Technical Logs - 90 days

11. CHANGES TO THIS POLICY

If we make material updates, we will notify you through:

  • In-app notifications

  • Email (if registered)

  • Updated “Last Updated” date at the top of the policy

Changes become effective 30 days after notice, unless legally required sooner.


12. CONTACT

Luvvi

Nyon Business Park

Route de Crassier 7

1262 Eysins

General Privacy: security@luvvi.com

HIPAA & US Compliance: security@luvvi.com

GDPR & International: security@luvvi.com

Security & Incident Reporting: security@luvvi.com