Privacy Policy

1. Who is the Data Controller?

Controller	CuidadIA
Address	Málaga, Andalusia, Spain
DPO / Privacy Contact	hola@cuidadia.com
Phone	+34 611 124 891

CuidadIA acts as the data controller for the personal data of service users (older adults) and, where applicable, guardians or family members who receive information derived from the system.

2. What Data Do We Process and Why?

We process only the data strictly necessary to provide safe, human, and effective daily companionship:

Purpose	Data Processed	Legal Basis
Daily Conversational Companionship	Name, phone number, basic routines, schedule preferences, emotional state detected via voice.	Explicit Consent
Early Risk Detection	Voice patterns (tone, coherence, vocabulary), IoT data (mobility, kitchen use, hydration, temperature).	Consent + Vital Interest (Art. 6.1.d GDPR)
Daily Summaries for Guardian	Encrypted conversation transcript, validated alerts, wellbeing indicators.	Consent of the older adult and the guardian
Contractual Management (B2B/B2G)	Institutional contact data, billing, aggregated impact metrics.	Contract Execution

⚠️ We do not process sensitive biometric or health data without reinforced consent.

🚫 We never sell, rent, or share data with third parties for advertising purposes.

3. Ethical Technology: Zero Surveillance, Zero Recordings

Our system is designed under the principle of minimal intervention:

🎙️

No Permanent Recordings

Conversations are transcribed in real-time, and voice files are deleted immediately after transcription.

📷

No Cameras or Ambient Microphones

IoT sensors only record activity patterns (fridge opening, movement in rooms).

🔐

End-to-End Encryption

Banking-standard encryption during transmission and storage (TLS 1.3 + AES-256).

🗑️

Immediate Revocation

The user can withdraw consent at any time — the service is deactivated and data is deleted within a maximum of 72 hours.

4. Who Do We Share Data With?

With the designated guardian (family member, caregiver, institution), always with double consent.
With essential technical providers (cloud hosting, telecommunications), duly bound by data processor contracts and subject to security audits.
With public authorities, only if there is a legal obligation or imminent risk to life.

🚫 We do not share data with social networks, advertisers, or scoring companies.

5. Rights of Individuals

Older adults and their guardians have the right to:

Access their data

Rectify incorrect data

Delete their data

Limit processing

Object to processing

Data portability

Withdraw consent

Claim before the AEPD

To exercise these rights, write to hola@cuidadia.com. We will respond within a maximum of 10 business days.

6. Data Retention

Personal data is retained only for the duration of the service relationship.

After termination, it is definitively deleted within a maximum of 30 days.

Aggregated and anonymised metrics (without personal identification) may be retained for statistical purposes and social impact reports.

7. Ethical Commitment Beyond the Law

At CuidadIA, privacy is not a legal requirement — it is an act of respect. That is why:

We design technology that "observes without looking" and "feels without touching."
We prioritise adult dignity over technical efficiency.
We evaluate every decision with the question: Does this honour the older adult?

Thank you for trusting us.
Because ageing at home should not mean ageing in oblivion… nor in exposure.

— CuidadIA Team · hola@cuidadia.com · +34 611 124 891 · Málaga, Andalusia

Talk to ANA right now