Privacy and Data Protection Policy Statement

VovoCare ("VovoCare", "we", or "us") is a European elder-care and wellness platform committed to protecting your privacy. This Privacy and Data Protection Statement explains what personal data we collect, how we use and protect it, and your rights regarding this information.

We abide by the EU General Data Protection Regulation (GDPR) and applicable national laws so that personal data is handled lawfully, fairly, and transparently. Our platform currently connects families who request care services for an elderly loved one with caregivers who provide care, under the supervision of VovoCare Guardians, our internal care coordinators.

This Privacy Statement covers elder care recipients, family members or legal guardians, caregivers, and VovoCare personnel. Because many elders are vulnerable individuals, we apply heightened safeguards to their data. If an elder cannot consent because of health or capacity, a legal guardian or authorized family member must consent on their behalf. Without such consent, we cannot provide the services.

VovoCare supports health and wellness, but it is not a medical provider. Wellness insights or suggestions, such as noticing memory issues and advising a medical check-up, are recommendations only and are not professional medical advice. We encourage users to consult licensed healthcare professionals for medical concerns.

By using VovoCare services or the platform, you acknowledge that you have read and understood this Privacy Statement. We follow privacy by design and by default: collecting only what is necessary, securing data with strong encryption, and anonymizing or deleting personal data whenever possible.

Personal Data means any information relating to an identified or identifiable natural person, including names, contact details, device IDs, location data, and information relating to physical or health status. Processing means any operation performed on personal data, including collection, storage, analysis, disclosure, or deletion.

Data Subject means the person to whom personal data relates. In our context, this includes elders receiving care, their family members or guardians, caregivers, and relevant personnel.

Controller means the entity that determines the purposes and means of processing personal data. VovoCare is currently operated by Luis Portas de Iberico Nogueira, who acts as controller until any future formal incorporation or restructuring is completed and notified.

Processor means a party that processes personal data on behalf of the controller, such as cloud hosts, payment processors, communications providers, or AI tools acting under VovoCare instructions.

Special Category Data means sensitive personal data given extra protection under GDPR, including health information, biometric data, or data revealing racial or ethnic origin or religious beliefs. VovoCare may handle health-related elder data only with explicit consent or another appropriate legal basis.

Care Recipient or Elder means the older adult receiving care or wellness services through VovoCare. Family Member or Legal Guardian means a person who requests services, manages the care arrangement, or has legal authority to act for the elder. Guardian means a VovoCare internal care coordinator. Caregiver means an individual providing care or wellness services via the platform.

Anonymization means irreversible removal or masking of identifiers so an individual cannot be identified. Pseudonymization means processing data so it cannot be attributed to a specific person without separate additional information, which remains protected.

We collect personal data necessary to provide and improve VovoCare services. This includes information provided directly, data observed during care sessions, data from approved devices, and data from trusted third parties.

Elder and family information may include the elder name, age, identifying details, contact information, family or guardian contact details, addresses, care needs, health conditions, medication information, mobility or dietary needs, cultural or religious preferences relevant to care, emergency contacts, and care instructions. Health and wellness information is special category data and is collected only with explicit consent and strict need-to-know access.

Caregiver information may include name, date of birth, identification documents, address, phone number, email, qualifications, certifications, training, references, background-check materials where permitted by law, schedule, attendance, family feedback, and work-related records. During active care sessions, we may collect real-time caregiver location data so families and VovoCare coordinators know when the caregiver is en route or on site. We do not continuously track caregivers outside service hours.

During care visits, caregivers may use VovoCare-approved wearable devices, such as AI-enabled glasses with cameras and microphones, to document and facilitate the service. These devices may record visual and audio data from the start of a caregiving session until the caregiver indicates that the visit has ended.

Wearable recording is used solely to generate accurate care reports and support quality and safety. After the visit report is generated, raw video, photo, and audio data are automatically and permanently deleted. Only the structured report remains, and it contains no unnecessary personal data. Families or legal guardians explicitly consent to this as part of the service, and caregivers contractually accept it for reporting and quality assurance.

Future wellness devices and smart home sensors may collect data such as heart rate, activity, fall alerts, sleep quality, movement patterns, medication-reminder interactions, room-entry logs, or emergency alarm activations, but only with appropriate consent and only for stated wellness and safety purposes.

Account and payment information may include login credentials, authentication information, invoice details, transaction references, billing information, payment tokens, partial card details, payment dates, amounts, and receipts. VovoCare uses accredited payment processors and generally does not store full payment-card details.

Communications and support data may include emails, support tickets, phone-call recordings where disclosed, feedback, questions, service-update records, and policy-notification records. Technical usage data may include device type, operating system, app version, IP address, login timestamps, security logs, and platform actions such as scheduling a visit or viewing a report.

We minimize data collection to what is relevant and adequate. We do not collect categories of personal data outside this policy without clear consent and an updated notice.

We process data to provide and personalize care services, including matching elders with suitable caregivers, helping caregivers understand care needs, communicating with families, scheduling visits, and responding to emergencies. The usual legal basis is contract performance under Article 6(1)(b) GDPR, with explicit consent under Article 9(2)(a) for health and other special category data.

Visit reports are generated after care sessions using caregiver notes and session data, including approved wearable recordings. Raw media is deleted after the structured report is generated, and final reports may be supported by AI tools but are reviewed and validated by VovoCare staff. Because this reporting is core to the service and involves health observations, we rely on contract and explicit consent.

Consent for visit reporting and wearable processing applies to all data required for the reporting service. Partial or selective consent is not possible where it would prevent safe delivery of the service. If consent is withdrawn, VovoCare will stop processing data for service delivery, but because this processing is essential, the account may be deactivated and services may no longer be available.

We process data for safety monitoring and quality assurance, including caregiver location during active visits, attendance confirmation, task completion, emergency assistance, and internal audits. The legal basis may be legitimate interests under Article 6(1)(f), consent where required, or legal obligation where health and safety law applies.

We process payment and business-operation data to charge authorized payments, issue invoices, pay caregivers, prevent fraud, verify identities, conduct caregiver vetting, enforce terms, keep accounting records, and comply with tax and financial obligations. The legal bases include contract performance, legal obligation, and legitimate interests.

We analyze platform usage and aggregate trends to improve services, train caregivers, identify common wellness issues, and develop new features. Wherever feasible, this uses anonymized or aggregated data. If identifiable data is needed for a new incompatible purpose, we will seek consent or identify another lawful basis and provide notice.

For new features such as AI-assisted wellness coaching, fall-risk prediction, wearable integrations, or elder community services, we will establish an appropriate legal basis, seek explicit consent for special category data where required, and conduct Data Protection Impact Assessments for high-risk processing.

We may also process data for legal compliance, protection of vital interests, regulatory requests, fraud investigations, insurance, legal claims, consent records, or emergency safety. We do not sell personal data or use it for unrelated third-party marketing.

VovoCare processes personal data through computerized systems and human oversight using privacy by design and by default. We follow GDPR principles including data minimization, purpose limitation, accuracy, integrity, confidentiality, and storage limitation.

We collect and process only data that is relevant and necessary. Optional data is marked as optional and collected only if you provide it. This reduces privacy risk and aligns with Article 5(1)(c) GDPR.

Where possible, we pseudonymize or de-identify data. For example, analysis systems may refer to Family Account #123 instead of a name, and external AI tools should receive minimized or pseudonymized information where feasible. Re-identification keys are kept separately with strict access controls.

AI and automation assist processing, but VovoCare does not make consequential decisions about individuals purely by algorithm. Important judgments, such as whether to communicate a health-pattern concern to a family, involve human review. We do not use fully automated decision-making producing legal or similarly significant effects without consent and human-review rights.

Privacy-friendly defaults limit visibility and sharing. Caregiver location is active only during scheduled visits, caregiver access is limited to assigned elders, and families see only information relevant to the service. Future sensors or device features will have clear opt-in requirements where required.

We conduct Data Protection Impact Assessments before high-risk processing, such as new AI analytics, wearable health monitoring, or smart-home sensor deployments. If high risks cannot be mitigated, we will consult the relevant supervisory authority where required.

VovoCare trains employees, caregivers, and contractors on confidentiality, security, device protection, breach reporting, and privacy obligations. Access to sensitive data is logged and monitored, and our handling practices are reviewed periodically.

VovoCare uses external technologies and partners, including artificial intelligence tools and third-party service providers, to provide services efficiently. We remain accountable for personal data processed on our behalf and select partners that meet strict data-protection standards.

Inside the VovoCare platform, personal data is shared only on a need-to-know basis. Assigned caregivers can access relevant elder profile and care instructions. Families or legal guardians can see relevant caregiver information such as name, photo, qualifications, and real-time status during scheduled visits. VovoCare coordinators and support staff access only what they need for their roles.

Processors may include EU cloud hosting and storage providers, payment processors, AI and data-analysis tools, communications services for SMS, email, and in-app messages, analytics tools, error tracking tools, and customer-support systems. We maintain Data Processing Agreements with processors where required.

When using AI tools to transcribe, analyze, or summarize data, we minimize personal data, use pseudonymization where possible, configure services so they do not retain or train on our inputs where available, and ensure AI-generated outputs relating to care or health are reviewed by VovoCare staff before action is taken.

Caregiver background checks and verification may include identity details, contact information, professional qualifications, references, employment history, criminal-record certificates where permitted by law, in-person interview confirmation, and optional premium verification steps. Caregivers are responsible for obtaining and providing official certificates unless otherwise authorized.

Families will not see raw background-check documents. The platform may display verification badges such as ID verified, criminal record certificate submitted, diplomas confirmed, references approved, or in-person interview completed. If a caregiver does not provide required background information, they cannot be activated as a VovoCare service provider.

We may disclose personal data when required by law, to protect rights and safety, in emergencies, to healthcare professionals or authorities where vital interests require it, to report suspected elder abuse or criminal activity, or as part of a business transfer such as merger, acquisition, restructuring, or asset sale. We do not sell personal data or share it for third-party marketing.

VovoCare may process data in anonymized or aggregated form to improve elder care and develop better services. Anonymized data has identifiers irreversibly removed or altered so it can no longer be linked to an individual and is no longer personal data under GDPR.

We may create anonymized datasets about elder care routines, wellness indicators, service outcomes, activity levels, medication adherence, common care needs, and caregiver-training opportunities. We use aggregation, generalization, and removal of direct identifiers to reduce re-identification risk.

Anonymized and aggregated data may be used for research, product development, operational improvement, caregiver training, public or industry insights, marketing statistics, business strategy, and future service planning. If we collaborate with academic or healthcare researchers, we will use anonymized data or seek explicit consent for any personal-data sharing.

We periodically review anonymization techniques. If true anonymization is not feasible, we treat the data as personal data and apply GDPR safeguards, or we do not use it for that purpose without consent.

VovoCare primarily processes and stores personal data within the European Economic Area. Some external partners or technical processes may be located in, or accessible from, countries outside the EEA, such as AI services, communications providers, or customer-support tools.

Where a country has an adequacy decision from the European Commission, we may rely on that decision. This includes jurisdictions or certified organizations considered to provide essentially equivalent data protection.

Where transfers are made to countries without an adequacy decision, we use European Commission Standard Contractual Clauses and assess whether additional technical measures are needed, such as encryption, pseudonymization, or split storage, especially for sensitive data.

In rare cases, we may rely on other GDPR transfer mechanisms, such as explicit consent for a specific transfer after informing you of risks, or contractual necessity where you request data be sent to an overseas recipient. We monitor legal developments and will pause or adjust transfers if safeguards become insufficient.

Under GDPR and national data-protection laws, you may have the right to access your personal data, correct inaccurate or incomplete data, request erasure, restrict processing, receive data portability, object to processing based on legitimate interests, avoid solely automated decisions producing legal or similarly significant effects, withdraw consent, and lodge a complaint with a supervisory authority.

Access means you can ask whether we process your data and request a copy with information about purposes, categories, and recipients. Rectification means you can ask us to correct inaccurate or incomplete information. Erasure may apply where data is no longer necessary, consent is withdrawn and no other basis applies, processing was unlawful, or legal requirements mandate deletion.

Restriction means we may store data but pause active processing in certain cases, such as accuracy disputes or objections. Portability means you can receive data you provided to us, where processed by automated means based on consent or contract, in a structured, commonly used, machine-readable format where technically feasible.

You may object to processing based on legitimate interests, and we will stop unless compelling legitimate grounds override your interests or the data is needed for legal claims. You have an absolute right to object to direct marketing, although VovoCare currently does not use family data for direct marketing.

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect processing already carried out lawfully, but because VovoCare services depend on health-related information and wearable recording, withdrawal may mean we can no longer provide platform access or related services, and your account may be deactivated.

To exercise rights, contact privacy@vovocare.org. We may need to verify your identity or authority. We will respond within one month unless GDPR permits an extension for complex requests. Requests are generally free unless manifestly unfounded, excessive, or repetitive.

We retain personal data only as long as necessary for the purposes described in this policy and in accordance with law. After the retention period, we delete data or irreversibly anonymize it.

Raw visit media, including photos, videos, and audio, exists temporarily only to enable transcription, analysis, and care-report generation. It is stored locally on the caregiver secure app or processed through approved systems as needed, then automatically deleted once the report is generated, typically within minutes after the visit ends.

Visit reports may contain personal observations but not raw images or videos. They are delivered to the family and may be retained briefly in encrypted form to allow app access, continuity of care, or issue resolution. Identifiable reports are deleted or anonymized when no longer needed, especially when service ends, unless legal obligations require retention.

Anonymized datasets may be retained indefinitely because they no longer identify individuals. Caregiver business records are retained for the duration of the working relationship and as required for operational, accounting, payroll, tax, compliance, or dispute-resolution purposes. We do not keep comprehensive historical GPS tracks, although records such as attendance times may be retained where needed.

Legal or compliance data may be retained longer where required for investigations, insurance, tax, accounting, legal claims, regulatory obligations, or safety. Backups follow retention and deletion rules, although immediate deletion from all backups may not always be technically feasible before rotation.

VovoCare uses administrative, technical, and physical safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. This includes encryption in transit and at rest, such as TLS for transmission and strong encryption for stored data.

Access to personal data is limited to personnel and caregivers who need it for their duties. Caregivers access only data for assigned families and only for the active service context. Staff access to sensitive systems is authorized, logged, and limited to legitimate purposes.

VovoCare employees, caregivers, and contractors receive privacy and security training and are bound by confidentiality obligations. Caregiver devices must meet security standards, such as passcode or biometric lock, current operating systems, app sandboxing, and remote-wipe capabilities where supported.

Our servers are hosted in secure cloud environments, primarily in EU regions. We use firewalls, monitoring, intrusion detection, backups, access controls, pseudonymization where possible, and periodic reviews. If a data breach occurs, we will follow our incident-response plan and notify affected individuals and authorities where GDPR requires it, including regulator notification within 72 hours where applicable.

VovoCare services are intended for adults, especially elders, adult family members, guardians, caregivers, and personnel. We do not knowingly collect personal data from children under 16, or the relevant age of digital consent, without parental or guardian consent. If we discover such data was collected without proper consent, we will delete it promptly.

This Privacy Statement is designed to grow with VovoCare. Future services may include wearable health devices, smart home sensors, wellness products, elder-centric communities, smart elder villages, assisted living homes, advanced AI analytics, and global operations. These services will follow the same principles of transparency, data minimization, consent where required, security, human oversight, and data-subject rights.

If VovoCare expands outside the EU or EEA, we will comply with local privacy laws such as UK GDPR or CCPA where applicable, while maintaining GDPR-grade protections as a baseline. If local law provides stricter requirements, we will follow the stricter rule and may provide country-specific addenda.

We will update this Privacy Statement and notify users of significant changes, seek fresh consent where required, and ensure new technologies or jurisdictions do not reduce the level of privacy protection offered to users.

Controller: VovoCare is currently operated by Luis Portas de Iberico Nogueira, who is the primary data controller for personal data processed in connection with the services unless and until a different legal entity is formally established and notified to users.

For questions, concerns, or data-subject requests, contact privacy@vovocare.org. A postal address and dedicated privacy telephone line are not currently published for privacy requests; please contact us first by email and, where necessary, we will provide a suitable correspondence method.

VovoCare has not yet appointed a dedicated Data Protection Officer under GDPR due to current scale, and this role remains under evaluation. Management and the privacy team oversee compliance in the meantime. Once a DPO is appointed, this policy will be updated with direct contact details.

You may lodge a complaint with the supervisory authority in your country of residence or where the relevant processing took place. Example: Irish Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, www.dataprotection.ie. Users in other EU or EEA countries may contact their local authority, such as the Autoriteit Persoonsgegevens, AEPD, CNPD, or equivalent.

We may update this Privacy and Data Protection Statement from time to time. Significant changes will be notified by email, in-app notice, or other appropriate method, and new consent will be obtained where required. Continuing to use VovoCare after updates constitutes acceptance of the revised Privacy Statement. Last updated: April 29, 2026.