Privacy Policy

VillageMetrics Privacy Policy

Last Updated: October 1, 2025

VillageMetrics is a HIPAA-compliant platform designed to help families and caregivers track behavioral observations, medication schedules, journal entries, and therapeutic data to support children with neurodevelopmental and behavioral conditions. We take privacy and data protection seriously, especially when it comes to sensitive health information.

This Privacy Policy outlines the types of data we collect, how it is used, who can access it, and how we protect it. We comply with HIPAA (United States), GDPR (European Union), and PIPEDA (Canada) to ensure comprehensive data protection for all our users.

1. Information We Collect

We collect the following types of information when you use the VillageMetrics app:

User Information

- Name and email address of parents and caregivers

- Role in the child's caregiving team (e.g., parent, therapist, teacher)

- Confirmation of parental/guardian status when creating child profiles

Child Information

- Child's full name, preferred name, and nicknames

- Date of birth (optional)

- Child's photo (optional)

- Conditions that may apply to the child (optional, multiple selections allowed)

- Behavior ratings submitted by parents and caregivers

- Journal entries (transcribed via voice)

- Medication and supplement information (e.g., names, dosages, timing)

- AI-generated summaries, behavior scores, and insights derived from submitted data

Push Notification Token

- A device token is collected solely for the purpose of delivering push notifications using Firebase Cloud Messaging (FCM).

- We do not collect advertising IDs or use third-party analytics services for push notification delivery.

Application Logging and Analytics Data

- We collect anonymous application logs and usage analytics to maintain service quality, diagnose technical issues, and improve the user experience.

- This includes app events (e.g., screens viewed, actions taken), device information (platform, app version, network type), and session information.

- We use only anonymous identifiers (GUIDs) that cannot be linked to personal information.

- No protected health information (PHI) or personally identifiable information (PII) is included in these logs or analytics.

- This data is encrypted both in transit and at rest using HIPAA-compliant infrastructure and is retained for a limited time period.

2. Legal Basis for Processing (GDPR & PIPEDA)

We process your personal data based on the following legal grounds:

For EU Users (GDPR):

- Consent: For processing sensitive health data and optional features (e.g., quality assurance reviews, community insights)

- Contractual Necessity: To provide the VillageMetrics service you've subscribed to

- Legitimate Interests: For service improvements, security, and fraud prevention

For Canadian Users (PIPEDA):

- We identify purposes for data collection upfront and obtain your consent

- Processing is limited to purposes that a reasonable person would consider appropriate in the circumstances

3. HIPAA & Data Security

VillageMetrics is built on HIPAA-compliant infrastructure with signed Business Associate Agreements (BAAs) in place with all our service providers that handle protected health information.

- All data is encrypted both in transit and at rest.

- Access to sensitive information is strictly controlled and limited to authorized users.

- Infrastructure hosting is provided by Amazon Web Services (AWS) with a signed BAA.

- Push notifications use Firebase Cloud Messaging through Google Cloud Platform (GCP) with a signed BAA.

- We do not use Firebase Analytics or any other non-HIPAA-compliant Firebase services.

- Voice transcription is performed using Deepgram with a signed BAA.

- AI processing is performed using AWS Bedrock within HIPAA-compliant infrastructure.

- We may temporarily cache encrypted data for performance optimization.

4. International Data Transfers

Data Processing Locations:

Your data may be processed in the United States where our primary servers are located. We ensure appropriate safeguards are in place for international transfers:

For EU Users:

- We use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EU

- All third-party processors are required to implement appropriate technical and organizational measures

- We ensure an adequate level of protection for your personal data regardless of where it is processed

For Canadian Users:

- We ensure comparable protection to PIPEDA requirements for any data processed outside Canada

- All third-party processors must comply with PIPEDA standards

5. Parent Control & Permissions

Only parents or legal guardians can create child profiles in VillageMetrics, and must confirm their parental/guardian status during profile creation. Parents are the primary data owners and controllers for each child profile.

The same individual may have different roles for different children (e.g., parent to their own child, caregiver to another family's child). Parents determine:

- Who is invited into the child's caregiving "village"

- What permission level each caregiver has:

- Contribute-only access (can add journal entries but cannot read)

- Read journal entries

- View behavior data and analyses

- Access medical information (medications, treatment correlations)

Parents can modify or revoke caregiver permissions at any time. They can also:

- Export analysis reports as PDF documents (via device share functionality)

- Export raw journal entry data in CSV format (via device share functionality)

- Request secure data export by contacting us at hello@villagemetrics.com

- Delete their child's data at any time

Professional caregivers (therapists, teachers, etc.) remain responsible for maintaining their own licensing requirements, professional standards, and ethical obligations when using VillageMetrics.

6. Your Privacy Rights

All Users Have the Right to:

- Access your personal data

- Correct inaccurate data

- Delete your data ("right to be forgotten")

- Export your data in a portable format (available via in-app export or by contacting us for secure delivery)

- Withdraw consent for optional processing

Additional Rights for EU Users (GDPR):

- Right to data portability in machine-readable format

- Right to lodge a complaint with your local data protection authority

- Note: Processing of your data only occurs when you actively submit new information. You can effectively pause all processing by not submitting new data, or permanently stop it by deleting your account

Additional Rights for Canadian Users (PIPEDA):

- Right to challenge our compliance with PIPEDA

- Right to access personal information in a format that is generally understandable

- Right to know how we use and disclose your information

To exercise any of these rights, contact us at: hello@villagemetrics.com

We will respond to your request within 30 days (or as required by applicable law).

7. Notification Preferences & Optional Data Use

Push Notification Options:

We collect push notification tokens to deliver notifications about your child's data. Parents can choose between generic notifications (default, no PHI) or enriched notifications that may include the child's name and other protected health information. For families with multiple parents, both parents must opt-in to enriched notifications. Caregivers receive notifications based on the parents' preferences.

Quality Assurance Consent (Optional):

During account setup, you may optionally consent to allow VillageMetrics staff to review your journal entries and "Ask Anything" conversations for quality assurance purposes to verify the app is functioning as intended. This consent is off by default and only a small percentage of users participate. This access is used solely for internal quality assurance and is not shared with third parties.

8. Data Sharing & Community Insights

We do not share family data or PHI with third parties for marketing, advertising, or unrelated analytics.

Parents may optionally opt in to share anonymized data to contribute to aggregated Community Insights, which may help others discover trends across similar profiles. No names, journal entries, or direct identifiers are ever included in these insights.

9. AI Analysis & Data Export

VillageMetrics uses AI to analyze submitted data and generate:

- Behavior trends and patterns

- BCBA-style behavioral analyses (AI-generated, not from licensed BCBAs)

- Hashtag categorization and summaries

- Automated empathy responses to journal entries

- Responses via the "Ask Anything" tool, which uses AI to analyze your data and answer questions

- Periodic analysis reports

- Semantic search capabilities using vector embeddings of your journal entries for intelligent content discovery

These AI features are for informational purposes only and should not be relied on as medical or clinical advice. AI-generated analyses, insights, and "Ask Anything" responses are computer-generated inferences, not professional evaluations from licensed practitioners. Always consult your healthcare provider for medical decisions.

The App tracks correlations between medications, therapies, activities, caregivers, and behavior scores to provide you with data to share with your healthcare providers. These correlations are not recommendations to start, stop, increase, decrease, or change any medications or therapies. All medication and therapy decisions should be made in consultation with qualified healthcare professionals.

Journal entries and AI-generated empathy responses are processed automatically without human review or monitoring. We do not monitor content for safety concerns and do not report concerning content to authorities or third parties. If you have immediate safety concerns, contact appropriate emergency services or healthcare providers directly.

Parents or caregivers with appropriate permissions may export this data as PDF or CSV files through the app's export feature, which uses your device's native sharing functionality. Once exported through your device's share sheet, these files are outside of the VillageMetrics system and under your control. These files may contain protected health information (PHI), and you are responsible for how they are shared. Note that your device's share options may include non-HIPAA-compliant services. For a secure, HIPAA-compliant data export, you may contact us at hello@villagemetrics.com.

### External AI Assistant Access (MCP Tokens)

You may optionally generate secure tokens that allow external AI assistants (such as Claude Desktop) to access your VillageMetrics data through the Model Context Protocol (MCP). **This feature requires explicit consent because external AI tools may not be HIPAA-compliant.**

Before generating a token, you must consent to these conditions:

- **Non-HIPAA Environment**: AI tools may not be HIPAA-compliant and data will be processed outside VillageMetrics' secure environment

- **External Storage Risk**: AI assistants may store conversation history including your data responses in their systems

- **Ongoing Access**: Tokens provide ongoing access to all your children's data until expired or revoked

- **Parent/Guardian Access Only**: Tokens only access children for whom you are the parent or guardian, not children where you serve as a caregiver (those parents control access to their children's data)

- **User Responsibility**: You are responsible for keeping tokens secure and controlling any sharing with caregivers or others

- **Read-Only Access**: MCP tokens can only read your data, not modify or delete anything - changes must be made through the VillageMetrics app

- **User-Controlled**: You generate, configure, and can revoke tokens at any time through the app

- **Configurable Expiration**: You choose token lifespan (90 days to 2 years) when generating

- **Basic Access Tracking**: Token usage updates "last used" timestamps and basic access logs

**Important**: Once your data is accessed by external AI tools, VillageMetrics cannot control how that data is stored, processed, or secured by those systems. You accept this risk when generating MCP tokens.

10. Account Ownership & Data Deletion

VillageMetrics operates on a per-family subscription model. Each subscription covers one family with unlimited children and caregivers. Subscriptions are owned and paid for by parents/guardians only. Caregivers receive free access when invited by parents. Professional caregivers (therapists, teachers, etc.) are invited by each family they work with.

Parents and caregivers can delete their account from within the app. Deletion works as follows:

- If a parent or guardian deletes their account and they are the sole owner of a child profile, all associated data will be permanently deleted.

- If a caregiver deletes their account, their personal data and journal entries will be removed, but data they contributed (e.g., behavior ratings) may remain visible to parents they worked with, without attribution.

- Once deleted, data cannot be recovered.

11. Data Retention

We retain family and child data indefinitely unless a deletion request is received. This includes data from active accounts and inactive accounts (e.g., expired subscriptions). We retain inactive account data so users can return and access their historical information at any time. When an account is deleted:

- Personal data is permanently deleted within 30 days

- Backup copies may persist for up to 90 days in secure backup systems

- Anonymized aggregate data used for Community Insights (if opted-in) may be retained

We strive to maintain high service availability but cannot guarantee 100% uptime due to maintenance, updates, or unforeseen circumstances.

12. Children's Privacy & Age Requirements

VillageMetrics is not intended for use by children under 13. Account creators must be at least 18 years old. Parents may authorize family members under 18 to contribute data under parental supervision.

All accounts are created and managed by adults. Any data about children is entered and controlled solely by their parents or authorized caregivers.

We comply with the Children's Online Privacy Protection Act (COPPA) by design.

13. Regional Compliance Information

For EU Users:

We comply with the General Data Protection Regulation (GDPR). While we do not currently have an EU representative under Article 27, we are committed to GDPR compliance and will appoint one if required based on our processing activities.

For Canadian Users:

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

For U.S. Users:

We comply with HIPAA for protected health information and COPPA for children's privacy.

14. Changes to This Policy

This policy may be updated as VillageMetrics evolves. We will notify parents and caregivers of any material changes through the app or by email. Material changes will not apply retroactively without your consent.

15. Contact Us

If you have questions about this policy or your data, please contact:

All inquiries: hello@villagemetrics.com

Data Protection Officer: hello@villagemetrics.com

Wellbeing Applications LLC

New Jersey, United States

This Privacy Policy is governed by New Jersey law, regardless of your location, except where local privacy laws apply (such as GDPR for EU residents or PIPEDA for Canadian residents).