Privacy Policy

VillageMetrics Privacy Policy

Last Updated: August 20, 2025

VillageMetrics is a HIPAA-compliant platform designed to help families and caregivers track behavioral observations, medication schedules, journal entries, and therapeutic data to support children with neurodevelopmental and behavioral conditions. We take privacy and data protection seriously, especially when it comes to sensitive health information.

This Privacy Policy outlines the types of data we collect, how it is used, who can access it, and how we protect it.

1. Information We Collect

We collect the following types of information when you use the VillageMetrics app:

User Information

- Name and email address of parents and caregivers

- Role in the child's caregiving team (e.g., parent, therapist, teacher)

- Confirmation of parental/guardian status when creating child profiles

Child Information

- Child's name and date of birth

- Primary condition and any secondary conditions

- Behavior ratings submitted by parents and caregivers

- Journal entries (typed, uploaded, or transcribed via voice)

- Medication and supplement information (e.g., names, dosages, timing)

- AI-generated summaries, behavior scores, and insights derived from submitted data

Push Notification Token

- A device token is collected solely for the purpose of delivering push notifications using Firebase Cloud Messaging (FCM).

- We do not collect general device identifiers, IP addresses, advertising IDs, or analytics data.

2. HIPAA & Data Security

VillageMetrics is built on HIPAA-compliant infrastructure with signed Business Associate Agreements (BAAs) in place with all our service providers that handle protected health information.

- All data is encrypted both in transit and at rest.

- Access to sensitive information is strictly controlled and limited to authorized users.

- Infrastructure hosting is provided by Amazon Web Services (AWS) with a signed BAA.

- Push notifications use Firebase Cloud Messaging through Google Cloud Platform (GCP) with a signed BAA.

- We do not use Firebase Analytics or any other non-HIPAA-compliant Firebase services.

- Voice transcription is performed using Deepgram with a signed BAA.

- AI processing is performed using AWS Bedrock within HIPAA-compliant infrastructure.

- We may temporarily cache encrypted data for performance optimization.

3. Parent Control & Permissions

Only parents or legal guardians can create child profiles in VillageMetrics, and must confirm their parental/guardian status during profile creation. Parents are the primary data owners and controllers for each child profile.

The same individual may have different roles for different children (e.g., parent to their own child, caregiver to another family's child). Parents determine:

- Who is invited into the child's caregiving "village"

- What permission level each caregiver has:

- Contribute-only access (can add journal entries but cannot read)

- Read journal entries

- View behavior data and analyses

- Access medical information (medications, treatment correlations)

Parents can modify or revoke caregiver permissions at any time. They can also:

- Export analysis reports as PDF documents

- Export raw journal entry data in CSV format

- Delete their child's data at any time

Professional caregivers (therapists, teachers, etc.) remain responsible for maintaining their own licensing requirements, professional standards, and ethical obligations when using VillageMetrics.

4. Notification Preferences & Optional Data Use

Push Notification Options:

We collect push notification tokens to deliver notifications about your child's data. Parents can choose between generic notifications (default, no PHI) or enriched notifications that may include the child's name and other protected health information. For families with multiple parents, both parents must opt-in to enriched notifications. Caregivers receive notifications based on the parents' preferences.

Quality Assurance Consent (Optional):

During account setup, you may optionally consent to allow VillageMetrics staff to review your journal entries and "Ask Anything" conversations for quality assurance purposes to verify the app is functioning as intended. This consent is off by default and only a small percentage of users participate. This access is used solely for internal quality assurance and is not shared with third parties.

5. Data Sharing & Community Insights

We do not share family data or PHI with third parties for marketing, advertising, or unrelated analytics.

Parents may optionally opt in to share anonymized data to contribute to aggregated Community Insights, which may help others discover trends across similar profiles. No names, journal entries, or direct identifiers are ever included in these insights.

6. AI Analysis & Data Export

VillageMetrics uses AI to analyze submitted data and generate:

- Behavior trends and patterns

- BCBA-style behavioral analyses (AI-generated, not from licensed BCBAs)

- Hashtag categorization and summaries

- Automated empathy responses to journal entries

- Responses via the "Ask Anything" tool, which uses AI to analyze your data and answer questions

- Periodic analysis reports

These AI features are for informational purposes only and should not be relied on as medical or clinical advice. AI-generated analyses, insights, and "Ask Anything" responses are computer-generated inferences, not professional evaluations from licensed practitioners. Always consult your healthcare provider for medical decisions.

The App tracks correlations between medications, therapies, activities, caregivers, and behavior scores to provide you with data to share with your healthcare providers. These correlations are not recommendations to start, stop, increase, decrease, or change any medications or therapies. All medication and therapy decisions should be made in consultation with qualified healthcare professionals.

Journal entries and AI-generated empathy responses are processed automatically without human review or monitoring. We do not monitor content for safety concerns and do not report concerning content to authorities or third parties. If you have immediate safety concerns, contact appropriate emergency services or healthcare providers directly.

Parents or caregivers with appropriate permissions may export this data as a PDF. Once exported, these files are outside of the VillageMetrics system and are under the exporter's control. These PDFs may contain protected health information (PHI), and the exporting parent or caregiver is responsible for how they are shared (e.g., via email, messaging, etc.).

7. Account Ownership & Data Deletion

VillageMetrics operates on a per-family subscription model. Each subscription covers one family with unlimited children and caregivers. Subscriptions are owned and paid for by parents/guardians only. Caregivers receive free access when invited by parents. Professional caregivers (therapists, teachers, etc.) are invited by each family they work with.

Parents and caregivers can delete their account from within the app. Deletion works as follows:

- If a parent or guardian deletes their account and they are the sole owner of a child profile, all associated data will be permanently deleted.

- If a caregiver deletes their account, their personal data and journal entries will be removed, but data they contributed (e.g., behavior ratings) may remain visible to parents they worked with, without attribution.

- Once deleted, data cannot be recovered.

8. Children's Privacy & Age Requirements

VillageMetrics is not intended for use by children under 13. Account creators must be at least 18 years old. Parents may authorize family members under 18 to contribute data under parental supervision.

All accounts are created and managed by adults. Any data about children is entered and controlled solely by their parents or authorized caregivers.

We comply with the Children's Online Privacy Protection Act (COPPA) by design.

9. Data Retention & Service Availability

We retain family and child data for as long as the account is active, unless a deletion request is received. Data is stored securely and used solely to support the purpose of the app.

We strive to maintain high service availability but cannot guarantee 100% uptime due to maintenance, updates, or unforeseen circumstances.

10. Changes to This Policy

This policy may be updated as VillageMetrics evolves. We will notify parents and caregivers of any material changes through the app or by email.

11. Contact Us

If you have questions about this policy or your data, please contact:

hello@villagemetrics.com

This Privacy Policy is governed by New Jersey law, regardless of your location.