Privacy Policy
Your Privacy is Our Priority
Last Updated: January 27, 2026
Privacy at a Glance
- No sharing for marketing: We never share your mobile number or contact information with third parties for marketing purposes
- Minimal data collection: We only collect what's necessary to provide daily check-ins and emergency support
- Strong security: Encryption in transit and at rest
- Family transparency: Families see only check-in status and activity, not message content
- Your control: Delete your data anytime
- Never sold: We never sell your personal information
- No AI training: Your conversations are not used to train AI models
1. Introduction
Welcome to HeyMaggi, a service provided by The Automatic Office Corp dba HeyMaggi, Inc. ("we," "us," or "our").
HeyMaggi is designed to provide daily check-ins and companionship for elderly adults living independently, while giving their families peace of mind. We are committed to protecting the privacy of both the individuals using our check-in service ("Users") and their family members who manage the account ("Account Holders").
This Privacy Policy explains what information we collect, why we collect it, how we use it, and how we protect it. By using HeyMaggi, you agree to the practices described in this policy.
2. Information We Collect
We collect only the minimum information necessary to provide our daily check-in service, emergency response capabilities, and AI companionship features.
A. User Information (Elderly Adult)
- Contact Information: Phone number for daily check-ins via WhatsApp, SMS, or phone calls
- Response Data: Your responses to daily check-in messages (simple confirmations, SOS alerts)
- Communication Preferences: Preferred check-in times and communication methods
- Conversation Context (Temporary): Short-term conversation history to enable natural dialogue with our AI companion
- Personal Preferences (Long-term Memory): Information you share during conversations that helps personalize your experience (e.g., "enjoys gardening," "grandson's name is Leo"). This data is stored securely in encrypted databases with strict access controls
- Emergency Contact Usage: Records of when emergency escalation procedures were triggered
B. Account Holder Information (Family Members)
- Account Details: Name, email address, phone number
- Emergency Contacts: Names and phone numbers for escalation procedures
- Dashboard Access: Login credentials and access logs
- Notification Preferences: How and when you want to receive alerts
- Payment Information: Processed securely through our payment processor (we do not store complete credit card numbers)
C. Technical Information
- Device Information: Device type, operating system, browser type
- Log Data: IP address, access times, pages viewed
- Service Usage: Check-in completion rates, response times, feature usage
Our Mobile Information Promise
We explicitly state and guarantee: Mobile phone numbers and contact information collected through HeyMaggi will NEVER be shared with third parties or affiliates for marketing or promotional purposes. Your phone number is used solely for providing the HeyMaggi check-in service and emergency communications.
3. Legal Basis for Processing
We process your personal information based on the following legal grounds:
For Users in the United States:
- Consent: You or your Account Holder have agreed to our Terms of Service and this Privacy Policy
- Contract Performance: Processing is necessary to provide the daily check-in service you've subscribed to
- Legitimate Interests: We process data to improve our service, ensure safety, and prevent fraud
For Users in the European Economic Area (EEA), UK, and Switzerland:
- Consent: Where you have given explicit consent for specific processing activities
- Contract Performance: Processing necessary to fulfill our contractual obligations
- Legal Obligation: Where required by law (e.g., emergency situations)
- Legitimate Interests: Where our interests are balanced against your rights and freedoms
- Vital Interests: In emergency situations where processing is necessary to protect your life or health
4. How We Use Information
We use the information we collect for the following purposes:
Core Service Delivery
- Send daily check-in messages via WhatsApp, SMS, or phone calls
- Process your responses and confirm your well-being
- Trigger emergency escalation procedures when check-ins are missed
- Provide AI-powered companionship and conversation
- Send reminders and notifications you've configured
Safety and Emergency Response
- Detect missed check-ins and initiate contact attempts
- Contact emergency contacts according to escalation protocols
- Respond to SOS alerts immediately
Service Improvement
- Analyze usage patterns to improve reliability
- Optimize check-in timing and communication methods
- Enhance AI conversation quality
- Develop new features based on user needs
Communication and Support
- Respond to your questions and support requests
- Send important service updates and security notices
- Provide Account Holders with activity summaries
What We DON'T Do With Your Data
- We do NOT use your conversations to train AI models
- We do NOT share your mobile information for marketing purposes
- We do NOT sell your personal information
- We do NOT allow families to read conversation transcripts
- We do NOT share data with advertisers
5. Third-Party API Integrations
To provide HeyMaggi's services, we integrate with carefully selected third-party service providers. We share only the minimum necessary information with these providers, and they are contractually bound to protect your data.
Communication Providers
-
Twilio: Powers our SMS and voice call capabilities
- Data shared: Phone numbers, message content for delivery
- Purpose: Sending check-in messages and emergency calls
- Privacy: Twilio Privacy Policy
-
Meta (WhatsApp Business API): Enables WhatsApp messaging
- Data shared: Phone numbers, WhatsApp messages
- Purpose: Delivering daily check-ins via WhatsApp
- Privacy: WhatsApp Privacy Policy
Important Compliance Notice: Your mobile phone number and information provided to Twilio and Meta's WhatsApp are used exclusively for HeyMaggi's check-in and emergency communication services. This information is NOT shared with any third parties or affiliates for marketing, promotional, or advertising purposes. Both Twilio and WhatsApp are bound by their respective privacy policies and our data processing agreements.
AI and Technology Providers
-
AI Service Providers: Power our conversational AI companion
- Data shared: Conversation text (not audio recordings)
- Purpose: Generate natural, empathetic responses
- Protection: Your conversations are NOT used to train their models
Infrastructure and Security Providers
- Cloud Hosting: Secure data storage and application hosting
- Database Services: Encrypted data storage with strict access controls
- Security Monitoring: Detect and prevent unauthorized access
6. AI and Automated Processing
HeyMaggi uses artificial intelligence to provide companionship and natural conversation.
How AI is Used
- Conversation Processing: AI processes text to understand context and generate appropriate responses
- Personalization: AI remembers your preferences and interests for more meaningful conversations
- Safety Detection: Automated systems monitor for potential emergency situations in conversation content
- Response Analysis: Pattern detection to identify changes in check-in behavior
No Audio Recording
For voice-based check-ins or conversations:
- Voice is converted to text in real-time for processing
- Audio recordings are NOT stored
- Once converted, audio data is permanently discarded
- Only text transcripts are retained temporarily for conversation context
Your Rights Regarding Automated Processing
- You have the right to understand how automated decisions are made
- You can request human review of any automated decision affecting you
- You can opt out of certain personalization features
7. Data Sharing and Disclosure
We have a strict policy regarding data sharing. Your personal information is only shared in the following limited circumstances:
With Your Account Holder (Family)
Family members with dashboard access can see:
- Check-in completion status ("Responded," "Missed," "SOS Alert")
- General activity indicators ("Active," "Last check-in: 2 hours ago")
- Alert history and emergency contact activation records
- Account settings and preferences
Family members CANNOT see:
- Actual message content or conversation transcripts
- What you talked about with the AI companion
- Personal details you've shared in conversations
With Service Providers
We share minimal necessary data with trusted service providers who help operate HeyMaggi, including:
- Communication providers (Twilio, WhatsApp) - for message delivery only
- Cloud infrastructure providers - for secure hosting and storage
- AI providers - for conversation processing (not for training their models)
- Payment processors - for billing (we don't store full payment card details)
All service providers are contractually required to:
- Use data only for providing services to HeyMaggi
- Maintain appropriate security measures
- Not use your data for their own purposes
- Delete data when no longer needed
For Legal Compliance and Safety
We may disclose information when required by law or to protect safety:
- To comply with legal obligations, court orders, or government requests
- In genuine emergency situations to protect life or prevent serious harm
- To enforce our Terms of Service or protect our legal rights
- To investigate fraud, security issues, or abuse of the service
Business Transfers
If HeyMaggi is involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change and your rights regarding your personal information.
What We NEVER Do
- We NEVER sell your personal information to anyone
- We NEVER share your mobile number with marketing companies
- We NEVER rent or lease your contact information
- We NEVER provide your data to data brokers
- We NEVER share conversation content with advertisers
8. Data Security
We implement industry-standard security measures to protect your personal information:
Technical Security Measures
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Strict authentication and authorization systems
- Secure Infrastructure: Our systems are hosted on secure, SOC 2 and HIPAA-compliant infrastructure
- Regular Security Audits: Ongoing security assessments and penetration testing
- Monitoring: 24/7 security monitoring and intrusion detection
Organizational Security Measures
- Limited Access: Only authorized personnel can access personal data, on a need-to-know basis
- Employee Training: Regular security and privacy training for all staff
- Background Checks: All employees undergo background verification
- Confidentiality Agreements: All staff sign confidentiality commitments
Your Role in Security
You can help keep your account secure by:
- Using strong, unique passwords for your account
- Not sharing login credentials with unauthorized persons
- Reporting any suspicious activity immediately to contact@heymaggi.com
- Keeping your contact information up to date
No System is 100% Secure: While we invest heavily in security and follow best practices, no internet-based system can guarantee absolute security. We continuously work to enhance our security measures and respond quickly to any potential vulnerabilities.
Security Certifications and Compliance
Our infrastructure partners maintain industry-leading security certifications:
SOC 2 Type II Compliant
HIPAA Compliant Infrastructure
ISO 27001 Certified Partners
9. Data Retention
We retain your personal information only as long as necessary to provide our services and fulfill the purposes described in this policy.
Active Account Data
- Check-in History: Retained for 90 days for service reliability and pattern analysis
- Conversation Context: Short-term memory retained for up to 7 days to maintain conversation continuity
- Long-term Personal Preferences: Retained while your account is active to personalize your experience
- Emergency Contact Records: Retained for 12 months for safety compliance and review
- Account Information: Retained while your account is active
After Account Deletion
- Most personal data is deleted within 5 business days of your deletion request
-
Some data may be retained longer for legal, security, or business continuity reasons:
- Transaction records: Up to 7 years for tax and accounting purposes
- Legal compliance records: As required by applicable law
- Security logs: Up to 90 days for fraud prevention
- Anonymized or aggregated data may be retained indefinitely for research and improvement purposes
Inactive Accounts
- If an account remains inactive for 24 months without payment or activity, we may contact you about account deletion
- After notification, if no response is received within 60 days, the account and associated data may be deleted
10. Your Privacy Rights
You have important rights regarding your personal information. The specific rights available to you may depend on your location.
Rights for All Users
- Access: Request a copy of your personal information we hold
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal information ("right to be forgotten")
- Data Portability: Receive your data in a structured, machine-readable format
- Opt-Out: Unsubscribe from non-essential communications
Additional Rights for EEA, UK, and Swiss Users (GDPR)
- Restriction of Processing: Request that we limit how we use your data
- Object to Processing: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for processing at any time (where processing is based on consent)
- Automated Decision-Making: Not be subject to decisions based solely on automated processing
- Lodge a Complaint: File a complaint with your local data protection authority
Additional Rights for California Users (CCPA/CPRA)
- Know: Request details about what personal information we collect, use, and share
- Delete: Request deletion of personal information
- Opt-Out of Sale/Sharing: We don't sell or share personal information, but you can opt-out if our practices change
- Non-Discrimination: You won't receive discriminatory treatment for exercising your rights
- Sensitive Data Limitations: Limit use of sensitive personal information
How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: contact@heymaggi.com
- Subject line: "Privacy Rights Request"
- Include: Your name, account email, and specific request
Response Time: We will respond to verified requests within:
- 5 business days for deletion requests
- 30 days for most other requests (may extend to 60 days for complex requests)
Verification: To protect your privacy, we may need to verify your identity before fulfilling requests. We may ask for additional information to confirm your identity.
Designated Representative for European Users
For users in the European Economic Area, United Kingdom, and Switzerland, you may contact our designated representative:
Mike Santos
Email: contact@heymaggi.com
The Automatic Office Corp dba HeyMaggi, Inc.
8400 NW 33rd Street, Suite 310 PMB 2477
Doral, FL 33122, United States
11. Cookies and Tracking
HeyMaggi uses cookies and similar technologies to operate our website and family dashboard.
What Are Cookies?
Cookies are small text files stored on your device that help websites function properly and provide information to website owners.
Types of Cookies We Use
-
Essential Cookies: Necessary for the website to function (login, security, preferences)
- Cannot be disabled
- Example: Authentication tokens, session management
-
Functional Cookies: Remember your preferences and choices
- Example: Language preferences, notification settings
- Can be disabled in your browser settings
-
Analytics Cookies: Help us understand how visitors use our website
- Example: Page views, navigation patterns (anonymized)
- Used only for service improvement
- Can be disabled in your browser settings
What We Don't Use
- No Advertising Cookies: We do not use cookies for targeted advertising
- No Third-Party Marketing Trackers: We do not allow third-party marketing companies to track you
- No Social Media Tracking: We do not embed social media trackers
Managing Cookies
You can control cookies through your browser settings:
- Most browsers allow you to refuse cookies or delete specific cookies
- Disabling essential cookies may affect website functionality
- Browser settings: aboutcookies.org provides instructions for popular browsers
Do Not Track
Some browsers have "Do Not Track" (DNT) features. While we respect privacy preferences, there is no universal standard for DNT. We minimize tracking regardless of DNT settings.
12. International Data Transfer
HeyMaggi is based in the United States. If you access our service from outside the United States, your information will be transferred to, stored, and processed in the United States.
Legal Basis for International Transfers
We transfer data internationally based on:
- Consent: By using HeyMaggi, you consent to the transfer of your information to the United States
- Contractual Necessity: Transfers are necessary to provide the service you've requested
- Standard Contractual Clauses: For EEA, UK, and Swiss users, we use Standard Contractual Clauses approved by the European Commission
Data Protection Standards
While data protection laws may differ by country:
- We apply the same high standards of data protection to all users globally
- We implement technical and organizational measures to protect data regardless of location
- We comply with applicable data protection regulations in each jurisdiction
For EEA, UK, and Swiss Users
If you are in the European Economic Area, United Kingdom, or Switzerland:
- We ensure appropriate safeguards are in place for data transfers as required by GDPR
- You have the right to obtain information about the safeguards we use
- You can contact our designated representative (see Section 10)
- You can file a complaint with your local supervisory authority
13. Children's Privacy
HeyMaggi is designed for elderly adults and their families. Our service is not intended for, nor do we knowingly collect information from, children under the age of 18.
Age Restrictions
- Users must be 18 years or older to create an account
- Account Holders (family members) must be 18 years or older
- The elderly adults using the check-in service are typically over 65
If We Learn of Children's Data
If we become aware that we have inadvertently collected personal information from a child under 18:
- We will take immediate steps to delete such information
- We will terminate the associated account
- We will notify the person who created the account
For Parents and Guardians
If you believe we may have collected information from a child under 18, please contact us immediately at contact@heymaggi.com with the subject line "Child Privacy Concern."
14. Data Breach Notification
While we work diligently to protect your information, no security system is impenetrable. In the unlikely event of a data breach that affects your personal information, we are committed to transparency and prompt action.
Our Data Breach Response Process
- Detection and Assessment: We continuously monitor for security incidents and assess their impact
- Containment: Immediate action to prevent further unauthorized access
- Investigation: Thorough investigation to understand the scope and nature of the breach
- Notification: Prompt notification to affected individuals and relevant authorities
- Remediation: Implementation of measures to prevent similar incidents
When We Will Notify You
We will notify you if a breach:
- Affects your personal information
- Poses a risk to your rights, privacy, or security
- Is required by applicable law
How We Will Notify You
- Email to the address on your account
- Notification within the HeyMaggi dashboard
- For significant breaches, notice on our website
Timeline for Notification
- To Individuals: Within 72 hours of discovering a breach affecting your personal information, unless doing so would impede law enforcement investigation
- To Authorities: As required by applicable law (e.g., within 72 hours under GDPR)
What We'll Tell You
Our breach notification will include:
- Nature of the data breach and types of information affected
- Likely consequences of the breach
- Measures we've taken to address the breach
- Recommended actions you should take to protect yourself
- Contact information for questions and support
Your Rights After a Breach
Following a data breach affecting your information, you have the right to:
- Receive clear information about the incident
- Request deletion of your account and data
- File a complaint with data protection authorities
- Seek legal recourse if applicable
Report Security Concerns: If you suspect a security issue or unauthorized access to your account, please contact us immediately at
contact@heymaggi.com with the subject line "Security Incident."
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.
How We Notify You of Changes
- Material Changes: We will notify you via email at least 30 days before material changes take effect
- Minor Changes: We will update the "Last Updated" date at the top of this policy
- Dashboard Notice: Significant changes will be highlighted in your account dashboard
Your Rights Regarding Changes
- Continued use of HeyMaggi after changes indicates acceptance of the updated policy
- If you disagree with changes, you can delete your account before they take effect
- For material changes requiring consent, we will obtain your explicit agreement
Version History
Previous versions of this Privacy Policy are available upon request at contact@heymaggi.com.
HeyMaggi - Because every day matters.
© 2026 The Automatic Office Corp dba HeyMaggi, Inc. All rights reserved.