Josephine

Data Privacy & Security Policy

Updated June 23, 2025

1. Introduction

At Josephine Care (“we,” “our,” or “us”), we are committed to respecting and protecting the privacy rights of individuals and complying with applicable data protection legislation.

This Privacy Policy describes our practices regarding the collection, use, disclosure, retention, storage, transfer, and protection of personal information obtained through our proprietary in-home sensor system, including any associated applications, platforms, or services.

You must consent to the following terms prior to using our services.

2. Definitions

Personal Information: Any information which relates to a natural person and allows that person to be identified, directly or indirectly. This does not include information concerning legal persons (e.g., companies or organizations).

Data Processing: Any operation performed on personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

3. Information We Collect

We collect the following categories of personal information solely for specified, explicit, and legitimate purposes:

3.1 User-Provided Personal Information

  • Full name and contact details.
  • Account login credentials.
  • Demographic data, including age, gender, and disability status (where applicable and with explicit consent).
  • Emergency contact and caregiver information.

3.2 Sensor-Derived Data

  • Real-time motion and humidity data.
  • Environmental readings from Josephine in-home devices.
  • Activity patterns analyzed by AI systems to infer risks (e.g., falls, inactivity).

3.3 Technical and Usage Data

  • Device identifiers, IP address, browser type, and system logs.
  • Web and application usage metrics (via cookies and similar memory tracking technologies).

4. Use of Data

We process personal information strictly for the following purposes, as permitted by law:

  • Service Delivery: To monitor environmental conditions and behavioural changes via sensors and issue safety alerts (e.g., “Risk of fall” or “Fall detected”).
  • Automated Decision-Making: To identify patterns and notify caregivers using algorithms. Where processing is fully automated and has legal or similarly significant effects, you will be informed.
  • User Support: To respond to inquiries, provide technical assistance, and ensure customer satisfaction.
  • Compliance: To meet legal obligations, including incident reporting and data retention requirements.
  • Security & Integrity: To ensure the integrity, confidentiality, and availability of our systems and data.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may disclose it under the following circumstances:

5.1 Service Providers and Subprocessors

We may disclose personal data to trusted third parties who are essential to the proper functioning of our services. These include:

  • Cloud storage providers.
  • Notification delivery systems.

All subprocessors are bound by data processing agreements that:

  • Define the scope and purpose of processing.
  • Prohibit unauthorized secondary use.
  • Impose appropriate security safeguards.

5.2 Legal Obligations

We may disclose information if required to comply with provincial or federal law.

5.3 Authorized Caregivers

With your consent, personal health or behavioral alerts may be shared with registered caregivers or health professionals for the purposes of medical intervention or assistance.

6. Data Security

6.1 Privacy by Design

We implement technical, administrative, and organizational safeguards to preserve the confidentiality, integrity, and availability of personal data, including:

  • Complete compliance with the privacy requirements outlined in Law 25.
  • Encryption of personal data.
  • Only authorized individuals can access information: two-factor authentication will be implemented and the system will be monitored for suspicious activity.
  • Regular security assessments, testing, and updates.
  • Staff training on privacy governance policies.

6.2 Cross-Border Data Transfers

Personal data will be stored and processed in Quebec unless otherwise indicated. Where international transfers are necessary, they will be conducted only where:

  • The destination jurisdiction provides protections equivalent to those under Quebec law.
  • A legally binding contract is in place to ensure continued protection.
  • Data Privacy Impact Assessments are conducted prior to cross-border data transfers to identify, evaluate, and manage potential privacy risks.

6.3 Breach of Privacy

In the event of a privacy breach - when the unauthorized access of personal information poses a risk of causing significant harm - we will:

  • Notify affected individuals without undue delay.
  • Inform the Commission d’accès à l’information du Québec (CAI).
  • Maintain a detailed record of security incidents.

7. Data Retention and Destruction

We retain personal data only for the period necessary to fulfill the purposes for which it was collected, or as required by law.

Upon expiration of the retention period:

  • Data is securely destroyed using industry-standard methods.
  • Alternatively, it may be anonymized and used for research and development purposes to ensure the continuous improvement of our services.

You may request at any time:

  • Erasure of your personal information from our database.
  • To review and update or correct your personal information.
  • A record of all data retained about you.

8. Consent Management

Consent must be free, informed, specific, and given for each purpose. Josephine Care:

  • Collects consent through clear, accessible interfaces.
  • Maintains a record of consent and permits withdrawal at any time.

Specific rules apply for individuals under the age of 14: we do not knowingly collect data from minors without verifiable parental or guardian consent.

9. Updates to This Policy

We reserve the right to modify this Privacy Policy at our discretion. Updates will be published on our website, with the revision date clearly indicated. Where material changes are made, we will notify you via email or in-application alerts, where applicable.

10. Contact

For questions or concerns regarding this Privacy Policy, please contact our Data Protection Officer at: privacy@josephine.care.

About usFeaturesUser ExamplePricingResources
© 2025 Josephine. All rights reserved
Our Ethical CommitmentsWandering RiskBlogTerms Of UsePrivacy Policy