Privacy

Your kid's care log doesn't belong to a marketing pipeline.

Last updated: May 16, 2026 · Plain English. No legalese where we can avoid it.

CareHaven is a private, on-device app for caregivers. The summary below is the whole story; the rest of this page is the receipts.

📱

On-device by defaultCare log lives in your iPhone's local storage. No account, no sign-in, no central server we run.

🚫

Zero telemetry, zero adsThe app sends no analytics, no crash reports to third parties, no advertising IDs. Nothing.

🔐

Encrypted backupsOptional auto-backup writes an AES-256-GCM encrypted file to your Files app. Only your password decrypts it.

☁️

iCloud is opt-inIf you turn it on, sync goes through Apple's encrypted CloudKit Private Database. Apple cannot read the contents.

What we do not collect

The app does not collect:

Your name, email, address, phone number, or any other identifier.
Your child's name, diagnosis, photo, or any health information.
Location data of any kind, ever.
Device identifiers (IDFA, IDFV) — not used for any tracking.
Browsing or app-usage analytics — no Crashlytics, no Firebase, no Mixpanel, no Sentry, no equivalents.
Advertising data — there are no ads, no ad SDKs.

What stays on your iPhone

Everything you log — feedings, behaviors, sleep, vitals, doctor visits, milestones, goals, contacts, custom routines, photos attached to entries — is written to your iPhone's local SwiftData store using Apple's encrypted device storage. We have no way to retrieve it from our end.

If you delete the app, the data goes with it (unless you've made a backup or enabled iCloud sync).

Optional encrypted backups

You can opt in to auto-backup in Settings → Privacy & Data. When enabled, the app writes a .chbak file to your Files app on a schedule you choose. The file is AES-256-GCM encrypted with a password only you know — without that password, the file is unreadable, including by us.

You control where the file goes (iCloud Drive, Dropbox, your own NAS, anywhere). We never see it.

Optional iCloud sync (CloudKit)

If you enable iCloud sync (Settings → Sync), the app routes the SwiftData store through Apple's CloudKit Private Database. This is Apple's end-to-end encrypted storage scoped to your Apple ID. The contents are unreadable to Apple, to us, and to anyone who isn't signed into your Apple ID with your authentication.

Sync is off by default. Turning it off after using it leaves a copy in iCloud which you can delete from Settings → Apple ID → iCloud → Manage Account Storage on your device.

HealthKit (optional)

The app integrates with Apple Health for sleep, vitals, cycle, and body measurements. Reads happen only with your explicit permission via Apple's standard authorization flow. Writes happen when you log a vital, sleep entry, or cycle day in the app.

HealthKit data flows directly between Apple Health and the app's local store on your iPhone. It does not pass through any server we run, and no third-party SDK in the app reads HealthKit values.

AI features (optional)

The app includes optional AI features for medication info, pattern commentary on your own log, and visit-summary parsing. The data flow when you use these:

You explicitly tap the "Read with AI," "Ask," or equivalent button.
The app builds a prompt locally and runs it through a PII-stripping pipeline that removes names, identifiers, dates of birth, and location markers.
The PII-stripped prompt is sent to a third-party AI provider's API over HTTPS.
The response is shown to you and discarded from app state.

The provider receives only the stripped query, not your identity. We don't operate any server-side caching or logging of these queries. The AI tier is enrichment — the deterministic chart underneath is always the source of truth, and AI never makes decisions for you.

The third-party providers CareHaven sends these stripped queries to are:

xAI (Grok) — primary provider. xAI privacy policy.
OpenAI — fallback provider, used only if the primary is unreachable. OpenAI privacy policy.

Each provider's privacy policy governs how they handle the request on their side. Because we strip identifiers before any call, the data they receive isn't associated with you or your care recipient by CareHaven. We don't share customer data with either provider for training; we use them as inference endpoints only.

You can disable AI features entirely in Settings → Privacy & Data. With AI disabled, no data leaves the device through these features.

What this website does

This marketing site uses Plausible Analytics for cookieless, anonymous page-view counts. Plausible doesn't set cookies, doesn't use IPs, doesn't collect personal data, and has no fingerprinting. It tells us aggregate "this page got X views this week" — nothing else. Plausible's data policy.

The signup form sends your email to Mailchimp via single opt-in so we can email you when CareHaven is ready for early-access testing. You can unsubscribe with one click. We use Mailchimp's standard opt-in confirmation and never share or resell the list.

Children's privacy

CareHaven is designed for caregivers — adults logging care on behalf of a person they're responsible for. The app does not target users under 13 directly. The data about a person (your child, your aging parent, your sibling) is yours as their caregiver; we have no access to it.

If you're a minor caregiver yourself (e.g., a teen sibling), the app still works the same way. We don't collect anything from you either.

Your rights

Because we don't have your data, most data-rights requests don't apply — there's nothing on our end for you to access, correct, or delete. The only thing we do hold is your email address if you signed up for the launch list. To remove that:

Use the unsubscribe link at the bottom of any email we send you.
Or email us (see contact below) and we'll delete your record.

If you delete the app from your iPhone, the local store goes with it. If you have iCloud sync enabled, follow Apple's instructions to delete app data from iCloud (Settings → Apple ID → iCloud → Manage Account Storage → CareHaven).

What we will tell you if any of this changes

If we ever change the privacy posture in a meaningful way (add telemetry, change what's collected, add ads, etc.), we'll:

Update this page with the new "Last updated" date.
Notify the launch-list mailing list before the change takes effect.
Show an in-app notice on the next launch.

We're not planning any of those changes. The privacy-first stance is the product, not a feature we'd compromise.

Not a medical device

CareHaven is a tracking and coordination tool. It is not FDA-approved, not regulated as a medical device, and shouldn't be used to diagnose or make medical decisions. The app makes this disclosure inline (Settings → About) and on the homepage. Always consult your healthcare provider.

Contact

Questions, complaints, or requests: reply to any CareHaven email, or use the contact form on the homepage. We read every message.