This Privacy Policy explains how JPL Digital ("we", "our", "us") collects, uses, and protects your personal data when you use the Elva mobile application (the "App").
1. Information We Collect
We may collect the following categories of personal data:
- User Information: name, email address, and contact number.
- Child Information: name, date of birth, and care or health-related details provided voluntarily by parents or caregivers.
- Caregiver Information: name, email address, and contact number of individuals invited to access a child's profile.
- Usage Data: login details, chat transcripts with the digital twin, caregiver notes, and in-app interactions.
2. Legal Basis for Processing (GDPR/UK GDPR)
We process your personal data only when we have a valid legal basis:
- Contractual Necessity: To provide the App's services and fulfill our agreement with you (e.g., creating an account, managing profiles, enabling chat, inviting caregivers).
- Legitimate Interests: To operate, maintain, and improve the App (e.g., analysing usage trends to enhance features). We always balance these interests against your rights and freedoms, and conduct a legitimate interests assessment which is available on request.
- Consent: For processing of special category data (such as child health information) you voluntarily provide, and for optional communications. You may withdraw your consent at any time.
- Legal Obligations: To comply with applicable laws and regulatory requirements.
3. How We Use Your Information
We use personal data solely to:
- Provide the App's core services.
- Share care information securely with authorised caregivers.
- Enable chat functionality via our AI-powered digital twin.
- Support communication and notifications (e.g., emails to users and caregivers).
- Maintain, improve, and analyse App performance.
We do not use your data to train AI models or for marketing purposes.
4. How and Where Data is Stored
Your data is stored and processed using the following providers:
- Supabase – secure cloud storage for user accounts, profiles, and caregiver data.
- OpenAI – processing of chat queries to generate digital twin responses. Conversations are processed only to generate responses, are encrypted in transit, and are not used to train AI models.
- Resend – email delivery for user notifications and caregiver invitations.
- Posthog – anonymised analytics to understand app usage and improve functionality.
All service providers act as data processors on our behalf and are bound by contractual obligations (Data Processing Agreements) to protect your information.
5. Data Sharing
- We do not sell or share your personal data with third parties for marketing.
- Information is shared only with trusted processors listed above, strictly for the purpose of delivering the App's functionality.
6. International Data Transfers
Some service providers may process data outside the UK/EEA (e.g., in the United States).
Where this occurs, we ensure that appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs), and
- UK International Data Transfer Agreement (IDTA) where required.
These ensure your personal data remains protected to GDPR/UK GDPR standards.
7. Children's Privacy
- The App is intended for use by parents and caregivers only, not directly by children under 13.
- Any child-related information is provided by the parent or guardian, who has full control over access.
- If you are based in the United States, the App complies with COPPA (Children's Online Privacy Protection Act).
8. Your Rights
Under GDPR and UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict or object to processing in certain circumstances.
- Request export of your data in a portable format.
- Withdraw consent at any time (where consent was the legal basis).
You can exercise these rights by contacting us at help@elva-app.co.uk.
9. Data Retention
- We retain your data for as long as your account remains active.
- If you close your account or request deletion, your personal data will be securely erased within 90 days, unless a longer period is required by law.
10. Security
We use industry-standard technical and organisational measures to safeguard your data, including:
- Encrypted storage and data transfer.
- Secure authentication and access controls.
- Regular monitoring of systems and providers.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated in-app or by email.
12. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us:
📧 help@elva-app.co.uk