Privacy
Your privacy is the whole point.
CARER asks you to say things you can't say anywhere else. So the privacy promise has to be real — not a paragraph of comfort, but how the product is actually built.
In short:
- It runs on your device. By default, your conversations happen on your own phone — offline, free, private. What you say doesn't need to leave it.
- We can't read your backup. If you choose to back up your memory, it's end-to-end encrypted. Even we can't read it.
- Cloud assistance is off unless you turn it on. Nothing goes to a server for processing unless you actively choose it.
- We never sell your words, and never train AI on them. Full stop.
- The person you care for is never watched. They're never profiled, tracked, or monitored.
- There's no score. We never measure, rate, or diagnose you.
- You're in control. See everything, edit it, export it, or delete all of it — whenever you like.
- Crisis help never depends on any of this. It works offline, before sign-in, free, always.
What we collect
- What you choose to tell us — your conversations and the memory you build, stored on your device (and, only if you opt in, as an encrypted backup only you can read).
- Basic account details if you create an account, kept to the minimum needed to keep your memory safe across devices: an identity token from your sign-in provider (Apple, Google, or email), your email address if you sign in by email (encrypted at rest), an optional display name (encrypted), and your region and age-gate confirmation (18+). No date of birth, phone number, or postal address.
- De-identified, non-content product analytics (opt-out) that never include what you actually said — used only to keep the app working, never to measure engagement as "success."
What we never collect or do
- We never build a profile, health record, or "trend" of the person you care for. They are never a data subject in CARER.
- We never compute or store a burnout, stress, mood, or risk score about you.
- We never sell your data, share it with your family, or train AI models on your disclosures.
- We never ask for intrusive permissions at install (microphone, contacts) — and audio is treated as the least-trusted data type.
On-device AI
CARER's companion downloads to your phone once, over Wi-Fi, the first time you use it. After that it runs on your device, offline. Your words can stay entirely on your phone.
End-to-end encryption
Your memory is stored with field-level encryption on your device. If you turn on cloud backup, it's uploaded as ciphertext only — end-to-end encrypted with a key only you hold, recoverable via a recovery code. Our servers store an unreadable copy; we cannot decrypt it.
Cloud assistance is off by default
Some optional features can use a cloud service for a richer response. This is off unless you switch it on, and clearly labelled when you do. You can leave CARER fully on-device.
Export and delete
You can view and edit everything CARER remembers, export it, or delete all of it — at any time, without losing access to the companion itself.
No surveillance of the person you care for
CARER holds your feelings about caring. It does not — and structurally cannot — hold the cared-for person's condition, medications, symptoms, or care as data. They are a third party we minimise references to and never profile.
No carer score
There is no field, model, or view anywhere in CARER that computes or asserts a clinical state about you. The capability isn't disabled — it doesn't exist.
Your rights
CARER is built by Wellnetix Ltd (United Kingdom) and is available to carers worldwide. Your disclosures are treated as special-category data under UK GDPR Article 9 (data concerning health and emotional state). We rely on your explicit consent for the core companion, given freely at onboarding and revocable without losing the service. The crisis and safeguarding layer never depends on consent state — it fires for safety regardless. You have the right to access, correct, export, and erase your data. If you are based in the EU, you have equivalent rights under the EU GDPR. If you are a California resident, you have rights under the CCPA/CPRA. See our Privacy Notice §11 for details.
- Data controller: Wellnetix Ltd, United Kingdom
- Privacy contact / data requests: For any data question or to exercise your rights, email nimind@wellnetixltd.com
- Full privacy notice: Read the full UK GDPR Privacy Notice →
- Sub-processors / data-hosting locations: We use a small number of service providers for cloud infrastructure, optional cloud AI processing (only when you have cloud-assist on), and authentication. We aim to use UK/EEA-based providers or apply appropriate transfer safeguards. Full named list available on request: nimind@wellnetixltd.com
- Data retention periods: Most content is deleted within 30 days of a deletion request (14-day reversal window, then hard delete). Safety flags purge automatically after 7 days. Audit logs are kept for 12 months. Full retention schedule in the Privacy Notice →
Crisis help works offline and before sign-in
The urgent-help route is baked into the app. It works with no network, no account, and no AI running. Crisis resources come from a maintained, versioned config with an offline copy — never a stale hard-coded number.
Read our full legal pages: Privacy notice · Cookie policy · Terms of use · Accessibility