Privacy Policy

Effective: June 26, 2026

Privacy is the foundation of trust, not an afterthought. This page tells you exactly what we collect, why, where it lives, and what we do — and don't do — with it. We try to write this in plain language so anyone can follow along.

Who we are

Lani Companion Health LLC ("Lani," "we," "us") makes Lani, a warm AI companion for older adults and the families who love them. You can reach us anytime at admin@lani.health.

What this policy covers

This policy covers our website at lani.health (including the waitlist signup form) and our mobile apps, including Lani Companion (iOS Bundle ID app.lani.health; Android package app.lani.health) and Lani Circle, our family/caregiver app (iOS Bundle ID health.lani.circle; Android package health.lani.circle).

Lani is available to the public through the Apple App Store and Google Play.

Lani is not a medical device. Lani does not diagnose, treat, cure, or prevent any disease, and Lani is not a substitute for emergency services or professional medical care. If you are in crisis, call 911 (or your local emergency number) or the 988 Suicide & Crisis Lifeline.

Information we collect on the website

When you join the waitlist, we collect your email address and, if you choose to provide it, your first name. That's it.

Website analytics. We use Vercel Web Analytics to understand basic website traffic, such as page views and general usage patterns. Vercel Web Analytics is designed to be privacy-friendly and cookie-free. We do not use advertising pixels, behavioral advertising trackers, or data brokers, and we do not sell personal data.

Your browser stores a small local flag (lani.splash.seen) so our introduction screen only shows you once. This data never leaves your device.

Information we collect through the mobile app

Account information

Lani Companion uses one-time codes (OTP) sent to your phone number or email for sign-in. Lani Circle may use a phone number, email address, or pairing code flow depending on the sign-in surface. We do not collect or store passwords. To sign you in, we collect:

Conversations and reflections

What you say to Lani — by typing or speaking — is associated with your account so Lani can remember context across visits (for example, that you mentioned a grandchild's name or a recent trip to the doctor). You can review, export, or delete this information from inside the app.

Health information you choose to share

When you connect Apple Health, Lani reads only the data types you explicitly grant. Today that may include steps, heart rate, sleep, activity, blood pressure, blood glucose, oxygen saturation, irregular heart rhythm notifications, historical fall events, and several mobility metrics (walking speed, step length, double-support time, walking asymmetry, walking steadiness, and physical effort), plus high/low heart rate notifications. Lani does not currently write data back to Apple Health. You choose each data type individually in the iOS Health permission sheet.

If you fill in Medical ID inside Lani — conditions, allergies, medications, blood type, primary physician, preferred hospital, pharmacy, insurance, mobility and cognitive notes, and emergency notes — that information is stored against your account so Lani can surface it when you need it. Medical ID is owner-only by default and is not shared with anyone unless and until you explicitly opt in to a sharing surface (none is shipped today).

Reminders and notifications

Reminders you create are stored against your account and drive local notifications on your device. Lani also uses push notifications for certain features — for example, the emergency and missed-check-in alerts sent to the family members you've paired in Lani Circle (see Family sharing (Lani Circle) below). iOS, Apple Watch, silent mode, Focus modes, and your in-app voice-sound preference all govern whether you actually hear a notification; we cannot bypass any of those.

Recent Activity (active-status)

If you turn on Recent Activity, Lani periodically writes a timestamp meaning "this user was recently active in the app." That timestamp is intended to be visible to family members you authorize per person in the Lani Circle app. Lani does not record what you were doing — only that you were active. You control the update interval and can turn the feature off at any time. This is not emergency monitoring.

Family sharing (Lani Circle)

You may invite a family member or caregiver to use the separate Lani Circle app to stay connected with you. Sharing is opt-in and limited:

Caregiver pairing and subscription purchases

When a caregiver pairs with a loved one in Lani Circle, we store the pairing relationship and the permissions chosen by the loved one. If a caregiver buys Lani Plus or Lani Unlimited for a paired loved one, the purchase is processed through the Apple App Store or Google Play. We may receive subscription status, product identifier, purchase history, renewal state, and entitlement information from the store or our subscription-management provider so we can activate access for the loved one. We do not receive the caregiver's full payment-card number.

Voice and speech

If you use voice mode, your spoken input is converted to text using on-device speech recognition (Apple's built-in) and sent to our AI provider only as text — we don't record or retain raw audio. Lani's spoken replies are generated on-demand; no audio of yours is stored on our servers.

Where your information is stored

Account, conversation, reminder, Medical ID, Recent Activity, and health-summary data are stored on Supabase, our backend database provider, on servers in the United States. Data is encrypted in transit and at rest. Access is restricted by Supabase row-level security so a row can only be read or written by the user it belongs to.

One-time-code emails are delivered through Resend, our email-delivery provider. Resend sees your email address and the contents of the message (e.g. "Your Lani sign-in code is 123456") for the time it takes to deliver. We do not use Resend for marketing.

AI responses for chat and voice mode are generated using Anthropic (Claude). The text of your message and Lani's reply are sent to Anthropic to produce the response. Per Anthropic's API terms in effect at the time of writing, this content is not used to train their models by default. We do not send your email address or any other identifier to Anthropic.

What we do not do

Your choices and rights

From inside the app you can:

You can also ask us to delete your information, send you a copy of what we have, or correct it at any time. Email admin@lani.health and we will respond within 30 days.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights below regarding your personal information.

Categories of personal information we collect. In the past 12 months we have collected: identifiers (such as your name and email address); text conversation content you provide to Lani (raw audio is not retained); health-related information you choose to share; geolocation data (shared only with your approved family members in the emergency situations described below); inferences drawn from your conversations to identify potential safety concerns; internet or other electronic network activity information; and device and usage information.

How we use it. To provide and operate the service, personalize your experience, keep you safe, and as otherwise described in this Policy.

We do not sell or share your personal information as "sell" and "share" are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months.

Your rights. You have the right to: (1) know and access the personal information we hold about you; (2) request deletion of your personal information; (3) correct inaccurate personal information; (4) opt out of the sale or sharing of personal information (not applicable, as we do not sell or share); (5) limit the use of sensitive personal information; and (6) not be discriminated against for exercising these rights.

How to exercise your rights. Contact us at privacy@lani.health or through the in-app Settings → Support option. You may use an authorized agent to submit a request on your behalf. We will verify your identity and respond within the timeframes required by law.

How long we keep information

Account data is kept while your account is active. When you delete your account, we remove the data described above from our active backend. Backups may retain the data for a short additional window before they roll off (typically 30 days). Email-delivery logs at our provider may retain delivery records (not message content) on the provider's schedule.

Children

Lani is intended for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it.

Health-information posture

Lani handles personal health information that you choose to share with us, and we treat it with care: encrypted in transit and at rest, owner-only access by default, and never sold or shared with advertisers. Lani Companion Health LLC is not currently a HIPAA Covered Entity, and using Lani does not by itself create a HIPAA-protected relationship. If a future product feature places Lani in a HIPAA-covered role (for example, a Business Associate Agreement with a clinician or care organization), we will update this policy and the relevant in-app screens before that feature is enabled for you.

Changes to this policy

If we make material changes — especially when we launch new sharing surfaces or any provider/insurance integration — we will update the effective date at the top of this page and notify users by email before the change takes effect.

Contact

Questions, concerns, or requests: admin@lani.health.