Boahu Privacy Policy

Last Updated: November 5, 2025

1. Introduction

Boahu respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our communication and reminder services designed for senior care. We collect only the information needed to provide our communication and reminder services. We do not sell or share your personal information with outside parties except as required to deliver messages or comply with the law.

By using our services, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us when you register for our services, including:

• Contact Information: Name, phone number, email address, and mailing address
• Demographic Information: Age, date of birth, language preferences
• Health Information: Appointment details, medication schedules, health conditions (only as necessary to provide reminder services), emergency contacts
• Communication Preferences: Preferred contact methods, message frequency settings, opt-in/opt-out choices
• Account Information: Username, password, and account settings

2.2 Information Collected Automatically

When you use our services, we may automatically collect:

• Service Usage Data: Message delivery status, response rates, interaction timestamps, call duration and completion status
• Device Information: Mobile device type, operating system, carrier information, phone number
• Technical Data: IP address, browser type, access times, referring website addresses
• Location Data: General location information (city/state level) for service delivery optimization

2.3 Information from Third Parties

We may receive information about you from healthcare providers, family members, or authorized caregivers who enroll you in our services on your behalf. We verify that these parties have proper authorization before accepting such information.

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Deliver appointment reminders, medication alerts, health notifications, and wellness check-ins via SMS and voice calls
• Personalize Experience: Customize message timing, content, and delivery methods based on your preferences
• Emergency Detection: Monitor for potential emergency situations and coordinate appropriate responses
• Service Improvement: Analyze usage patterns to enhance service quality, reliability, and user experience
• Account Management: Process registrations, manage subscriptions, and provide customer support
• Communication: Send service updates, respond to inquiries, and provide technical support
• Legal Compliance: Comply with legal obligations, enforce our terms, and protect our rights
• Security: Detect, prevent, and address technical issues, fraud, or security threats

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Communication Services: Azure Communication Services, SMS gateway providers, voice service providers
• Cloud Infrastructure: Microsoft Azure for hosting and data storage
• Analytics Providers: Service performance monitoring and improvement
• Customer Support: Technical support and customer service platforms

These service providers are contractually obligated to protect your information and use it only for the specific services they provide to us. They are required to maintain the confidentiality and security of your information in accordance with applicable laws, including HIPAA where applicable.

4.2 Healthcare Providers and Authorized Parties

With your explicit consent or as authorized by law, we may share information with your healthcare providers, family members, or designated caregivers to coordinate care and ensure effective service delivery.

4.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Law enforcement investigations
• Emergency situations to protect health and safety

4.4 Business Transfers

If Boahu is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and provide choices regarding your information.

5. HIPAA Compliance and Protected Health Information

When Boahu provides services on behalf of healthcare providers or handles Protected Health Information (PHI), we comply with the Health Insurance Portability and Accountability Act (HIPAA) and related regulations.

5.1 Business Associate Agreements

When we handle PHI on behalf of covered entities, we enter into Business Associate Agreements (BAAs) that specify our responsibilities for protecting PHI and compliance with HIPAA requirements.

5.2 Use and Disclosure of PHI

We use and disclose PHI only as permitted by HIPAA regulations:

• Treatment: To facilitate appointment reminders and care coordination
• Health Care Operations: To improve service quality and effectiveness
• With Authorization: With your written authorization for other purposes

5.3 Your HIPAA Rights

If we handle your PHI, you have the right to:

• Access and obtain a copy of your PHI
• Request corrections to your PHI
• Request restrictions on use and disclosure
• Request confidential communications
• Receive an accounting of disclosures

6. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access restrictions, multi-factor authentication, regular access reviews
• Infrastructure Security: Hosted on Microsoft Azure with enterprise-grade security, regular security audits and penetration testing
• Monitoring: 24/7 security monitoring and incident response, automated threat detection systems
• Employee Training: Regular security and privacy training for all staff, background checks for personnel with data access
• Disaster Recovery: Regular backups and business continuity plans

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your information. If we become aware of a security breach that compromises your information, we will notify you in accordance with applicable laws.

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (typically 7 years for healthcare records)
• Resolve disputes and enforce our agreements
• Support business operations and security

Typical retention periods:

• Active account data: Duration of service plus 7 years
• Message logs: 90 days to 1 year
• Billing records: 7 years per tax requirements
• De-identified analytics: Indefinitely

8. Your Privacy Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to request access to the personal information we hold about you and receive a copy in a portable format.

8.2 Correction

You may request that we correct inaccurate or incomplete information. You can update most information through your account settings or by contacting customer support.

8.3 Deletion

You may request deletion of your personal information, subject to certain exceptions (such as information we must retain for legal compliance). Note that deletion may result in termination of services.

8.4 Opt-Out of Communications

You can opt out of receiving messages:

• SMS messages: Reply STOP to any message
• Voice calls: Contact customer support
• Marketing emails: Click unsubscribe link in emails

8.5 Restriction of Processing

You may request that we limit how we use your information in certain circumstances, such as while we verify accuracy of disputed information.

8.6 Objection

You may object to certain uses of your information, particularly for direct marketing purposes.

8.7 How to Exercise Your Rights

To exercise any of these rights, contact us at info@boahu.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience, analyze usage, and deliver personalized content.

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Performance Cookies: Help us understand how visitors use our site
• Preference Cookies: Remember your settings and preferences

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

10. Children's Privacy

Our services are designed for adults and seniors. We do not knowingly collect information from children under 18. If you are under 18, do not use our services or provide any personal information. If we learn we have collected information from a child under 18, we will delete it immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at info@boahu.com or call (808) 850-6741. We will verify your identity before processing requests.

12. International Data Transfers

Our services are primarily offered in the United States, and your information is processed and stored on servers located in the United States. If you access our services from outside the United States, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

13. Third-Party Websites and Services

Our services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you a notification via email or text message
• Prominently displaying a notice on our website

Your continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this policy regularly.

15. Contact Us

16. Filing Complaints

If you believe we have not complied with this Privacy Policy or applicable privacy laws, you have the right to file a complaint with:

• Boahu: Contact our Privacy Team using the information above
• U.S. Department of Health and Human Services: For HIPAA complaints - www.hhs.gov/ocr/privacy
• State Attorney General: For state privacy law violations