Privacy Notice

Who we are

Mithra is a culturally-native dementia companion application designed to support an adult with early-stage dementia and their family care circle. It is a private family coordination tool — not a clinical service, not a medical device, and not an emergency safety service.

Personal data processed by this application relates to a vulnerable adult and is classified as special-category health data under the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

Data controller

The primary caregiver who sets up and administers this application acts as the data controllerin this private family-care context. By creating an account and recording a consent basis, the caregiver accepts responsibility for ensuring a lawful basis exists for processing the person's health data.

The consent record captures who recorded it (the authenticated caregiver), the lawful basis chosen, the scope of processing, and the date. This record is immutable — it is a permanent audit entry, not a form that can be overwritten.

Lawful basis for processing

Processing special-category health data requires both a lawful basis under UK-GDPR Art. 6 and a condition under Art. 9(2). Three bases are supported, mapped to statute:

Best interests (Mental Capacity Act 2005, s.4)

Where the person lacks capacity for the specific decision of agreeing to this application, a linked caregiver may act in their best interests under the MCA 2005 s.4 framework — involving the person as far as practicable, considering their past and present wishes, and choosing the least restrictive option.

Lasting Power of Attorney — health and welfare

Where the caregiver is the donee of a registered health-and-welfare LPA (Mental Capacity Act 2005, s.9–14), the LPA authorises the donee to make personal welfare decisions when the person lacks capacity. This is the stronger basis where an LPA exists.

Explicit consent (UK-GDPR Art. 9(2)(a))

Where the person retains capacity for this decision at the relevant time, they may give explicit consent to the processing of their data in this application. Capacity under the MCA is decision-specific and time-specific.

Open question (solicitor review required): The specific Art. 9(2) condition that applies in a private (non-clinical, non-statutory) application where the data subject lacks capacity is not authoritatively settled for this use case. The applicable condition — whether Art. 9(2)(c) vital interests, Art. 9(2)(h) health or social care, or another — is the subject of solicitor review before real personal data is entered. See docs/CONSENT.md §4.

What we process

• Name, photo, and family relationships of the person in care
• Daily routine blocks and medication reminder schedules
• One-off appointments (e.g. medical appointments)
• Caregiver-authored reassurance facts (e.g. the whereabouts of absent family members)
• Meal confirmation logs (source: patient tap or caregiver log)
• Curated life photos for the ambient display
• Caregiver rota and on-duty status
• De-identified interaction counts (no content) for the family coping summary

We do not process clinical health records, diagnostic results, or third-party clinical data. Medication reminders are reminder-only and do not log adherence; Mithra is not a medical device.

Where data is stored

All data is stored in Supabase Postgres hosted in the EU West (London) region (region code eu-west-2). No personal data leaves the UK/EU. Photos and media files are stored in a private Supabase Storage bucket in the same region, accessible only to authenticated caregivers and the provisioned device session.

AI and personal data

Mithra uses the Anthropic Claude API only to soften the phrasing of pre-written, non-personal templates. The API receives only a template key and generic placeholder tokens — never names, routines, appointments, meal data, memories, reassurance facts, or any other personal information. All personal content is assembled on-device after the tone-softening response is returned.

This constraint is the load-bearing privacy design of the application. See docs/AI-POLICY.md for the full technical policy.

Your rights

Under UK-GDPR, the person in care (or their legal representative, including an LPA donee) has the right to:

• Access (Art. 15) — obtain a copy of their personal data
• Rectification (Art. 16) — correct inaccurate data
• Erasure (Art. 17) — have their data deleted. Deleting a care recipient account permanently removes all associated data via cascading database deletion.
• Data portability (Art. 20) — where processing is based on consent and carried out by automated means
• Object (Art. 21) — where processing is based on legitimate interests

To exercise any of these rights, contact the caregiver who administers this application. There is no commercial data processor or third-party controller.

Data retention

Data is retained for as long as the application is in active use. Meal logs and de-identified interaction counts are retained for the weekly family coping summary. Deleting the care recipient record permanently removes all associated data (routine, people, events, facts, meal logs, and photos) via cascading deletion.

Not a medical device or safety service

Mithra is a family coordination and companion tool. It is not a medical device, not a clinical monitoring system, and not an emergency service. The help function connects to the on-duty caregiver only. For medical emergencies, call 999 or use the careline pendant or Apple native Emergency SOS.