Inlet Studio LLC (“Inlet Studio,” “we,” “us”) operates the Tend mobile application (“Tend” or the “app”) and is committed to protecting the privacy of our users. This Privacy Policy explains what information Tend collects, how it is stored and shared, and the rights you have over your data.
Tend collects health-related information you voluntarily enter, including: medication names, dosages, and administration times; vital signs (blood pressure, heart rate, temperature, weight); mood and behavioral observations; meal and nutrition records; incident reports; and medical conditions. This information may be classified as consumer health data under applicable state laws (including the Washington My Health My Data Act).
Display name, relationships, dates of birth, and roles within care circles.
If you sign in with Apple, we receive your Apple-issued user identifier and any name information you choose to share. If you sign up with email and password, we collect your email address and a securely hashed copy of your password (the plaintext password is never stored or accessible to us). Tend never requests or stores your Apple ID password.
To support coordination among care circle members, Tend records who created, modified, or deleted each care entry, and when. These records are stored alongside care data and are visible to other members of the same care circle.
Our infrastructure provider (Supabase — see Section 4) automatically logs basic technical metadata for each authenticated request, including timestamps and IP addresses, for security, abuse prevention, and operational troubleshooting. These logs are short-lived and are not used to build behavioral profiles, target advertising, or train models.
Your data is used solely to provide and improve the Tend caregiving coordination service. Specifically:
Tend does not use your care data for advertising, analytics product development, AI model training (ours or any third party’s), or sale to data brokers.
Care data, account information, and activity records are stored on managed cloud infrastructure operated by Supabase Inc. in their North American data centers. Data is encrypted in transit using TLS 1.2 or higher, and at rest using AES-256.
Access to your data is enforced by row-level security policies at the database layer: only authenticated members of a given care circle can read or write that circle’s records. Inlet Studio LLC personnel do not have routine access to user-entered care data and only access it when strictly necessary for support, security, or legal compliance.
Authentication uses industry-standard token-based session management. Sessions on your device are stored in Apple’s Keychain.
We use the following sub-processors to operate Tend. Each is contractually bound by a Data Processing Agreement to use your data only to provide the service to us:
| Sub-processor | Purpose | Data accessed |
|---|---|---|
| Supabase Inc. (US) | Database hosting, authentication, real-time sync | All care data, account information, profile data, activity records |
| Resend (US) | Transactional email delivery (confirmation, password reset) | Email address, name (when included in messages) |
| Apple Inc. | Sign in with Apple, App Store payments, push notifications | Apple-issued user identifier, subscription status, push token |
| Cloudflare (US) | Static website hosting (tendfamily.care, including this page) | Standard web request logs only; no app account data |
Supabase publishes its own sub-processor list (including AWS for compute and storage) at supabase.com/legal/sub-processors. We will update this Privacy Policy if we add or change a sub-processor.
We do not sell, rent, trade, or otherwise share your personal or health information with third parties for marketing, advertising, or training purposes.
Care data is shared only with members of your designated care circle(s). When you invite a family member or aide, they gain access (per their assigned role) to that circle’s care records once they accept the invite. The Primary Caregiver who created the circle controls who is added or removed.
Doctor Visit Summary PDFs are generated locally on your device and are shared only when you explicitly choose to share them.
Subscription and payment data is processed exclusively by Apple and is governed by Apple’s privacy policy.
If you access Tend from outside the United States, your data will be transferred to and stored in the United States. By using Tend, you consent to this transfer. Where required by law, we rely on standard contractual clauses or equivalent safeguards in our agreements with sub-processors.
You may delete your entire Tend account at any time from the Settings screen. Account deletion immediately removes your profile, authentication credentials, and circle memberships. Care entries you authored are retained in anonymized form (attributed to “Deleted User”) to preserve the continuity of care records for other circle members.
You may remove yourself from any individual care circle without deleting your entire account. Your membership and role are removed from that circle and entries you logged within that circle are anonymized as described above.
You may export your care entries as a Doctor Visit Summary PDF from within the app at any time. To request a complete machine-readable export of your data, contact [email protected].
If a subscription lapses or is cancelled, associated account and care data is retained for 30 days to allow for resubscription. After 30 days without an active subscription, all care data, circle configurations, and member associations owned by the subscription holder are permanently deleted.
If you are a California resident, you have the right to: know what personal information we collect and how it is used; access and request deletion of your personal information; correct inaccurate personal information; and opt out of the sale or sharing of personal information. Tend does not sell or share personal information for cross-context behavioral advertising. To exercise your rights, use the in-app deletion features or contact us at [email protected].
Tend complies with applicable state consumer health data privacy laws, including the Washington My Health My Data Act and similar legislation in Connecticut, Nevada, and other jurisdictions. You may exercise your rights under these laws — including the right to withdraw consent and the right to deletion — by using the in-app data management features or by contacting us directly.
If you are located in the European Economic Area, the United Kingdom, or another GDPR-equivalent jurisdiction, you have the right to access your personal data, rectify inaccurate data, request erasure, restrict or object to processing, request data portability, and lodge a complaint with your local supervisory authority. Our lawful bases for processing are: (i) the contract you enter into when creating an account, and (ii) your consent for any optional features.
Tend is not directed at children under 13. We do not knowingly collect personal information from children under 13. Care data about a minor may be entered by an authorized caregiver acting in a parental or guardian capacity, in which case the caregiver is responsible for obtaining any consent required by applicable law.
Inlet Studio LLC uses AI-assisted development tools to design and code the Tend application. Tend itself does not use artificial intelligence, machine learning, or any automated decision-making system to process, analyze, or interpret user-entered care information. Care information is stored and displayed exactly as you provide it. We do not use your care data to train AI models, ours or any third party’s.
If we become aware of a security incident affecting your data, we will notify you without undue delay through in-app notification and/or email, consistent with applicable law.
We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notification before taking effect. Continued use of Tend after changes are posted constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Inlet Studio LLC
[email protected]