Privacy Policy

Data Controller Contact Information:
Chorus Health Inc.
1015 Fillmore St #13983 
San Francisco, CA 94115
support@hellocaria.com

1. Introduction

This Privacy Policy sets out how Chorus Health Inc., developer of the Caria app, (“Caria”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal data when individuals (“you”, “your”, or “users”) access or use our mobile application (the “App”) and websites (the “Websites”). Our privacy policy governs the privacy practices of our websites (Chorushealth.ai, Chorushealth.io, Hellocaria.com, Hellocaria.ai), all sub-domains, mobile app named Caria, and subscriptions offered through the Caria app (together “the Services”). 

Our privacy policy tells you what personal data and non-personal data we collect from you, how we collect them, how we protect them, how we disclose them, how you can access and change them, and how you can limit our disclosure of them. Our privacy policy also explains certain legal rights that you have about your personal data. 

2. Your rights

When using our Services and submitting personal information to us, you may have certain rights under privacy laws in the United States, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other U.S. state laws. You may also have rights under privacy laws of other countries, including the European Union General Data Protection Regulation (the EU GDPR), the UK General Data Protection Regulation (the UK GDPR), the UK Data Protection Act of 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other global privacy laws. Even if not listed here, we will make reasonable efforts to honor data subject access requests even though we may be under no legal obligation to do so. However, we reserve the right to decline any data subject access request that we are not legally obligated to comply with. Your rights may include, but are not limited to the following:

  • The right to equal service, and price, and not to be discriminated against even if you exercise your privacy rights.
  • The right to one or more means where you can submit requests under this privacy policy.
  • The right to know whether your personal information is sold or disclosed and to whom.
  • The right to request that we do not sell any of your personal information. 
  • The right to be informed about the personal information that we collect from you and how we process it. 
  • The right to get confirmation that your personal information is being processed and you can access your personal information.
  • The right to have your personal information corrected if it is inaccurate or incomplete.
  • The right to request the removal or deletion of your personal information if there is no compelling reason for us to continue processing them. However, the right to deletion is not absolute and can be overridden to continue data processing in some cases where we still have a legal ground or overriding legitimate interest to process your data.
  • The right to ‘block’ or restrict the processing of your personal information. When your personal information is restricted, we are permitted to store your personal information, but not to process it further.
  • The right to request the personal information that you provided to us and use it for your own purposes. Upon express request, we will provide your data to you within 30 days of your request subject to commercial and industrial secrets.
  • The right to object to us processing your personal information for the following reasons:
    1. processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    2. direct marketing and targeted advertising (including profiling);
    3. processing for purposes of scientific/historical research and statistics.
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects regarding you or similarly significantly affects you. 
  •  The right that we limit the collection of your personal information to that which is “adequate, relevant and reasonably necessary with the purposes for which the data is processed.
  • The right that we do not process your personal information for purposes that are neither reasonably necessary nor compatible with the disclosed purposes for which such personal data is processed, as disclosed to you unless the controller obtains your consent.
  • The right to designate an authorized agent to make a request on your behalf. When designating an authorized agent, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification.
  • The right to file a complaint with supervisory authorities if your information has not been processed in compliance with your rights under privacy laws.

If you wish to exercise any of the rights set out above, please email us at support@hellocaria.com. We will respond to your request within 30 days of receiving it. Occasionally it may take longer for multiple requests or complex circumstances.

3. Information we collect and how we collect it 

We collect and process the following categories of personal data when you use our Services:

3.1 Identity and Contact Information

  • Name
  • Email address

This information is collected when you create an account or communicate with us.

3.2 Health and Wellbeing Data

  • Information you choose to log regarding symptoms, triggers, or health-related activities
  • Symptom severity levels 
  • Free-text notes related to your symptoms or wellbeing
  • Responses to onboarding questions related to your goals, symptoms, and stage of menopause 

This data is provided voluntarily by you and is stored in your account. 

3.3 Usage and Technical Data

  • Device type and operating system
  • IP address and general location (as inferred from IP)
  • App usage patterns, such as session duration

This data is collected through third-party analytics tools such as Amplitude and Firebase.

3.4 Community Forum Data

  • Content you choose to post within community features, including stories, experiences, or symptom-related discussions
  • Username or display name you choose
  • Information visible to other users in your posts and comments

All community posts are reviewed by a moderator prior to publication. User submissions are optional and subject to community guidelines.

3.5 Communications Data

  • Information provided when you contact us, such as through support emails or feedback forms

3.6 Third-Party Platform Data

  • App Store transaction metadata (as made available to us via Apple or Google)
  • Mailing preferences and interactions (collected via Mailchimp)

We do not access or collect payment card details directly.

3.7 Cookies

Our website uses cookies. A cookie is a small piece of data or a text file downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text in the cookie consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well. 

By agreeing to accept our use of cookies you are giving us and the third parties with which we partner permission to place, store, and access some or all the cookies described below on your computer and or mobile device. 

  • Strictly Necessary Cookies – These cookies are necessary for the proper functioning of the website, such as displaying content, logging in, confirming your session, responding to your request for services, and other functions. 
  • Performance Cookies – These cookies collect information about the use of the website, such as pages visited, traffic sources, users’ interests, content management, and other website measurements.
  • Functional Cookies – These cookies enable the website to remember users’ choices, such as their language, usernames, and other choices while using the website. 
  • Media Cookies – These cookies can be used to improve a website’s performance and provide special features and content. They can be placed by us or third parties who provide services to us.
  • Advertising or Targeting Cookies – These cookies are usually placed and used by advertising companies to develop a profile of your browsing interests and serve advertisements on other websites that are related to your interests. 
  • Session Cookies – These cookies allow websites to link the actions of a user during a browser session. They may be used for remembering what a user puts in their shopping cart as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session.
  • Persistent Cookies – These cookies are stored on a user’s device between browser sessions, which allows the user’s preferences or actions across a website or across different websites to be remembered. Persistent cookies may be used for remembering users’ choices and preferences when using a website or target advertising to them.
  • We may also use cookies for:
    • identifying the areas of our website that you have visited;
    • personalizing the content that you see on our website;
    • remembering your preferences, settings, and log-in details.


Most web browsers can be set to disable the use of cookies. However, if you disable cookies, you may not be able to access features on our website correctly or at all. 

4. How we use your data

We use your personal data for the following purposes:

4.1 To Provide Access to the App

We process your identity and contact information to:

  • Register and maintain your user account
  • Authenticate your access to the App
  • Communicate with you regarding service-related matters

4.2 To Provide Health Support and Personalised Content

We process the symptom tracking data and onboarding responses you provide in order to:

  • Allow you to monitor your symptoms and wellness over time
  • Present you with relevant educational content based on your logged symptoms
  • Generate visual summaries and symptom trends within the App

We do not provide medical advice or diagnoses. Content suggestions are generated by an automated rules-based system designed to support general wellbeing.

4.3 To Operate and Moderate Community Features

If you choose to participate in the community forum, we process your submissions to:

  • Enable your contributions to be shared with other users
  • Moderate content in accordance with our internal community standards
  • Protect the safety and integrity of the platform

Content you post is visible to other users and should not include personally identifying health information to protect your privacy. Please think carefully before posting anything that may identify you in any public forum. Remember, what you post can be seen, disclosed to, or collected by others and may be used in ways we cannot control or predict, including to contact you for unauthorized purposes. If you mistakenly post personal data in our community forums and would like it removed, email us at support@hellocaria.com 

4.4 To Monitor, Analyse, and Improve the App

We use analytics data collected via Amplitude, Firebase, and other tools to:

  • Understand how users engage with different features
  • Identify technical issues and usage trends
  • Inform product development and feature improvements

4.5  To Communicate with You

We may use your email address to:

  • Send administrative messages about your account or the App
  • Share updates about improvements to the service
  • Provide optional newsletters or educational emails (if opted in)

4.6 To Comply with Legal Obligations

We may process your data where required to do so by applicable laws or regulations, including in response to lawful requests by public authorities.

4.7 Other uses

  • respond to any requests from you regarding sales and support;
  • contact you about any agreements or terms that you may have with us; 
  • interact with other users if applicable;
  • diagnose and resolve problems and prevent fraud;
  • contact you with updates to our website, products, and services;
  • resolve problems and disputes;
  • respect and apply your decisions to opt out of any data sharing, such as a ‘data sale’ or similar concept under applicable laws or regulations;
  • We may disclose your personal information with our affiliates, in which case we will require those affiliates to honor this privacy policy. Affiliates include our parent company and any other subsidiaries or joint venture partners;
  • Make privacy and data protection agreements with our merchants and contractors.

5. Sharing your data with third parties

We do not sell your personal data. However, we may share your data with carefully selected third parties in the limited circumstances described below. If you want to opt out of the sale or sharing of your personal data, you can do so at this link. You can also submit your request by contacting us using the information at the top and bottom of this privacy policy.

5.1 Service Providers and Contractors

At times, we disclose your information to third parties, service providers, and contractors whom we hire to provide services to us. These service providers and or contractors may include, but are not limited to, analytics providers, payment processors, web analytics companies, cloud hosting and infrastructure services, forum and content management platforms, engagement tools, and email service providers, and development agencies. We have contracts with qualified third parties, service providers, and contractors that obligate them to comply with specific requirements under the law.

Google API

By using our Services, you are subject to the Google Privacy Policy and Terms of Service.  When collecting and processing user data, including personal information from Google APIs, we will follow Google API Services User Data Policy.

Google Analytics

Our Services use Google Analytics to collect information about the use of our Services. Google Analytics may collect information from users such as age, gender, interests, demographics, how often they use our Services, what pages they visit, and what other websites they have used before coming to our website. We use the information we get from Google Analytics to analyze traffic and improve our Services and marketing. You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout

Analytics Services From Other Companies

Our Services use analytics platforms from other companies to collect information about the use of our Services. Analytics platforms collect information such as how often users visit our Services, what pages they visit, when they do so, what other websites they used before coming to our website, and their IP addresses. We use the information we get from analytics to improve our Services. 

5.2 Disclosures to Successors

If our business is sold or merges in whole or in part with another business that would become responsible for providing the Services to you, we retain the right to transfer your personal information to the new business. The new business would retain the right to use your personal information according to the terms of this privacy policy, as well as to any changes to this privacy policy as instituted by the new business. We also retain the right to transfer your personal information if our company files for bankruptcy and some or all of our assets are sold to another individual or company.

5.3 Legal and Regulatory Disclosures

We may disclose your personal information if such disclosure is (a) required by subpoena, law, or other legal processes; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to protect us from legal action or claims from third parties, including you and or other users; or (d) necessary to protect the legal rights, personal and or real property, or the personal safety of our company, users, employees, and business partners.

5.4 Community Discussion Boards, Blogs, or Other Mechanisms

Our Services offer the ability for users to communicate through online community discussion boards, blogs, or other mechanisms. If you choose to post on these discussion mechanisms, you should use care when exposing any personal data, as such information is not protected by our privacy policy nor are we liable if you disclose your personal data through such postings. We cannot prevent the use or misuse of such information by others.

5.5 Aggregated and Anonymized Data

We may share aggregated or anonymized data that does not identify any individual, for purposes such as research, analysis, or reporting. 

6. Legal basis for collecting and processing information 

Our legal basis for collecting and processing your personal data when you access Services is based on the necessity for the performance of a contract or to take steps to enter into a contract.

What Happens If You Don’t Share Your Personal Data

If you do not provide us with enough personal information, we may not be able to provide you with all our Services. However, you can access some parts of our website and App without giving us certain personal data. 

7. Retention of your personal data

We retain your data if necessary to provide our services and or products to you and to fulfill the purposes outlined in our privacy policy and this Data Retention Policy. When no longer needed, we will destroy, delete, or erase it unless you request that we retain it. 

Retention periods

Data TypeRetention PeriodPurpose
PasswordRetained while account is active; 2 years afterAccount access and security
First NameRetained while account is active; 2 years afterRecord-keeping and compliance
Email AddressRetained while account is active; 2 years afterCommunication and support
Marketing DataRetained while account is active; 2 years afterLegitimate interest in marketing
Communications Data Using
Support Emails / Forms		Retained while account is active; 2 years afterEqual opportunity monitoring
Health Logs & Symptom DataRetained while account is active; 2 years afterPersonalization 
Symptom Severity LevelsRetained while account is active; 2 years afterPersonalization and analytics
Free-text Health NotesRetained while account is active; 2 years afterPersonalization
Menopause Stage & Goal ResponsesRetained while account is active; 2 years afterPersonalization and health analytics
Device Type & Operating SystemRetained while account is active; 2 years afterApp performance and debugging
IP Address & General LocationRetained while account is active; 2 years afterSecurity and regional compliance
App Usage PatternsRetained while account is activeUser analytics and service optimization
Community Posts & CommentsRetained while account is active; 2 years afterCommunity engagement and content moderation
Display NameRetained while account is active; 2 years afterCommunity identity and interaction

Deletion Requests

You may request deletion of your personal data at any time by using the account deletion feature within the app or by contacting us at support@hellocaria.com. Upon receiving a request, we will take reasonable steps to delete or anonymize your personal data, subject to any obligations we may have to retain certain information for legal, regulatory, or operational reasons.

Impact of account deactivation/requests to erase personal data 

If you choose to delete your account, Caria will generally delete all your personally identifiable data stored on the app, and it will not be recoverable should you later create another account. 

8. Data Security

We take the protection of your personal data seriously and implement reasonable administrative, technical, and organizational safeguards to help prevent unauthorized access, disclosure, alteration, or destruction of your data.

These measures include, but are not limited to:

  • Secure cloud infrastructure and data storage via trusted providers (such as AWS)
  • Access controls and authentication mechanisms for internal systems
  • Data minimization and encryption practices where applicable
  • Regular review of our internal policies, staff access levels, and third-party vendors

Although we take appropriate steps to secure your personal data, no system can be guaranteed to be 100% secure. We encourage you to use strong passwords and exercise caution when sharing information within the community features of the App.

If we become aware of any data breach affecting your personal data, we will notify you and relevant authorities as required by applicable laws.

9. Do Not Track Settings

Some web browsers have settings that enable you to request that our website not track your movement within our website. Our website does not obey such settings when transmitted to and detected by our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.

10. Links To Other Websites

Our Services may contain links to other websites. These websites are not under our control and are not subject to our privacy policy. We have no responsibility for these websites, and we provide links to these websites solely for your convenience. You accept that your use of and access to these websites are solely at your risk. 

11. Our Email Policy 

You can always opt out of receiving email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission, except in the sale or transfer of our company, or if our company files for bankruptcy as described in the section Disclosures to Successors.

12. International Data Transfers

Information we collect from you may be stored, processed, and transferred to countries outside your country of residence, including the United States, where data protection laws may be different from those in your jurisdiction. For users located in the European Union (EU) or the European Economic Area (EEA), we rely on the legal bases provided under Article 49 of the General Data Protection Regulation (GDPR) for international transfers in specific situations, such as when the transfer is necessary for the performance of a contract or with your explicit consent. The United States is not currently recognized by the European Commission as providing an adequate level of data protection under Article 45 of the GDPR. Where appropriate, we implement additional safeguards, including standard contractual clauses (SCCs) and data processing agreements, to protect your personal data when it is transferred outside the EU/EEA. We also strive to apply reasonable technical and organizational measures to ensure your data remains protected. By using our services or accessing our app, you acknowledge and agree to the transfer of your personal data as described in this section.

13. Changes To Our Privacy Policy

We reserve the right to change this privacy policy at any time. If our company decides to change this privacy policy, we will post those changes on our website or App so our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your personal information in a method different from that specified at the time it was collected, we will provide advance notice by email sent to the email address associated with your account. Otherwise, we will use and disclose our users’ and customers’ personal information in agreement with the privacy policy in effect when the information was collected. Your continued use of our Services after any change to this privacy policy will constitute your acceptance of such change. If you have questions about our privacy policy, please contact us through the information at the top and bottom of this privacy policy.

14. Contact information 

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at: support@hellocaria.com