Tendly

Privacy Policy

Effective date: February 2026

Tendly is a private care coordination app for use between a care recipient and their designated family members and caregivers. This policy describes what data the Tendly iOS app and Tendly Companion iOS app collect and how it is used.

1. Data We Collect

The following data is collected solely to provide the app's care coordination features:

  • Name and display name — used to personalise greetings and identify contacts.
  • Phone numbers — used to send and receive SMS messages via Twilio. Stored encrypted.
  • Message content — messages sent and received through the app. Stored encrypted.
  • Profile photos — photos you choose to upload as a profile picture or contact photo. Stored on the Tendly server.
  • Push notification token — a device identifier issued by Apple and Expo, used only to deliver push notifications to your device when a new message arrives. Stored on the server and refreshed automatically.
  • Location (optional) — approximate GPS coordinates captured when you choose to set a location boundary in Settings. Used only for automatic location detection within the app. Never transmitted to third parties.
  • Device contacts (optional) — accessed only when you choose to link a contact in Settings. Phone numbers from your contacts are read once and stored locally. We do not upload your full contacts list.

2. How It's Stored

Message content and phone numbers are encrypted at rest using AES-256-GCM encryption in a PostgreSQL database. Encryption keys are never stored alongside data. Profile photos are stored as files on the server. Push tokens and location data are stored unencrypted but are never exposed publicly.

3. Who Can Access Your Data

Only the care recipient and their designated caregivers and family members — the people you explicitly invite — can access messages and contact information within their account. We do not sell, share, or disclose personal data to any third parties, with the exception of the service providers listed below.

4. Third-Party Services

  • Twilio — used to send and receive SMS messages. Message content passes through Twilio's infrastructure. See Twilio's Privacy Policy.
  • Expo (Expo Push Service) — used to relay push notifications to Apple's APNs infrastructure. Only the push token and notification title/body are transmitted. See Expo's Privacy Policy.
  • Railway — the server infrastructure provider hosting the Tendly backend. Data is stored in Railway's managed PostgreSQL service.

5. SMS Opt-In / Opt-Out

Family members and contacts opt in to receive SMS messages by clicking a personal invite link and sending their first message. Message and data rates may apply. You can opt out at any time by replying STOP to any message. Reply HELP for assistance.

6. Data Retention

Data is retained for the duration of the care relationship. To request deletion of your data, contact us at the address below and we will remove it within 30 days.

7. Children's Privacy

Tendly is not directed at children under 13 and we do not knowingly collect personal information from children under 13.

8. Contact

Questions or deletion requests: andy@conspyre.com

Privacy  ·  Terms
© 2026 Tendly