Privacy Policy

As grandkids building for our grandparents, we created Sam to be privacy-first. What happens in the family should stay in the family, and we can never see anything you do with Sam.

Effective Date: February 17, 2026

Last Updated: February 17, 2026

1. Introduction

Quo Labs, Inc. ("Quo Labs," "we," "us," or "Company") provides Sam—a voice companion device for seniors—along with the Sam mobile application for iOS, our website at withsam.com, and our online store at shop.withsam.com (collectively, the "Services").

We built Sam for our grandparents, and we built it with privacy at its core.

This Privacy Policy explains how we collect, use, share, and protect your information. By using Sam, you agree to these practices. If you don't agree, please don't use our Services.

Our Privacy Commitment: We are privacy-first. We are HIPAA compliant. We protect your conversations with strong encryption so we literally cannot access them. We never sell your data.

2. Why You Can Trust Us

We can't read your conversations. We can't listen to you. We designed it that way on purpose.

No Voice Recording

We do not record, store, or save voice audio. Ever. When your loved one speaks to Sam, their voice is converted to text and the audio is immediately deleted. There are no voice recordings anywhere—the technology doesn't exist in our system.

Strong Encryption

All conversations, summaries, and messages are encrypted so that only you and your authorized family members can read them. We don't have access to the content. Our employees cannot read your conversations, even if they wanted to.

What We Can and Cannot See

We CAN See

  • ✓ Account information (name, email, phone)
  • ✓ Device status (online/offline, battery level)
  • ✓ Technical logs (connection times, errors)
  • ✓ Usage statistics (which features are popular)
  • ✓ Store orders and shipping info

We CANNOT See

  • ✗ Conversation content or what was said
  • ✗ Wellness report details
  • ✗ What triggered alerts
  • ✗ Messages between family and seniors
  • ✗ Health information
  • ✗ Personal topics or private discussions

HIPAA Compliant

We're certified under the Health Insurance Portability and Accountability Act (HIPAA). We don't ask for health information, but if it comes up in conversations, it's protected and we cannot access it.

We Never Sell Your Data

Never have, never will. We're three grandkids building for our grandparents, not a big tech company harvesting data.

3. Information We Collect

We collect only what's necessary to provide Sam's Services.

3.1 Information You Provide

Account Information:

Payment Information (Store Only):

Messages & Reminders:

3.2 Conversation Data (Encrypted—We CANNOT Access)

Voice Audio: NOT recorded or stored. Converted to text, then audio deleted immediately.

Text Transcripts (Encrypted): What your loved one says to Sam and Sam's responses. Encrypted so only you and your family can read them. We cannot decrypt or access this content.

Wellness Summaries (Encrypted): AI-generated daily summaries. Encrypted for your family only. We cannot read them.

Safety Alerts (Encrypted): Automated notifications when concerning patterns detected (keywords like "pain," "fell," "confused"). All encrypted—we can't see what triggered specific alerts. Fully automated; no human review.

Conversation Information (NOT Encrypted): When conversations happen, how long they last, frequency. We can see THAT conversations happened and WHEN, but NOT WHAT was said.

3.3 Device & Technical Information

Device Data: Identifier, model, software version, Wi-Fi network name (NOT password), connectivity status, battery level, error logs.

App Usage: App version, device type, which features you use, navigation patterns, crashes, performance metrics.

Website & Store: IP address, browser type, pages viewed, products viewed or purchased, search terms, checkout activity.

Communication Logs: Call times, durations, message delivery status. We log ABOUT calls and messages, but the content is encrypted and inaccessible to us.

3.4 Third-Party Information

3.5 What We Do NOT Collect

✗ Voice recordings ✗ Social Security Numbers ✗ Driver's license numbers ✗ Full credit card numbers ✗ Unencrypted health information ✗ Children's data ✗ Genetic data ✗ Religious or political beliefs

4. How We Use Your Information

For encrypted conversation content, our systems process automatically, but the data remains encrypted and we cannot access it.

Core Services

E-Commerce

Process orders, calculate taxes/shipping, coordinate shipping, handle payments (via processors), manage returns and refunds.

Emergency Response

If critical alerts detected and you've enabled emergency features: automatically notify emergency contacts. Fully automated.

Customer Support

Answer questions, troubleshoot issues, help with setup, resolve problems, track support history.

Product Improvement

Analyze anonymized usage patterns (conversation content NEVER included), enhance voice recognition, refine safety detection, optimize performance, develop new features, fix bugs.

Marketing (Optional—You Can Opt Out)

Promotional emails about features/updates, targeted ads on social media, measure ad effectiveness. We NEVER use conversation content for marketing. Ads based only on website browsing, products viewed, demographics.

Security & Legal

Verify identity, detect fraud, monitor for intrusions, enforce security, comply with HIPAA/CCPA/GDPR, respond to legal requests (can only provide encrypted data and timing info—not readable content), prevent harm.

What We Do NOT Use Data For

✗ Selling to third parties ✗ Sharing conversations with advertisers ✗ Political targeting ✗ Training AI for other products ✗ Employment screening ✗ Insurance underwriting ✗ Surveillance ✗ Sharing health info with employers/insurers

5. Data Storage, Security & Retention

What We Store

Encrypted: Conversation transcripts, summaries, alerts, messages (only you control access)

Standard Security: Account info, device logs, order history

NOT Stored: Voice recordings (never created), unencrypted conversations, Wi-Fi passwords

Security Measures

Retention Periods

Encrypted Data: Transcripts auto-delete after 24 hours (1 year if saved); Summaries 1 year; Alerts 7 years (legal requirement)—you can delete anytime

Other: Messages 90 days; Device logs 90 days; Account info while active + 30 days; Orders 7 years (legal)

Delete anytime: sam@quolabs.ai

6. HIPAA Compliance

We're HIPAA certified with required safeguards: encryption, access controls, staff training, audit logging, breach notification.

We don't request health information. If mentioned in conversations, it's encrypted and inaccessible to us, protected by HIPAA standards.

Your HIPAA Rights: Access your health information, request corrections, receive accounting of disclosures, request restrictions, file complaints with HHS.

Contact sam@quolabs.ai to exercise rights.

Sam does not provide medical advice, diagnosis, treatment, or clinical advice of any kind. Sam is a companion device, not a medical device. Always consult a qualified healthcare professional for medical concerns.

7. How We Share Your Information

We do not sell your personal information.

Authorized Family Members

Encrypted data shared only with family you authorize. You control access and can revoke anytime.

Service Providers

All contractually required to protect your data.

Shopify (Store Only)

Processes payments/orders, collects shopping behavior, may use for ads across Shopify. NO access to Sam conversations or app data.

Learn more: Shopify Privacy Policy

Emergency Services

If enabled: notify emergency contacts, share only essential info (name, nature of emergency).

Legal Requirements

May disclose when required: subpoenas, court orders, regulatory requirements. Due to encryption, can only provide encrypted data and timing info—not readable conversation content.

Business Transfers

If acquired/merged: we'll notify you, encrypted data stays encrypted, acquirer must maintain protections, you can delete data first.

What We NEVER Share

✗ Conversation content with advertisers ✗ Health info with insurers/employers ✗ Personal data with data brokers

8. Cookies & Tracking

Essential (Always Active): Login, shopping cart, security

Analytics (Optional): Google Analytics, usage patterns

Marketing (Optional): Facebook Pixel, Google Ads, TikTok Pixel

Your Control: Browser settings, website footer preferences, we honor Global Privacy Control automatically.

Mobile App: No cookies; device identifiers for notifications. Opt out: iOS Settings → Privacy → Tracking

9. Your Rights & Choices

Access & Download

View conversations/summaries in app, download your data, request account info at sam@quolabs.ai

Delete

Delete account through app settings, delete specific conversations, email sam@quolabs.ai

Deleted: All encrypted data, account info

May be retained: Anonymized analytics, legal records

Correct

Update in app settings or email sam@quolabs.ai

Manage Family Access

Add/remove authorized users, customize permissions, view access logs

Communication Preferences

Required: Safety alerts, device offline notifications

Optional: Daily summaries, marketing emails (unsubscribe anytime)

Opt Out of Ads

Website opt-out link, we honor Global Privacy Control, iOS: Settings → Privacy → Tracking

Unpair Device

App settings: stops reporting/alerts, deletes local data. Cloud data deleted separately if desired.

10. Additional Privacy Rights

Children's Privacy

Sam is for adults. We don't collect data from children under 13. If we learn we have, we delete it immediately. Contact sam@quolabs.ai if concerned.

International Users

Sam operates from the US. If outside US, your info transfers to US. By using Sam, you consent.

European Users (GDPR): Additional rights include: object to processing, restrict processing, data portability, withdraw consent, lodge complaints with supervisory authority. Transfer protections: Standard Contractual Clauses.

California Rights (CCPA/CPRA)

Exercise Rights: Email sam@quolabs.ai or call (415) 326-6474. Response within 45 days.

11. Data Breach Notification

If a breach occurs:

Within 72 Hours: Email notification, in-app alert, breach details, steps taken, what you can do

May Be Exposed: Account info, technical data, orders

NOT Exposed: Conversation content, summaries, health info, messages (all encrypted)

Because of encryption, your conversations stay private even in a breach.

12. Changes to This Policy

We may update to reflect law changes, new features, improved practices.

We'll Notify You: Email, in-app notification, website notice. Material changes: 30 days' notice.

Your Choices: If you disagree, delete account before changes take effect. Continued use = acceptance.

13. Contact Us

General Privacy

Email: sam@quolabs.ai

Phone: (415) 326-6474

Mail: Quo Labs, Inc., 2 Marina Blvd, San Francisco, CA 94123

HIPAA Privacy Officer

Email: sam@quolabs.ai (Subject: "HIPAA Privacy Request")

California Privacy Rights

Email: sam@quolabs.ai (Subject: "California Privacy Rights")

Phone: (415) 326-6474

Customer Support

Email: sam@quolabs.ai

App: Settings → Help & Support

14. Regulatory Complaints

If we can't resolve your concerns:

15. Consent

By using Sam, you acknowledge you've read and understood this Policy, and you consent to:

You understand:

Withdraw by: Turning off features, deleting data, deleting account, or contacting sam@quolabs.ai

Sam

Our Promise to You

We built Sam for our grandparents, and for yours.

We know these conversations are precious. We know the trust you're placing in us.

That's why we protect your conversations with strong encryption so we literally cannot access them. That's why we're HIPAA compliant. That's why we don't sell your data. That's why privacy isn't just a policy for us, it's the foundation of everything we do.

Your loved one's private moments stay private, between them and your family. Always.

If anything is unclear, email sam@quolabs.ai. We're here to help.

Thank you for trusting us with your family's care.

This Privacy Policy is effective as of February 17, 2026.