Privacy & Services Policy Agreement

Mercury Alert Inc. (“we,” “us,” or “our”). This Policy explains how we and certain partners collect, use, share, and protect information in relation to our mobile services, website, and any software provided on or in connection with Mercury Alert services (collectively, the “Service”), and describes your choices. By using the Service, you understand and agree that we provide a platform to receive alerts, post content, comments, and other materials of or about you (“User Content”) based on detections and analysis performed by the Service. This Policy applies to all visitors, users, and others who access the Service (“Users”).

Disclaimer

We cannot guarantee 100% accurate detections as an AI-based system. Alerts and notifications are intended only as an aid to home caregiving and must not be relied upon to prevent death, bodily injury, or other harm. Mercury Alert makes no representation or warranty regarding accuracy or promptness of alerts/notifications.

1. Information We Collect

Information you provide directly:

• Account credentials (username, password, email).
• Profile data (first & last name, phone number).
• User Content (images, metadata, comments, etc.).
• Communications between you and Mercury Alert (service emails; cannot be opted-out).

Other data we collect automatically / passively:

• Optical Sensor & Image Data – collected for calibration and model improvement, except that Ring integration data is handled as described in the Ring Integration Data section below.
• Metadata – non-identifiable labels describing activity.
• Device Identifiers – unique IDs associated with your mobile device.
• Analytics Information – traffic, usage trends, connection speeds, IP address, location, etc.
• Log Files – IP, browser type, referring pages, clicks, interaction data.
• Cookies & Similar Technologies – see §16 below.

2. How We Use Your Information

• Provide, maintain, and improve the Service.
• Develop and test new features/products.
• Deliver customer care and technical support.
• Diagnose/fix technological problems.
• Remember preferences for faster sign-in and better UX.
• Monitor metrics (visitors, traffic, demographics).
• Send administrative messages, updates, security alerts.
• Comply with legal obligations and enforce our Terms.

3. How Sensitive Data Is Handled & Stored

Optical sensor data is stored only transiently on the device, encrypted during transfer to Amazon Web Services (AWS), and obfuscated/blurred before labeling. Only authorized engineers and vetted data-labelers have access. Metadata (HIPAA-compliant and non-identifiable) is stored in secure AWS databases and accessed only via authenticated, encrypted channels.

4. Security of Data

Data is encrypted at rest and in transit (TLS 1.2+). We maintain firewalls, intrusion monitoring, role-based access controls, and regular security audits. While we exceed industry-standard safeguards, no method of electronic storage or transmission is entirely secure.

5. Intellectual Property Rights

All data collected, generated, or derived through the Service—including sensor data, metadata, user content, analytics, and logs—remains the sole property of Mercury Alert Inc. We retain full rights to use, analyze, modify, and commercialize such data as permitted by this Policy and applicable law. Ring integration data is used to provide, secure, support, maintain, and improve the Ring-connected Mercury Alert Service, including improving AI model accuracy as described in the Ring Integration Data section.

6. Data Retention & Deletion

We keep data only as long as necessary to provide the Service or to meet legal obligations. You may request deletion by emailing contact@mercuryalert.ai. Verified requests are processed within a commercially reasonable timeframe; residual backups may persist briefly but will be purged according to standard destruction protocols.

7. Ring Integration Data

If you connect a Ring account or Ring device to Mercury Alert, we collect and process only the Ring data needed to operate the integration and provide Mercury Alert's caregiving alert service.

Ring data we collect and process.

• Ring image snapshots fetched from enabled Ring devices with active subscriptions, including snapshots retained for model improvement when permitted.
• Event timestamps, media timestamps, Ring account IDs, Ring device IDs, Mercury account IDs, and Mercury device IDs.
• Ring device metadata, including device name, device type, general location name when provided by Ring, line power status, online status, capabilities, and Ring device creation time.
• Ring account profile fields when provided by Ring, such as email address, first name, last name, and phone number.
• OAuth access tokens, refresh tokens, token type, token scope, token expiration times, account linking state, subscription state, inference state, and operational error state.

How Ring data is used.

• We use Ring account and token data to link your Ring account, refresh authorized access, confirm the Ring app integration, and communicate with Ring APIs.
• We use Ring device data to discover eligible devices, create the corresponding Mercury Alert device record, verify account ownership, show device information, and route alerts to the correct account.
• We use timestamps, media timestamps, device IDs, subscription state, and inference state to fetch the correct snapshot, sequence activity, maintain device state, and troubleshoot the integration.
• We use Ring image snapshots to run AI-based detection for the Mercury Alert service, including caregiving alerts such as fall, in bed, out of bed for too long, sitting, standing, leaving room, and device status alerts.
• We may also use retained Ring snapshots to review edge cases, improve model accuracy, reduce false alerts, and validate performance across home environments.
• We do not use Ring data for advertising, sale of personal information, or services unrelated to the Ring-connected Mercury Alert service.

AI use and model training.

• Ring image snapshots are processed by Mercury Alert's AI system to provide alerts and status information.
• Ring image snapshots may be retained and used to train, test, evaluate, and improve Mercury Alert's computer vision models for caregiving alerts.
• Ring data is not used to train generative AI models, large language models, agentic AI systems, or AI agents.
• Users may opt out of use of their Ring snapshots for model training by emailing contact@mercuryalert.ai. Opting out of model training does not prevent use of Ring snapshots for the core alerting service, but it stops future use of that user's Ring snapshots for model improvement after the opt-out is processed.
• We do not use Ring data for facial recognition, biometric identification, race or ethnicity identification, political opinion identification, religious belief identification, sexual orientation identification, or precise geolocation.
• The Service may derive caregiving and health-related alert states from Ring snapshots, such as fall, in bed, out of bed for too long, sitting, standing, leaving room, and daily status information.

Retention and deletion for Ring data.

• Ring account, token, link, device, subscription, and inference state records are retained while the Ring integration is active or as needed for security, troubleshooting, legal compliance, model improvement, and backup recovery.
• Ring image snapshots may be retained in Mercury Alert training data stores while needed to improve model accuracy, review edge cases, and reduce false alerts. Snapshots are deleted when no longer needed, when a verified deletion request applies, or when a training opt-out is processed for future use, unless retention is legally required.
• If Ring notifies us that the app integration was removed, we mark the Ring link as removed and clear stored Ring access and refresh tokens.
• If Ring notifies us that a Ring device was removed, we stop Ring inference for that device and delete the Ring device mapping from the Ring integration database.
• You may request deletion of your account data, Ring link data, retained Ring snapshots, and related Mercury Alert records by emailing contact@mercuryalert.ai.

Human access, user controls, and third parties.

• Authorized Mercury Alert personnel may access Ring integration records, logs, and images only when needed to provide support, investigate errors, maintain security, label or review training data, improve model accuracy, comply with legal obligations, or operate the Service.
• You can control Ring access by connecting or disconnecting the Ring integration, managing permissions in Ring, managing available Mercury Alert settings, opting out of model training, or requesting deletion. Disconnecting Ring or deleting data may prevent Ring-based alerts from working.
• Ring and Amazon provide Ring account, device, subscription, and media data to us when you authorize the integration. Amazon Web Services hosts portions of the Mercury Alert infrastructure used to process and store Service data.
• We inform users about material changes to AI capabilities, detection features, accuracy information, or this Ring data use policy by updating this Policy and, where appropriate, by email or in-app notice.

8. Other Websites & Services

Our Policy does not govern third-party sites or services linked from the Service. Your interaction with any third-party—including those that access your User Content—is at your own risk and subject to its policies.

9. Sharing & Disclosure of Information

• We do not rent or sell personal information without consent.
• We share data with trusted Service Providers (e.g., AWS, analytics, payment processors) under confidentiality agreements.
• We may disclose information to comply with law, enforce agreements, protect rights, property, or safety of Mercury Alert, our users, or others.
• We may share anonymized or aggregated data that cannot reasonably identify you.

10. Changes to This Policy

We may update this Policy periodically. We will post the revised version with a new “Last Updated” date, and, where appropriate, notify you via in-app notice or email. Continued use constitutes acceptance.

11. Monitored Person Liability

Mercury Alert and caregivers are not liable for harm resulting from a failure to detect or alert. Users agree to hold Mercury Alert and caregivers harmless for injuries sustained by monitored persons.

12. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If we learn we have collected such data without verifiable parental consent, we will delete it promptly.

13. Legal Basis for Processing (EEA and UK Users)

Where GDPR applies, our legal bases include: (a) performance of a contract (to provide the Service); (b) legitimate interests (security, improvement, fraud prevention); (c) consent (for optional features); and (d) compliance with legal obligations.

14. Your Rights & Choices

• Access, correction, or deletion of personal data.
• Restriction or objection to processing.
• Data portability (structured, machine-readable copy).
• Withdraw consent at any time (does not affect prior lawful processing).
• File a complaint with a supervisory authority (EEA/UK).

15. California Privacy Notice (CCPA and CPRA)

California residents have the right to know, access, delete, correct, or opt-out of “sale” or “sharing” of personal information, and the right to non-discrimination. Submit requests via the contact methods below or through in-app settings.

16. Cookies & Tracking Technologies

We use cookies, SDKs, and similar technologies to remember preferences, analyze usage, and personalize content. You can control cookies through browser or OS settings; disabling them may limit functionality.

17. “Do Not Track” Signals

Our Service does not respond to DNT browser signals. We adhere to this Policy regardless of DNT.

18. Push Notifications & Location Services

With your permission, the app may send push notifications or collect precise location data to enhance the Service. You can disable these features in your device settings.

19. International Transfers

We are based in the United States. Data may be transferred to—and processed in—countries outside your own with different privacy laws. We use approved safeguards (e.g., Standard Contractual Clauses) to protect international transfers.

20. Data Breach Notification

In case of a data breach that affects your personal information, we will notify you and regulators as required by applicable law, describing the nature of the breach, likely consequences, and remedial measures.

21. Third-Party APIs and SDKs

The app may incorporate third-party APIs and SDKs (e.g., login, analytics, payment). Such providers may collect information as described in their own policies. We review these integrations for compliance before use.

22. Payment Information & In-App Purchases

Purchases are processed by third-party stores (e.g., Apple App Store, Google Play) and Mercury Alert does not receive complete payment card details. We receive only transaction tokens and IDs.

23. Marketing Communications

With your consent, we may send promotional emails or messages. You can opt-out at any time via unsubscribe links or in-app settings.

24. Governing Law & Dispute Resolution

This Policy is governed by the laws of the State of Delaware, USA, without regard to conflicts principles. Disputes shall be resolved through binding arbitration in Wilmington, Delaware, except where prohibited, subject to the FAA and JAMS rules. You waive class-action claims.

25. Consent & Acceptance

By using the Service, you consent to the collection and processing of information as described. If you disagree, please uninstall the app and cease using the Service.

26. How to Contact Us

Mercury Alert Inc. is the company responsible for this Policy and for responding to privacy inquiries, access requests, deletion requests, and other notices about the Service.

• Email: contact@mercuryalert.ai
• Website: www.mercuryalert.ai
• Postal Mail: Privacy Office, Mercury Alert Inc., 1209 Orange Street, Wilmington, DE 19801, United States