Privacy Policy

Effective Date: April 20, 2026 Last Updated: April 20, 2026

The Thomas E. Smith Foundation ("TESF," "we," "us," or "our") operates the Care to Cure mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the App.

This Privacy Policy applies only to information we collect:

  • Through the App.
  • In communications, including email, text, chat, and other electronic messages, between you and the App.

It does not apply to information collected by:

  • Us offline or through any other means, including on any other website operated by TESF or any third party that does not link to this Policy; or 
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the App.

By downloading or using Care to Cure, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.  This Policy may change from time to time (see Section 12 (Changes to this Privacy Policy). Your continued use of the App after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates.


1. Information We Collect

Information You Provide Directly

  • Account Information: Your name and email address, used for account creation and authentication.
  • Chat Messages:  Messages you send through the App's AI-powered chat feature ("Ask"). Ask is a closed-content assistant: it answers questions using only Care to Cure's own curated library of vetted spinal cord injury content, not the general internet. When you send a message, it is processed by our servers, combined with relevant excerpts from our content library, and passed to a third-party AI model (see Section 3) solely to generate a natural-language response. We do not send your name, email address, role or stage-of-care selections, or any other profile information to the AI model.
  • App Usage Preferences: Your selected role (e.g., patient, caregiver, family member, healthcare professional), used to personalize the content and resources presented to you.
  • Push Notification Preferences: Your opt-in choices for receiving notifications, along with your device token, used solely to deliver weekly content notifications.
  • Other Content You Submit Through App: Text, images and other content about you and your background, including your “story.” 

You may also provide information for publication or display ("Posted") on public areas of the App or websites you access through the App (collectively, "User Contributions"). Your User Contributions are Posted and transmitted to others at your own risk.  TESF cannot control other users’ use of the User Contributions that you submit to the App through chat messages, the “Share my story” feature and other App functionality, so you should consider the implications of sharing personal and other information through the App.  

Information You Provide Automatically

As you navigate through and interact with the App, we may use automatic data collection technologies to collect information that may include personal data. Information collected automatically may include usage details, device information, IP addresses, operating system, and browser type, and information collected through cookies, web beacons, and other tracking technologies including details of your interactions with our App, such as traffic data, location data, logs, and other communication data, and which resources and App features that you access and use.

We may use these automatic collection technologies to collect information about your online activities over time and across third-party sites or other online services (behavioral tracking). 

Using automatic collection technologies helps us to improve our App and to deliver a better and more personalized experience.


The technologies we use for this automatic data collection may include:


  • Cookies. A cookie is a small file placed on your device when you interact with the App. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable to access certain features of the App. 
  • Web Beacons. Some parts of the App and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those parts or opened an email and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). 


We obtain your consent to our information storage or collection tracking technologies by providing you with transparent information in this Privacy Policy and providing you with the opportunity to make a choice to disable cookies as set forth above. Please note that we are not required to obtain your consent to the information collection tracking technologies identified above that are strictly necessary. We are giving you detailed notice of the tracking technologies and your limited choices regarding them so that your consent is meaningfully informed.


To the extent any of these automated technologies are considered a personal data sale, targeted advertising, or profiling, under applicable laws, depending on where you live, you may opt out from use of these automated technologies for such uses by [REQUEST SUBMISSION METHOD]. Please note that some App features may be unavailable as a result.

When you interact with the App, there are third parties that may use automatic collection technologies to collect information about your or your device. These third parties include analytics companies.


These third parties may use tracking technologies to collect information about you when you use the App. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites, apps, platforms, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.


We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.


Users can always choose not to input their information, even though it might be needed to access TESF’s services or information about TESF’s services.

Users can set browsers to block cookies or erase TESF’s cookies from their computer, though doing so may prevent some aspects of the App from working properly.

Most browsers provide the ability for people to manage cookies to meet their needs. In some browsers, users can set up rules to control cookies on a site-by-site basis, giving users granular control over their privacy. These features enable users to disallow cookies from all sites except the trusted sites. 

Please see the list below for browser manufacturers’ help pages that relate to cookie management:


For other browsers, please consult the documentation that your browser manufacturer provides.

Users can prevent data collection by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout. This will place an opt-out cookie, which prevents the future collection of data when visiting App. This opt-out cookie must be stored permanently on a user’s computer. If a user deletes this opt-out cookie or it is deleted automatically via browser settings, the user will have to install this opt-out cookie again when visiting the App in the future.

We may receive personal data about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from service providers that we engage to perform services on our behalf, such as email platform providers, content delivery services, promotions services, analytics, and security and anti-fraud services. We also may receive personal data from business partners that we engage to share consumer information with us, including your personal preferences and demographic information such as age, gender, and income level so that we can better provide you with a personalized experience, including personalized content, offers and services. 


Information We Do Not Collect

We do not collect any of the following:

  • Location or GPS data
  • Contacts or address book information
  • Camera, photo library, or microphone access
  • Device advertising identifiers (IDFA/GAID)
  • Browsing history
  • Bluetooth data
  • Payment or financial information
  • Health records or medical data



2. How We Use Your Information

We use the information we collect to:

  • Authenticate your account and maintain its security.
  • Provide AI-powered chat assistance through the Ask feature, using Care to Cure's own curated content library in combination with a third-party AI model (see Section 3) to generate responses.
  • Personalize content and resources based on your selected role.
  • Deliver push notifications about new content and resources (with your consent).
  • Maintain, improve, and ensure the security of the App.
  • Notify you when App updates are available, and of changes to any products or services we offer or provide though it.
  • Fulfill any other purpose for which you provide it.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

We do not use your information for advertising or marketing to third parties.

The usage information we collect helps us to improve our App and to deliver a better and more personalized experience by enabling us to estimate our audience size and usage patterns, store information about your preferences, allowing us to customize our App according to your individual interests, speed up your searches and recognize you when you use the App.

In addition, we may use your personal information to develop or improve artificial intelligence (AI) models or automated decision-making systems, provided such use complies with applicable data protection laws. You may request information regarding the nature and purpose of this processing or opt out of AI-related data usage, unless such use is integral to the App. Opting out may limit certain App functionalities. The use your personal information in AI models or automated decision-making systems cannot be reversed, so any opt-our request or data correction or deletion request that you submit after your personal information has been processed with AI technologies will not “undo” such AI processing.



3. How We Share Your Information

We do not sell, rent, or trade your personal information.

We share your information only with the following service providers, strictly for the purposes described:

  • Device tokens are shared with Firebase solely for the delivery of push notifications.
  • Your account information and preferences are processed on our servers for authentication and content delivery. They are not shared with any AI model or AI service provider.
  • AI Chat (Ask) Feature: Ask uses a retrieval-augmented generation (RAG) architecture. When you send a message, our servers retrieve relevant excerpts from Care to Cure's own curated content library and then pass those excerpts together with the text of your message to a third-party AI model via OpenRouter, an AI model routing service. The AI model uses this information solely to generate a response to your question and returns it to our servers, which display it to you along with citations to our source content. We do not send your name, email address, account identifier, role, stage-of-care selections, or any other profile information to OpenRouter or any upstream model provider. The model providers we use through OpenRouter operate under zero-data-retention terms, meaning your messages are not stored by them after the response is generated and are not used to train AI models. OpenRouter's privacy policy is available at https://openrouter.ai/privacy. You should not include sensitive personal information, identifying details, or protected health information in your Ask messages.
  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our organization.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your information if required by law, regulation, or legal process, or to protect the rights, safety, or property of TESF, our users, or the public.

Notwithstanding any other provisions of this policy, and for the avoidance of doubt, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction. 



4. Data Storage and Security

  • All network communication between the App and our servers uses TLS encryption (HTTPS/SSL).
  • Authentication tokens are stored in encrypted form on your mobile device.
  • Chat messages are processed in real time and stored on our servers.
  • Messages sent through the Ask feature are transmitted over encrypted (TLS) connections to our servers. The portion of each message that is passed to our third-party AI model (via OpenRouter) is similarly transmitted over encrypted connections and is not retained by the model provider after a response is generated.
  • We implement industry-standard security measures including access controls and encryption in transit.

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.


5. Data Retention and Deletion

We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the App, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, personal data will be deleted, destroyed, or de-identified.

You may delete your account at any time from within the App. When you initiate account deletion, we will immediately delete your account and all associated data (including chat history, preferences, and profile information) and log you out of the App.

To request deletion of your Care To Cure account and data, email support@caretocure.org with the subject line 'Account Deletion Request'


6. Your Rights and Choices

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and all associated data directly within the App.
  • Withdraw Consent for push notifications at any time through your device settings.
  • Opt Out of non-essential communications.

You can set your browser to refuse all or some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some App features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, the App may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this policy.

To exercise any rights not available through in-app controls, contact us at [INSERT CONTACT EMAIL].

Depending on your jurisdiction, you may have additional rights under applicable privacy laws. See Section 9 for details.

7. Children's Privacy

Care to Cure is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [INSERT CONTACT EMAIL].

8. Third-Party Links and Services

The App may contain links to third-party websites, resources, or services (e.g., rehabilitation facilities, support organizations, informational content). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.



9. State and International Privacy Rights

State Rights

Many states, including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:


  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).
  • Data portability.
  • Opt-out of personal data processing for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Either limit (opt-out of) or require consent to process sensitive personal data or process personal data of minors under 18, 17, or 16 years old.


The exact scope of these rights may vary by state. To exercise any of these rights please email us at [email address]. To appeal a decision regarding a consumer rights request, please email us at [email address].


European Economic Area / United Kingdom (GDPR)

If you are located in the EEA or UK, our legal basis for processing your information is your consent (which you may withdraw at any time) and our legitimate interest in providing and improving the App. You have the right to access, rectify, erase, restrict processing, and port your data. To exercise these rights or lodge a complaint with a supervisory authority, contact us at [INSERT CONTACT EMAIL].


10. How We Protect Your Personal Data


We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the App. In particular, email, texts, and chats sent to or from the App may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.  The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.

101. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App and updating the "Last Updated" date above. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.


12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

The Thomas E. Smith Foundation - PO Box 46 - Marblehead MA 01945  

Email: info@thomasesmithfoundation.org Phone: 1-617-996-0623 

Website: thomasesmithfoundation.org