Privacy Policy

Last updated: May 12, 2026

1. Introduction

Sober Friend ("we," "us," or "our") operates a software platform for sober living home operators, their residents, staff members, and designated payers. This Privacy Policy explains how we collect, use, store, and protect your information across all parts of the platform, including the business dashboard, resident portal, AI recovery mentor, payer portal, and public directory.

2. Information We Collect

We collect different categories of information depending on how you interact with the platform:

2.1 Account Information

  • Name, email address, and phone number
  • Account credentials and authentication data
  • User role (operator, resident, staff, or payer)

2.2 Resident and Client Data

When operators manage residents through the platform, we store:

  • Personal identifiers (name, date of birth, gender, contact information)
  • Recovery-related dates (sobriety date, move-in/move-out dates)
  • Compliance records (UA test results, curfew check-ins, meeting attendance)
  • Medication records (prescriptions, administration logs)
  • Session notes, house notes, and progress tracking
  • Emergency contact information
  • Payer/responsible party contact information

2.3 AI Mentor Conversations

When residents use the AI recovery mentor, conversation content is processed to provide personalized support. If the AI detects risk-related language, it may generate an escalation alert that includes the risk category and severity level. Conversation content itself is not shared with operators — only the category, severity, and timestamp of the alert.

2.4 Payment Information

  • Rent payment records (amounts, due dates, payment status)
  • Stripe Connect account information for operators
  • Payment method details are processed and stored by Stripe, not by Sober Friend

2.5 Usage and Communication Data

  • Email interaction data (delivery, opens, clicks) for platform communications
  • Browser and device information
  • Activity logs within the platform

3. How We Use Your Information

  • Platform operations: providing and maintaining the dashboard, resident portal, payer portal, and staff tools
  • Rent collection: processing payments through Stripe Connect on behalf of operators
  • Automated communications: sending rent reminders, payment receipts, escalation alerts, milestone notifications, and system updates
  • AI mentor: powering the AI recovery mentor and generating escalation alerts when risk language is detected
  • Compliance tracking: logging UA results, curfew check-ins, and meeting attendance for operators
  • Directory listings: displaying operator information in the public sober living directory
  • Analytics and improvement: understanding platform usage to improve the product

4. Data Security and Encryption

We implement strong technical safeguards to protect sensitive information:

  • Encryption at rest: Personally identifiable resident data (names, contact information, dates of birth, payer details, emergency contacts, and clinical notes) is encrypted using AES-256-GCM before storage
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS
  • Tenant isolation: Each business's data is logically separated using row-level security policies, ensuring operators can only access data belonging to their own houses
  • Access controls: Role-based permissions ensure staff, residents, and payers can only access data appropriate to their role

While we implement security measures that align with industry best practices for protecting sensitive personal data, no system is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Service Providers

We use the following third-party services to operate the platform. Each processes data only as necessary to provide their service:

  • Stripe — payment processing and Stripe Connect for operator rent collection
  • Supabase — database hosting and authentication
  • Resend — transactional and automated email delivery
  • Amazon Web Services (AWS) — application hosting, deployment, and serverless infrastructure
  • AI model providers — powering the AI recovery mentor (conversation data is sent to the AI provider for processing but is not used to train models)

6. Automated Communications

The platform sends automated emails including:

  • Rent payment reminders and receipts
  • Escalation alerts to operators when risk language is detected
  • Sobriety milestone celebrations
  • Staff and payer portal invitations
  • Account and subscription notifications

We track email delivery, opens, and clicks to ensure reliable communication. You may unsubscribe from non-essential communications at any time.

7. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services. Resident records are retained for the duration of the operator's account. When an operator cancels their subscription, they may request a data export. Deleted accounts and discharged resident records are soft-deleted and retained for a reasonable period to support recovery continuity and comply with any applicable record-keeping requirements, after which they are permanently purged.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal retention requirements)
  • Object to or restrict certain types of processing
  • Request a portable copy of your data

Residents who wish to exercise these rights should contact their house operator or email us directly.

9. Cookies

We use cookies for authentication (keeping you logged in) and basic analytics. We do not use cookies for third-party advertising. You can instruct your browser to refuse cookies, but this may prevent you from using parts of the platform that require authentication.

10. Children's Privacy

The platform is not intended for use by anyone under 18. We do not knowingly collect information from children under 18. If we learn we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy as the platform evolves. Material changes will be communicated via email to account holders. Continued use of the platform after changes take effect constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at jordon@soberfriend.io