LumisCare Privacy Terms Readiness Options — 2026-05-24

LumisCare Privacy/Terms readiness options

Date: 2026-05-24 Status: implementation drafted after CEO direction on 2026-05-24; final legal review still recommended before treating as full SaaS legal package.

Current live gap

landing/index.html footer currently renders:

• Privacy with href="#"
• Terms with href="#"
• Contact with mailto:[email protected]

Mail contact is verified separately, but Privacy/Terms remain unresolved public-readiness blockers because the public landing page promotes care-management software and repo documentation references regulated healthcare/care contexts.

Existing product/compliance context found in repo

Relevant repo context to review before approving legal pages:

• docs/FAMILY-PORTAL-INDUSTRY-GUIDE.md references UK care/CQC/GDPR-oriented family portal expectations.
• docs/INFRASTRUCTURE-DOCUMENTATION-REVIEW.md flags US healthcare/HIPAA documentation as a critical gap.
• docs/design/SAFETY-COMPLIANCE-FEATURES-DESIGN.md references GDPR/CCPA/HIPAA considerations for safety/compliance features.
• docs/design/MEDICATION-VITALS-DESIGN.md references HIPAA Security Rule considerations.

These docs are product/engineering context only; they do not constitute approved public legal policy.

Decisions required before publishing final legal pages

1. Legal entity/controller

   • Which company is the contracting/provider entity for LumisCare?
   • Registered address and contact email for privacy requests.

2. Geography and market scope

   • UK only, US only, EU/EEA, Norway, or multi-region?
   • Whether public copy should mention CQC/DSCR/HIPAA/GDPR commitments now or only after compliance sign-off.

3. Data roles

   • Is LumisCare a processor/vendor for agencies, a controller for demo leads, or both?
   • Are family/care-recipient data flows live today or only planned?

4. Data collected by the landing page

   • Current landing CTA uses mailto, not a web form.
   • Confirm whether analytics, cookies, Application Insights, CRM ingestion, or tracking pixels are enabled on public landing.

5. Healthcare/sensitive data posture

   • Confirm whether visitors should be warned not to send patient/PHI/sensitive care data via email demo contact.
   • Confirm breach/contact escalation wording.

6. Terms scope

   • Public marketing-site Terms only, or SaaS subscription Terms as well?
   • If SaaS Terms: pricing, trial, cancellation, acceptable use, support SLA, liability limits, DPA/BAA references need legal approval.

Safe implementation options

Option A — Minimal blocker acknowledgement, no public legal pages yet

Keep Privacy/Terms as known blockers in readiness docs. Do not claim full public readiness.

Pros:

• No fabricated legal policy.
• Lowest legal risk.

Cons:

• Live footer has dead href="#" links.
• Not ideal for public launch/trust.

Option B — Publish “review pending” placeholder pages

Create /privacy.html and /terms.html that clearly state legal documents are pending review and provide [email protected] contact.

Pros:

• Removes dead links.
• Honest about status.

Cons:

• Placeholder legal pages may still look unprofessional.
• Does not satisfy full compliance/legal-readiness.

Option C — Publish approved marketing-site Privacy/Terms only

Legal/CEO approves narrow pages covering:

• demo/contact email handling,
• no patient data via email,
• no cookies/analytics or explicit cookie disclosure if present,
• controller/contact details,
• user rights by target geography,
• marketing site usage terms.

Pros:

• Best near-term public landing readiness.
• Avoids premature SaaS/PHI commitments.

Cons:

• Requires legal/entity decisions above.

Option D — Publish full SaaS Privacy, Terms, DPA/BAA package

Full legal suite for production SaaS and regulated healthcare data.

Pros:

• Best long-term enterprise readiness.

Cons:

• Highest legal workload.
• Should not be generated or published without legal review.

CEO direction received 2026-05-24

• Responsible legal/operator entity for LumisCare public site: Snowit.
• Market posture: EU-first and US-aware.
• Option C approved: narrow marketing-site Privacy/Terms first.
• Footer links may be updated to /privacy.html and /terms.html after pages are added.

Implemented draft

Implemented narrow marketing-site pages:

• landing/privacy.html
• landing/terms.html

The pages intentionally do not claim to be a full SaaS legal package, DPA, BAA, or customer contract. They cover the public marketing website and demo enquiries, and warn visitors not to send patient/care-recipient/PHI/sensitive care data by email.

Remaining legal hardening recommended later:

1. Confirm exact registered Snowit legal name, registration number, and address for formal insertion.
2. Confirm cookie/analytics status if tracking is added later.
3. Add full SaaS Terms, DPA, and BAA package before regulated production customer onboarding.

---

Deployment verification summary

LumisCare PR #2 legal pages deploy verification

Date: 2026-05-24 UTC

Merge/deploy

• PR #2: https://github.com/johnatbasicas/vivacare/pull/2
• Merge commit: ce71a014803d9de18227989c8e57d31155812dce
• GitHub Actions run: https://github.com/johnatbasicas/vivacare/actions/runs/26372435887
• Workflow conclusion: success
• Jobs passed:
  • Deploy: landing (lumiscare.com)
  • Deploy: backoffice (app.lumiscare.com)
  • Deploy: admin (admin.lumiscare.com)
  • Deploy: family-portal (family.lumiscare.com)
  • Smoke Test: verify all portals

Evidence:

• /tmp/alai/lumiscare-legal-live-verify-20260524T205500Z/gh-run-view-26372435887-final.json
• /tmp/alai/lumiscare-live-verify-20260524T195900Z/gh-run-watch-26372435887.txt

Live browser verification

Verdict: PASS

Verified on https://lumiscare.com:

• / returns HTTP/browser 200.
• /privacy.html returns HTTP/browser 200.
• /terms.html returns HTTP/browser 200.
• Footer links point to /privacy.html and /terms.html.
• No remaining href="#" links on landing.
• No browser page errors detected.
• Tailwind CDN/config runtime issue remains absent.
• Live page hashes match origin/full-production for landing, privacy, and terms pages.
• Screenshots captured for all three pages.

Evidence:

• /tmp/alai/lumiscare-legal-live-verify-20260524T205500Z/live-legal-browser-verification.json
• /tmp/alai/lumiscare-legal-live-verify-20260524T205500Z/live-home.png
• /tmp/alai/lumiscare-legal-live-verify-20260524T205500Z/live-privacy.png
• /tmp/alai/lumiscare-legal-live-verify-20260524T205500Z/live-terms.png

Scope note

The published pages are narrow marketing-site Privacy Notice and Website Terms for demo/contact enquiries. They are not a full SaaS legal package, DPA, BAA, or regulated production customer contract set.