Privacy Policy

1.1 Data Controller Information

1.2 Scope of This Policy

This Privacy Policy applies to all personal data processing activities conducted through our website (mycustodycoach.com), mobile applications, AI services, and related platforms. This policy covers all users, regardless of location, with additional protections for users in jurisdictions with specific privacy rights.

2.1 Contract Performance (GDPR Article 6(1)(b))

We process your personal data to provide our AI-powered legal assistance services, manage your subscription, and fulfill our contractual obligations to you.

• User account creation and management
• AI response generation and document analysis
• Subscription billing and payment processing
• Customer support and service delivery

2.2 Legitimate Interests (GDPR Article 6(1)(f))

We process certain data based on our legitimate business interests, balanced against your privacy rights:

• Service Improvement: Analyzing usage patterns to enhance our AI technology
• Security: Detecting fraud, abuse, and protecting against cyber threats
• Communication: Sending service updates and important announcements
• Legal Compliance: Meeting audit, tax, and regulatory requirements

2.3 Consent (GDPR Article 6(1)(a))

For certain processing activities, we rely on your explicit consent:

• Marketing communications and promotional materials
• Optional data collection for research and development
• Cookies and tracking technologies (where required by law)
• Data transfers to countries without adequacy decisions

2.4 Legal Obligations (GDPR Article 6(1)(c))

We may process your data to comply with legal requirements:

• Tax and accounting obligations
• Anti-money laundering and fraud prevention
• Court orders and legal proceedings
• Data protection and privacy law compliance

3.1 Information You Provide Directly

Account Information

• Identity Data: First name, last name, email address
• Contact Information: Phone number, mailing address (if provided)
• Profile Data: Court state, children's ages, custody goals, case priorities
• Authentication Data: Password (encrypted), security questions

Legal Documents and Content

• Document Uploads: Court orders, parenting plans, communication logs, therapy records
• Text Content: Questions, descriptions, case details you submit
• Case Information: Case numbers, party names, court details (as extracted from documents)
• Communication Records: Messages with our support team

3.2 Information We Collect Automatically

Technical Data

• Device Information: IP address, browser type and version, operating system
• Usage Data: Pages visited, time spent, click patterns, feature usage
• Performance Data: Response times, error rates, system performance metrics
• Location Data: General geographic location (city/state level from IP address)

AI Interaction Data

• Prompts and Queries: All questions and inputs submitted to our AI system
• AI Responses: Generated content and recommendations provided to you
• Interaction Patterns: How you use AI features, frequency of use
• Feedback Data: Ratings, comments, and feedback on AI responses

3.3 Payment and Billing Information

• Payment Data: Billing address, payment method (processed by Stripe)
• Transaction History: Payment amounts, dates, subscription status
• Billing Records: Invoices, receipts, refund requests

4.1 OpenAI (AI Processing)

4.2 Supabase (Database and Storage)

4.3 Stripe (Payment Processing)

4.4 Email Service Providers

4.5 Analytics and Performance Monitoring

5.1 Transfer Mechanisms

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place for all international transfers:

For EU/UK Data Subjects:

• Standard Contractual Clauses (SCCs): EU Commission-approved transfer mechanisms
• Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
• Binding Corporate Rules: Where applicable for multinational processors
• Explicit Consent: Where other mechanisms are not available

5.2 Data Transfer Security

All international data transfers include:

• End-to-end encryption during transmission
• Restricted access controls at destination
• Regular security audits and compliance reviews
• Incident response and breach notification procedures

5.3 US-Specific Transfers

Most of our data processing occurs in the United States through providers that maintain enterprise-grade security certifications including SOC 2, ISO 27001, and compliance with US privacy frameworks.

6.1 Types of Cookies We Use

Strictly Necessary Cookies

Functional Cookies

Analytics Cookies

6.2 Cookie Management

You can control cookies through our cookie consent banner and your browser settings:

• Cookie Preference Center: Available in our website footer
• Browser Settings: Most browsers allow you to block or delete cookies
• Do Not Track: We respect browser Do Not Track signals where possible
• Mobile Apps: Manage tracking through device privacy settings

6.3 Third-Party Cookies

We may use third-party services that set their own cookies. These include:

• Google Analytics: Website usage analytics (with IP anonymization)
• Stripe: Payment processing and fraud prevention
• Support Services: Customer service chat and help desk tools

7.1 General Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.

7.2 User Data Deletion Control

Users can completely delete all of their data anytime in the Settings tab. Should they cancel their subscription without deleting, here's what happens to their data:

7.3 Data Deletion Process

When retention periods expire or upon valid deletion requests, we:

• Permanently delete data from active systems within 30 days
• Remove data from backups during the next backup cycle
• Provide confirmation of deletion upon request
• Maintain deletion logs for compliance purposes

8.1 Universal Rights (All Users)

Right to Access

You can request information about what personal data we hold about you, how we use it, and with whom we share it.

Right to Correction

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Deletion

You can request that we delete your personal data, subject to certain legal exceptions (such as legal obligations or pending legal proceedings).

8.2 GDPR Rights (EU/UK Users)

Right to Restrict Processing

You can request that we limit how we process your personal data in certain circumstances.

Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.3 CCPA Rights (California Users)

Right to Know

You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.

Right to Opt-Out

You can opt-out of the sale or sharing of your personal information for cross-context behavioral advertising.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

8.4 How to Exercise Your Rights

9.1 Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and regular security monitoring
• Secure Infrastructure: Enterprise-grade cloud providers with SOC 2 compliance

9.2 Organizational Safeguards

• Staff Training: Regular privacy and security training for all employees
• Background Checks: Security screening for personnel with data access
• Incident Response: Comprehensive breach response and notification procedures
• Regular Audits: Internal and external security assessments

9.3 Data Breach Procedures

In the event of a data breach, we will:

• Assess and contain the breach within 1 hour of detection
• Notify supervisory authorities within 72 hours (where required)
• Notify affected individuals without undue delay if high risk to rights and freedoms
• Provide clear information about the breach and steps being taken
• Conduct thorough investigation and implement additional safeguards

10.1 Child Information in Legal Documents

While our services are for adults, your uploaded legal documents may contain information about children (such as custody schedules, child support details). We treat all such information with the highest level of security and privacy protection.

10.2 Parental Rights

If you believe we have inadvertently collected information from a child under 16, please contact us immediately at privacy@mycustodycoach.com. We will promptly investigate and delete such information.

11.1 Notification of Changes

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

• Email notification to your registered address
• Prominent notice on our website
• In-app notifications for mobile users
• Updated "Last Modified" date at the top of this policy

11.2 Consent to Changes

For material changes that require consent, we will obtain your explicit agreement before implementing the changes. Continued use of our services after non-material changes constitutes acceptance of the updated policy.

12.1 Data Protection Officer

12.2 Supervisory Authority Complaints

If you're unsatisfied with our response to your privacy concerns, you have the right to file a complaint with relevant supervisory authorities:

• EU Users: Your local Data Protection Authority
• UK Users: Information Commissioner's Office (ICO)
• California Users: California Attorney General's Office
• Other US Users: State Attorney General's Office

12.3 Emergency Contact

For urgent privacy or security matters (such as suspected data breaches affecting your account), contact us immediately at: