Privacy Policy

Controller: MyCustodyCoach, LLC, 1500 N Grant St Ste N, Denver, CO 80203, United States.

Scope: This policy describes processing of personal information in connection with the website mycustodycoach.com, our applications, and related services (collectively, the "Service").

Related documents: Terms of Service · Legal Disclaimer.

1. Summary

We collect account, usage, and content you submit so we can operate the Service (including AI-assisted features). We use service providers to host data, run infrastructure, process payments, and run AI inference. We do not sell personal information as that term is defined under the California Privacy Rights Act (CPRA). We configure AI processing under agreements that restrict use of your content for model training; we may use de-identified or aggregate information to improve reliability and safety.

Category	Examples	Primary purposes
Account	Name, email, credentials, profile fields you provide	Account creation, authentication, support
Content	Text you enter, files you upload, generated outputs	Providing AI and document features you request
Technical	IP address, device/browser data, logs	Security, debugging, service improvement
Payment	Billing details handled by our payment processor	Subscriptions, fraud prevention, tax and accounting

2. Information we collect

2.1 You provide

Registration and profile information (for example name, email, password or SSO identifiers).
Optional profile fields related to your custody matter (for example state, goals, or child age ranges you choose to enter).
Content you upload or paste (for example court orders, messages, notes) and prompts you send to the Service.
Custody-related documents, uploaded files, and information about children you provide are treated as sensitive account content, as described in Section 9.
Communications with support.

2.2 We collect automatically

Device and connection data (for example IP address, browser type, approximate location from IP).
Usage data (for example pages or features used, timestamps, diagnostic events).

2.3 From integrations you enable

If you connect third-party accounts (for example Google for calendar or file pickers), we receive information in accordance with the permissions you grant. See Section 5 for OAuth scopes we may request when you opt in.

3. How we use information

Provide, maintain, and secure the Service.
Process subscriptions and payments.
Run AI-assisted features you request, including sending prompts and relevant content to our AI subprocessors as described below.
Respond to support requests and send service-related notices.
Comply with law, enforce our agreements, and protect rights and safety.
Improve the Service using de-identified or aggregate information where permitted.

4. Legal bases (where GDPR applies)

Depending on context, we rely on:

Contract (Art. 6(1)(b)): providing the Service you signed up for, including AI features and billing.
Legitimate interests (Art. 6(1)(f)): security, abuse prevention, product improvement, and internal analytics, balanced against your rights.
Consent (Art. 6(1)(a)): where required for optional marketing, certain cookies, or non-essential processing.
Legal obligation (Art. 6(1)(c)): tax, accounting, and lawful requests.

5. Sharing and subprocessors

We disclose personal information to vendors that process it on our instructions (subprocessors) and where required by law. We use written agreements that require appropriate confidentiality and security measures.

Provider (category)	Role	Typical data
Supabase (hosting, auth, storage)	Infrastructure and database	Account data, content you store, metadata
Anthropic (AI inference)	Model provider	Prompts and content you send for processing
OpenAI (optional standby)	Model provider, only if enabled in your configuration	Same class as Anthropic when activated
Stripe (payments)	Payment processor	Payment method details, billing address, transaction data
Email provider	Transactional and support email	Email address, message content
Analytics (if used)	Product analytics	Identifiers and usage events per tool configuration

5.1 Google OAuth (optional)

Connecting Google is optional. If you enable it, we may request scopes such as: calendar read-only; calendar events (to create or update events you authorize); and Drive file access limited to files you select or that the application creates. You can revoke access in your Google Account settings.

5.2 AI processing

Content you submit may be transmitted to our AI subprocessors to generate responses. Commercial terms restrict use of customer data for training; retention on the vendor side is governed by our agreements and their documentation. Do not submit information you are not permitted to share with subprocessors.

6. Cookies and similar technologies

We use cookies and similar technologies for session management, security, preferences, and (where enabled) analytics. Strictly necessary cookies may not be optional. Where required by law, we obtain consent for non-essential cookies. You can control cookies through your browser and any on-site banner we provide.

7. Retention

We retain personal information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. You may delete content or your account through in-product controls where available. Backup systems may retain residual copies for a limited period until overwritten according to our backup practices.

Payment and finance. Stripe and we retain billing and transaction records as required for tax, accounting, chargeback handling, and financial regulations. Those periods may be longer than general account data retention and are described in Stripe's documentation and applicable law.

Data type	Typical retention
Account and profile	Life of account, then deleted or anonymized after deletion request, subject to backups
User content and AI interactions	Life of account unless you delete earlier; thereafter per deletion and backup cycle
Security and operational logs	Limited rolling retention for security and troubleshooting
Marketing records	Until you unsubscribe or object, as applicable

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. California residents may have rights under the CCPA/CPRA, including rights to know, delete, and opt out of sale/share (we do not sell personal information as defined by the CPRA). EU/UK users may lodge a complaint with a supervisory authority.

To exercise rights, contact us at support@mycustodycoach.com with subject line "Privacy Request." We may need to verify your identity before fulfilling a request. We will respond within the timeframes required by applicable law.

9. Security

We implement administrative, technical, and organizational measures designed to protect personal information. Connections to the Service use industry-standard encryption in transit, including HTTPS/TLS. Data stored in our infrastructure is protected by our hosting provider's encryption at rest and technical access controls intended to limit access to account data.

We treat custody-related documents, uploaded files, extracted text, AI prompts and responses, parenting-time records, communication records, and information about children that you choose to provide as sensitive account content. Access to account data is limited by authentication, account-scoped controls, and database policies designed to restrict records to the appropriate user account.

Some especially sensitive account fields may receive additional application-layer protection before storage where that protection is implemented. Not every file, storage object, log, or derived record is separately encrypted at the application layer.

Content you submit for AI features may be transmitted to our AI subprocessors as described in Section 5. Do not submit material you are not permitted to share. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

If we become aware of a breach affecting personal information where notification is required, we will notify affected individuals and regulators as required by applicable law.

10. Children

The Service is intended for adults. We do not knowingly collect personal information from children under 16 for direct marketing. Documents you upload may reference children; we treat that information as part of your account content and process it only to provide the Service.

11. International transfers

We are based in the United States. If you access the Service from elsewhere, your information may be processed in the US or other countries where we or our vendors operate. Where GDPR applies, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms permitted by law.

12. Changes and contact

We may update this policy from time to time. We will post the revised version and update the "Last updated" date. If changes are material, we will provide notice as required by law (for example by email or in-product notice).

Privacy questions and requests: support@mycustodycoach.com