top of page

CustodyComms Privacy Policy
Effective Date: December 31, 2025
Your privacy is extremely important to us. This Privacy Policy explains what information CustodyComms collects, how we use and share that information, and your rights regarding your information. Our goal is to be transparent about our privacy practices in plain language. By using the CustodyComms application or any related services (collectively, the “Service”), you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Service.
Who We Are: When we say “CustodyComms,” “we,” “us,” or “our,” we mean CustodyComms, LLC, the company providing this Service. We are based in the United States. We offer a specialized communication and evidence-management app for co-parenting and legal contexts, designed with privacy in mind (local data storage, etc.).
Scope: This Privacy Policy applies to information we collect through the CustodyComms app, our website, and any other related online services we provide. It also applies to any contact you have with us for support or inquiries. It does not cover any third-party services you might use in connection with CustodyComms (like an email provider or cloud backup service on your device) – those have their own privacy policies.
By using CustodyComms, you also agree to our Terms of Service, which is a separate document governing your use of the Service. We encourage you to read that as well, especially to understand our unique architecture (since it affects privacy).
1. Information We Collect
We collect very limited personal information – far less than most communication apps – due to our local-first design. We’ve structured this section by categories of data:
A. Information You Provide Directly
These are details you give us when you create an account or otherwise interact with CustodyComms:
•    Account Registration Info: When you sign up, we require your first/last name, role, email address, and password. Your email serves as your primary login identifier and how we communicate with you. Authentication is handled through Firebase Authentication, a secure service provided by Google—your email and encrypted password credentials are stored with Firebase, not on our servers. We do not require your physical address or phone number to create an account. We may infer your general region from your IP address at sign-up for purposes like tax calculation or legal compliance, but we do not collect or store precise location data.

•    Profile Information (Optional): CustodyComms is designed for privacy, so profile information is minimal. Any profile preferences you set are stored locally on your device in the application's database.  CustodyComms may offer more profile features in the future. CustodyComms does not sync profile data to the cloud—your case data, messages, and preferences remain on your computer unless you explicitly export them.
•    Payment Information: If you upgrade to a paid subscription (Evidence Edition), you will provide payment details such as a credit card number, expiration date, billing zip code, and cardholder name. CustodyComms does not store your full credit card information. We use Stripe, a PCI-compliant payment processor, to handle all card transactions securely. Your card details are sent directly to Stripe; we only receive a token reference plus limited information such as the last 4 digits of your card, card type, and billing country. We maintain a record of your subscription status, purchase amounts, and transaction dates linked to your account for billing and support purposes.
•    Communications with Us: If you contact us for support or feedback (via email, support form, or phone), we will collect whatever information you provide in that communication. That could include your contact details (email, phone), and a description of your issue or question. If you send screenshots or logs to illustrate a problem, those might contain personal data (we’ll only use it to assist you). We store support communications and any attachments you send in our support system or email, so we can reference them to help you and improve the Service.
•    Surveys or Feedback: On occasion, we might offer user surveys or ask for testimonials. Your participation is optional. If you respond, we collect your responses. Survey answers might be anonymized or aggregated for analysis. If you provide a testimonial or review and give us permission to post it, we might display it (possibly with your name or chosen identifier), but we’d get explicit consent for anything like that.
B. Information We Collect Automatically
When you use CustodyComms, we (or our service providers) automatically collect some technical information about your device and usage of the Service. We keep this limited and anonymized where possible. This includes:
•    Device and App Info: We may collect data about the device you use to access the Service, such as your device model, operating system version, device identifiers (like a random ID that CustodyComms assigns, or possibly hardware IDs if needed for the single-device enforcement), and the CustodyComms app version. This helps us ensure compatibility and provide updates. For example, knowing that you’re on “CustodyComms v1.2 on Windows 10” helps us troubleshoot an issue you might have. We might also detect things like device language (to know what language to display, currently English only) or timezone (for timestamp accuracy).
•    Usage Logs: Our system will log certain actions for security and analytics. For instance, when you log in, our server logs the time and your IP address (mostly for security and auditing). If you send a request to our server (like checking subscription status or retrieving an update), that request might be logged on our server with timestamp and technical details (like IP, route accessed, response status). We also log when messages counts are updated (not the messages, just that a count was incremented). These logs do not contain your message content. They are mainly technical. We use them to monitor the health of the Service and investigate issues (like an unusual spike in errors or a potential security incident).
•    Analytics Data: We currently avoid any invasive analytics. We do not embed third-party analytics trackers in your private content. We may utilize built-in analytics to understand overall usage patterns of features. For example, we may count how many users use the “Export PDF” feature each month, or how long the average session lasts, etc. If we use a third-party analytics service, we will ensure it respects privacy. These analytics might use device identifiers or cookies (for website usage). If on our website, we might use tools like Google Analytics to see site visit metrics, which would collect data like your browser type, referring website, pages visited, and approximate geolocation (via IP). For the app itself, we might collect crash reports or error logs (which could be via services like Sentry or Firebase Crashlytics), which capture technical info at the time of a crash (like device state). We configure such tools to avoid capturing sensitive content, but they might capture, say, a function name or data size.
•    Cookies and Similar Tech: If you use our website (for account management or informational pages), we may use cookies or local storage in your browser. These could be necessary cookies (for login sessions) or analytics cookies (as described). We do not use cookies for advertising. Within the mobile/desktop app, cookies are not typically used, but we might use secure local storage for things like remembering you’ve seen a tutorial.
•    CLOUD BASED AI-Powered Analysis (Optional): CustodyComms offers optional CLOUD BASED AI-powered features, such as AI Analysis of Incidents (AI generated title and description of collection of message), to help you identify concerning patterns in communications. We collect if you have these services turned on or off via our analytics. These features are disabled by default. If you choose to enable CLOUD BASED AI analysis, the text content of your messages is sent to OpenAI's API for processing. OpenAI processes this data according to their privacy policy and API data usage terms—importantly, OpenAI does not use API data to train their models. CustodyComms never receives your messages and therefore cannot store your messages on our servers; the analysis is performed on-demand by OpenAI, and only the resulting insights (title and description) are stored locally on your device. You can disable AI analysis at any time, at which point no further message content will be sent to OpenAI. ONLY THE INCIDENTS YOU PICK AND SEND TO OPENAI ARE ANALYZED. 
•    No Monitoring of User Content: We want to reiterate: CustodyComms does not collect, monitor, or store your message content on our servers. Your communications remain on your local device. We do not scan your content for advertising, profiling, or any purpose—we simply do not have access to it. If you choose to enable optional CLOUD BASED AI-powered analysis features, message content is sent to OpenAI's API for processing (see " CLOUD BASED AI-Powered Analysis " above). This is the only circumstance in which your message content leaves your device, and it goes directly to OpenAI—not to CustodyComms servers. You control whether this feature is enabled, and you can disable it at any time.

C. Information We Do NOT Collect
We design our system to minimize data collection. Here are notable things we do not collect or store on our servers:
•    Content of Communications: The text of messages, images, documents, or other case data that you put into CustodyComms stays on your device and is not uploaded to our servers. We cannot see the conversations between you and your co-parent or any notes you store. Even if your account is linked with someone else’s (not applicable in our design except possibly to share exports), we as a company do not possess that data centrally. If you choose to enable CLOUD BASED AI analysis, the text content of your messages is sent to OpenAI's API for processing, however, CustodyComms does NOT see these communications, as they are ONLY send to OpenAI. 
•    Other Parties’ Information: If you input information about your co-parent, children, or others (names, etc.), that’s in your local app data. We do not have a database of those names or relationships on our servers. We only have what you provide in account registration and billing.
•    Sensitive Personal Data Categories: We do not intentionally collect any sensitive categories of personal data such as race, ethnicity, religious or philosophical beliefs, sexual orientation, health information, biometric identifiers, or genetic data. We advise users not to store health or financial account info in the app as content (see Terms about PHI). But even if you do, we won’t see it as it’s local. We don’t ask for social security numbers or driver’s license numbers (unless perhaps if required for identity verification in some support case, but that would be exceptional and we’d handle it carefully).
•    Children’s Information - Age Requirement: CustodyComms is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you are under 18, you may not create an account or use CustodyComms. If we learn that we have collected information from a user under 18, we will delete that account and associated data promptly.
In short, we aim to collect the bare minimum: contact info for your account, billing info for purchases, and technical data for running the service. The bulk of data that you generate (messages, etc.) is never uploaded to us. This is a key point of our privacy approach.
2. How We Use Information
We use the information we collect for purposes of providing, maintaining, and improving our Service, as well as for communication and legal reasons. Specifically:
•    To Provide the Service: We use your account information (email and password) to authenticate you and log you into the app. If you have a subscription, we use your info to recognize that you’re a premium user and unlock features or remove watermarks accordingly. We enforce usage limits (for Free tier) by counting your message events – our server keeps a tally and when you approach the limit we may notify you. We also use local data on your device to run the core features (though that local processing isn’t “our use” in a server sense, it’s you using the app). Essentially, without using your account details and some usage stats, we couldn’t operate the Service. It’s the core “perform the contract” use.
•    Account Management: We use your email to send important account-related communications. This includes verification emails when you register, password reset emails if requested, receipts or invoices for purchases, and alerts such as “your subscription is about to renew” or “your free tier limit is reached for this month”. We might also inform you of significant changes to the Service or Terms via email. We will not spam you; these are intended to be relevant and necessary communications.
•    Customer Support: If you reach out for support, we will use the information you provided to assist you. For example, if you email us about a problem, we’ll use your email and whatever info you gave about the issue to troubleshoot and respond. We might ask for more details or logs, and use those strictly to resolve your issue. We may keep a record of support issues to track recurring problems or for training support staff (removing personal identifiers when possible).
•    Service Improvement: We may use aggregated usage data and feedback to improve CustodyComms. For instance, if analytics show a certain feature is hardly used, we might investigate why and improve it. Or if crash logs indicate a function is causing crashes on Windows devices, we use that data to fix bugs. None of this involves reading user communications – it’s technical and behavioral metrics. We also use feedback you provide (via surveys or emails) to make enhancements. Per our Terms, feedback can be used without restriction, but always in a way that respects privacy (we wouldn’t publish your name with a suggestion unless you allowed).
•    Enforcement and Security: We use data like logs and account info to enforce our Terms of Service and usage policies, and to ensure the security of the Service. For example, we monitor login patterns to detect if an account might be compromised (e.g., an impossible login from two far locations might signal sharing or hacking). If we detect violation of the single-device rule (like frequent device swaps that look automated), we may use that info to send you a warning or take action. We also might use data to prevent abuse – for example, if one account is creating hundreds of messages extremely fast (potential spam bot), we examine that pattern. Additionally, if needed, we will use account and technical info to investigate fraud, spam, or other malicious activities on the Service. This might involve automated scans of metadata (not content) or manual review of logs.
•    Billing and Payments: We use payment-related data to process your subscription fees. If you are on Evidence Edition, our system will use your provided payment method to charge subscription renewals. We might send your email and subscription type to our payment processor to manage the billing. We also handle things like applying taxes or complying with billing laws (like sending you a copy of terms or offering easy cancellation, which is also a legal compliance point, particularly for auto-renewals). We may also use your email to communicate about billing issues (like a failed payment) or changes (like updated pricing or confirmation of cancellation).
•    Communication with You (Marketing): We may send you optional communications about product updates, new features, or promotions, but only in accordance with applicable laws. For example, as a user, you might get an email announcing a major new feature or a newsletter with co-parenting tips (if you opt-in). We will make sure any such marketing emails give you a clear ability to opt out (unsubscribe) if you don’t want them. If you do opt out, we won’t send them; you’ll only get essential account emails. We will not sell your contact info to third parties for marketing, and we won’t spam your co-parent or anyone else.
•    Compliance and Legal Obligations: We may use your information as needed to comply with legal obligations. For example, keeping purchase records for tax and accounting, or using your state of residence to determine sales tax. If law enforcement or a court order legally compels us to produce information (see Section 4 on sharing), we will use what data we have to comply (which is usually just account info, since we don’t have content). We may also use information to exercise our legal rights or defend against legal claims – for instance, using logs to demonstrate that a certain action occurred or did not occur.
•    Analytics and Service Quality: On our website or for planning purposes, we may use data to analyze and measure how our Service is used. This is often done in aggregate. For example, “10% of users use feature X daily.” This helps us prioritize improvements. We might also look at user demographics in aggregate if known (like general region count of users, not personal data) to decide where to focus marketing or support resources.
•    AI Functionality: CustodyComms offers optional AI-powered analysis to help you understand flagged incidents, or user generated, in your communications. Incident detection itself does not use AI—it uses pattern matching built into the application. AI is used only for analyzing and explaining detected incidents, and you have two options:
o    Ollama (Local AI): If you choose Ollama, all AI processing happens entirely on your device. Your message content never leaves your computer. CustodyComms does not receive, transmit, or have access to any data processed by local AI.
o    OpenAI (Cloud AI): If you choose OpenAI, individual incidents are sent directly to OpenAI's API for analysis on an ad-hoc basis. This data goes directly from your device to OpenAI—CustodyComms does not receive, store, or process your message content. OpenAI handles this data according to their API data usage terms; importantly, OpenAI does not use API data to train their models. You can enable or disable AI analysis at any time, and you can choose between different analysis modes. When disabled, no data is sent to any AI provider. 
•    Push Notifications: If you enable notifications (for message alerts or reminders), we will use your device token to send those through the OS’s push notification service (Apple or Windows). That means we have to process a message like “send push: You have a new note from [CustodyComms]” to your device. We do not include sensitive content in push notifications. Typically, the notification might just say “New message in CustodyComms” without details, to preserve privacy. You can control these in your OS settings.
In summary, we use your information primarily to operate and secure the Service, to communicate with you, and to improve the Service. We do not use it for advertising or profiling beyond the scope of providing the CustodyComms functionality and informing about features. We do not have algorithms deciding anything significant about you in a way that produces legal effects; any AI or analysis is at your command in-app, or OpenAI, not our back-end producing user profiles. We aim to keep your data use minimal and transparent.
3. How We Share Information
We understand that trust is paramount. We do not sell your personal information to third parties. We only share information in a few specific situations, as outlined here:
A. Service Providers (Processors): We work with third-party companies to perform certain tasks on our behalf. These trusted partners only get the information necessary for their function, and they are bound by contractual obligations to keep your data secure and use it only for the purposes we specify. The main types of service providers we use are:
•    Payment Processors: As mentioned, we use a company like Stripe (or could be PayPal, etc., but currently Stripe) to handle subscription payments. When you enter your payment details, that information goes directly to Stripe in many cases. Stripe will process your payment and provide us confirmation. They may store your card info for recurring billing. We share with Stripe the necessary data: your customer identifier in our system, the amount to charge, your email (for receipt), possibly your IP and device info for fraud screening, and billing info like name and zip code. Stripe is not allowed to use this data except to provide services for us (and to comply with their own legal obligations like anti-fraud, KYC). Stripe’s handling of your data is also governed by their privacy policy, which we encourage you to read. Importantly, we do not see or store your full credit card number or CVV – that’s all with Stripe.
•    Cloud Hosting and Backend Infrastructure: Our service has a backend that might be hosted on cloud platforms (for example, Amazon Web Services or Google Cloud). These platforms store our server and database (which contains account data like your email, hashed password, subscription status, usage counts). When your device communicates with our server (for login, etc.), the data passes through these infrastructure providers. We rely on their robust security. They are not allowed to access your data except as needed to maintain the service (and typically it’s all automated; AWS isn’t reading our database, they just host it). These providers might incidentally process data (e.g., an IP address hits their load balancer logs, or data is stored on their storage system). Our agreements with them and their standard policies ensure they aren’t using your data for anything beyond providing the service to us.
•    Email and Communication Tools: We may use an email service provider (like SendGrid, Mailgun, or similar) to send out our transactional emails (verification codes, notifications, etc.). That means your email address and the content of the email (like “Welcome to CustodyComms...”) pass through that provider. They are not to use your email for anything else. Likewise, if we have a support ticket system or CRM (like Zendesk or Freshdesk), and you email us, your email and conversation might be stored there for us to manage the support. Those systems have access to what you send, but again, under strict purpose limitations.
•    Analytics Services: If we use a service like Google Analytics on our marketing site and app, they will collect some data from your visits (via cookies or scripts). We would configure it to avoid collecting personal data whenever possible (IP anonymization, etc.). Google Analytics might get your IP (truncated if anonymized), device info, and site usage patterns. They aggregate this for us (e.g., “100 users visited the Features page”). We do not send them any CustodyComms user private info. Similarly, if we use crash reporting (like Sentry or Crashlytics), those services will receive the crash data which might include device ID and error details. They use it only to provide us with debugging info. All such providers are in roles often called “processors” under privacy laws – they process data for us, not for themselves.
•    Cloud AI or Other APIs - OpenAI (Cloud AI): If you choose OpenAI, individual incidents are sent directly to OpenAI's API for analysis on an ad-hoc basis. This data goes directly from your device to OpenAI—CustodyComms does not receive, store, or process your message content. OpenAI handles this data according to their API data usage terms; importantly, OpenAI does not use API data to train their models. You can enable or disable AI analysis at any time, and you can choose between different analysis modes. When disabled, no data is sent to any AI provider. 
In all cases above, we endeavor to limit the data shared and ensure it’s used narrowly. For instance, we might share an anonymized unique ID instead of your actual email with some services if possible.
B. Affiliates: If CustodyComms, LLC has any affiliate companies (under common ownership or control), we may share your information with them for similar purposes as described, consistent with this Privacy Policy. For example, if we have a subsidiary that helps operate the Service or an affiliate that provides a related service, we might share infrastructure or support resources. They would be bound to protect it just like we do. Currently, we don’t have separate affiliates handling user data, but this clause is here in case our corporate structure changes (like we create a parent company or spin-off).
C. Legal Compliance and Protection: We may disclose information (which, recall, is mostly account info we have, not content) when we believe in good faith that such disclosure is necessary to:
•    Comply with the law or legal process: If we receive a valid subpoena, court order, or other legal demand (e.g., from law enforcement or in a civil lawsuit) that compels us to provide certain information, we will comply as required. We will evaluate each request to ensure it is legally valid and not overreaching. Given our architecture, we cannot turn over what we don’t have (we cannot produce message content since we don’t store it). We would likely only be able to provide registration info, login records, subscriber status, etc. If allowed, we will attempt to notify the affected user of such a request (e.g., if a court wants your account info, we’d let you know) so you can object or seek legal intervention, unless we’re legally barred from notifying (some orders come with a gag clause).
•    Enforce our policies or agreements: We may disclose info if needed to enforce our Terms of Service or other agreements, or to investigate potential violations. For example, if a user is threatening our system or other users and we need to involve law enforcement or pursue legal remedies, we might share relevant account or log information in that process. 
•    Protect rights, property, safety: We might release information if we believe it’s necessary to protect the rights, property, or safety of CustodyComms, our users, or the public. For instance, if we detect someone attempting to hack our service, we might share their IP and logs with law enforcement or other companies to help prevent a broader attack. Or if someone’s life is in danger and we get an emergency data request, we might share necessary info to assist (though realistically, we have little info to share beyond an email or IP). This clause is mostly for the extreme scenarios – like threat of violence, child safety issues, etc., where we do whatever we lawfully can.
We emphasize that our ability to divulge content is essentially nil, because we don’t have user-generated content on our servers. So most legal disclosures would be quite limited (account metadata). We also commit that we have never received a government request for backdoor or bulk data (and since we have little data, that helps). If we are ever asked to do something not in line with user privacy (like build a feature to spy), we’d resist and if possible inform users.
D. Business Transfers: If CustodyComms is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or some of our assets, your information may be transferred to or shared with the successor or new owner as part of that transaction. For example, if another company acquires us, the user database would likely be part of the assets transferred. However, your personal information would remain subject to the promises made in this Privacy Policy (unless you consent otherwise). The new entity would be bound to the same level of protection for your data, or we would require them to notify you of any changes. Similarly, during due diligence for such a corporate transaction, it’s possible we might need to share some limited info under strict confidentiality (like number of users, maybe some sample data in aggregated form) to potential investors or buyers to evaluate the business. We would anonymize or aggregate data for these purposes whenever possible, and any receiving party would be bound by confidentiality until they officially step into our shoes.
•    If a bankruptcy or similar proceeding occurs, information could be considered an asset to be transferred. We would still aim to ensure your data’s privacy is upheld and would contest any sale of user data that doesn’t maintain appropriate protections.
E. With Your Consent: Apart from the cases above, if we want to share your info for something else, we will ask for your consent. For example, if one day we want to partner with a company to offer a special service and that requires sharing some data, we will only do so if you opt-in. Or if you explicitly request us to share data (like you want us to confirm to a third-party that you have an account, etc.), we’d do it with your permission.
F. Aggregated or De-Identified Data: We may share information that has been aggregated or anonymized in such a way that it cannot reasonably be used to identify you.  For instance, we might publish statistics like “CustodyComms has X users in California” or “On average, users send Y messages per month.” This information could be shared in marketing materials, with researchers, or other third parties. Aggregate data will not include anything that reveals individual identities or personal specifics. We may even sell or license such non-personal data (for example, in industry reports on usage trends), and that’s not considered selling personal info because it’s stripped of personal details. 
To reiterate our key stance: We do not sell your personal information to advertisers or other third parties. We do not share your info with third parties for their own marketing or purposes outside of providing the CustodyComms service, unless you give us explicit permission. Any sharing we do is either at your direction, to provide/improve the service, or for legal compliance. We aim to be as transparent as possible about these limited sharing scenarios.
4. Data Security Measures
We take security seriously and implement a variety of measures to protect your information. However, no system is 100% secure, so we want to set realistic expectations.
Local-First Architecture: CustodyComms is designed as a local-first application. Your case data, imported messages, and evidence files are stored on your device in a local database—not on CustodyComms servers. This means your sensitive communications never leave your computer unless you explicitly choose to use cloud-based AI analysis (OpenAI) or export files yourself.
Third-Party Services: CustodyComms integrates with trusted third-party services that handle specific functions:
• Firebase Authentication (Google): Handles login and password management. Your password is stored by Firebase using industry-standard hashing and salting—CustodyComms never sees or stores your password.
• Stripe: Handles payment processing. Your full card details are sent directly to Stripe and never touch CustodyComms systems.
• OpenAI (optional): If you enable cloud AI analysis, incident data is sent directly to OpenAI's API. CustodyComms does not intermediate or store this data.
Encryption in Transit: All communications between your device and third-party services (Firebase, Stripe, OpenAI) use HTTPS/TLS encryption to prevent eavesdropping.
Local Data Protection: Your local database is protected by your operating system's user account controls. For additional security, we recommend using full-disk encryption (such as BitLocker on Windows or FileVault on macOS) to protect all data on your device.
Local Data Security: Because your message content and attachments are stored locally on your device, their security partly depends on you. We strongly encourage you to secure your devices by encrypting them, as irrespective of CustodyComms data security, your original messaging files are still likely on your device and if source files are compromised upstream to CustodyComms before upload, it will likely not be detected. CustodyComms may at a future time offer an option to encrypt its local database (for example, requiring a passcode to open the app, which also encrypts the stored data). If so, use that for extra security. Otherwise, rely on your device’s full-disk encryption and lock screen. However, if someone gains access to your device (and it’s unlocked or they crack your device’s security), they could access your local CustodyComms data. We cannot protect against that scenario from our end. Consider enabling features like remote wipe on your device if it’s lost. 
Access Controls: Internally at CustodyComms, access to the minimal data we store is restricted to personnel who need it to perform their job (principle of least privilege). For example, our support team can look up your account by email to help reset a password or see your subscription status, but they cannot see any content of messages (because we don’t have those) and their access to logs is limited. Administrative access to servers or databases is limited to authorized engineers and is protected with strong authentication (like SSH keys, 2FA). We train our staff on data security practices and require confidentiality commitments.
Testing and Updates: We regularly update our software to apply security patches. Using up-to-date libraries and frameworks helps protect against known vulnerabilities. We may occasionally conduct security audits or penetration testing (ourselves or via third-party specialists) to find and fix potential weaknesses. If you find any security issues, we appreciate responsible disclosure (contact us at security@custodycomms.com, for instance).
Third-Party Security: Where we use third-party service providers (like hosting or Stripe), we choose reputable companies with strong security track records. For example, our payment processor is PCI-DSS compliant (the industry standard for credit card data security). Our hosting environment likely has certifications like SOC2, ISO27001, etc. While certifications aren’t foolproof, they indicate robust security practices.
No Guarantee: Despite our efforts, we must be honest: no method of transmission or storage is completely secure. Breaches can happen even to the best systems. We promise to do our best, but we cannot guarantee absolute security of information. In the unlikely event of a data breach that affects your personal information on our servers, we will notify you and any applicable regulators as required by law. Given the minimal data we hold, a breach of our server might expose account emails or hashed passwords or usage logs. We have systems to detect and respond to such incidents. If a breach happened, we’d likely force password resets and give you guidance.
Chain of Custody Integrity: One security aspect specific to CustodyComms is the chain-of-custody for evidence. We apply cryptographic hashing to detect tampering of records. These hashes themselves are like security features. We keep the algorithms updated if any become weak. The integrity reports we generate are meant to be verifiable so that any alteration is noticed. While this is more a functional thing, it’s a security-related feature for your data integrity. Again, storing data on your own device means you must keep that device secure to maintain the chain-of-custody; if someone had physical access to your device and your device’s credentials, they could in theory tamper with the data on the device (though our app would likely catch it). So, it all comes back to device security. We strongly encourage you to secure your devices by encrypting them and having passwords and even biometrics enabled when possible.
Retention of Security Info: We log access attempts and have alerts for unusual patterns. For example, multiple failed login attempts might trigger a temporary lockout to prevent brute force. We have a system for issuing reset links so that only the email on file gets the reset (and that link expires). If suspicious activity is detected (like login from a new country), we might send you an alert email.
User Responsibilities: We ask you to do your part: use a strong, unique password for CustodyComms and do not share it. Enable 2-factor authentication if we offer it (this might come as a feature; if/when available, we’ll prompt you). Keep your app and device OS updated to patch vulnerabilities. Be cautious of phishing – we will not ask for your password via email. If you get strange communications about CustodyComms, verify with us directly.
Data Breach Plan: If despite precautions, a security incident occurs, we have an incident response plan. We will identify and contain the issue, notify affected users and authorities as required, and take steps to prevent reoccurrence. Our notifications will include what happened, what data was involved (to the best of our knowledge), what we are doing about it, and any steps you should consider. For example, if emails were leaked, we’d warn about potential phishing. If hashed passwords were leaked (unlikely given encryption), we’d advise changing password especially if you used it elsewhere (don’t reuse passwords!).
Deletion and Disposal: When we no longer need data, we delete it securely. For example, if you delete your account, we will remove personal info from our databases (and request our processors to do the same) per our retention policy (explained below). We ensure that any physical hardware retired from our infrastructure is wiped. For backups, once they age out, they’re deleted as well.
In summary, we apply strong security measures appropriate to the sensitivity of the limited data we handle, and we continuously work to improve security. We also rely on you to safeguard the data that remains on your device. If you have any questions about security or suspect any vulnerabilities, please contact us. We appreciate the community’s help in keeping CustodyComms secure.
5. Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Here’s a breakdown:
•    Account Information: We keep your account registration info (email, hashed password, etc.) as long as your account is active. If you choose to delete your account, we will delete or anonymize this information within a reasonable period after your request, usually within 30 days, barring any legal requirement to keep it longer. (We might retain a hash of your email or similar to enforce things like if we need to block abusive accounts, but it wouldn’t be identifiable to you directly.)
•    Subscription and Transaction Data: We will retain records of your subscription payments, transactions, and related info for at least the duration required by accounting and tax laws. In the U.S., that’s often 7 years. This is to comply with financial regulations and for auditing. However, this data typically includes things like payment dates, amounts, and maybe billing region, but not your full card number or bank details. If you cancel a subscription, we’ll mark it, but still keep the history of past payments as needed for finance records.
•    Support Correspondence: If you contacted us for support, we may retain that correspondence (which includes your email and the conversation) for some time to ensure we have context for any follow-ups and to improve the service. Generally, support emails are kept for a couple of years, unless you specifically request deletion and we have no overriding need to keep them. If an email contains sensitive info and you request removal, we’ll delete or redact that info from our records if possible.
•    Usage Logs: Our server logs (which include IP addresses, login timestamps, etc.) are typically kept for a short period for troubleshooting and security (often 30 days to 1 year, depending on the type of log). We might keep security-related logs longer if needed for investigations. We may anonymize logs after a period for analytical purposes. For example, raw logs with IP addresses might be pruned after 90 days, but aggregated stats derived from them (without IPs) might be kept longer.
•    Analytics Data: If we gather analytics on our website or usage, those may be stored in aggregate indefinitely (since they’re not personal). Any user-identifiable analytics (like a user event log tied to your account) is usually kept only as long as needed for analysis then aggregated or deleted. Often, such granular data is removed or anonymized within a year or less.
•    Backups: Our system likely creates backups for disaster recovery. Backup files might store account info etc. However, we never collect nor store your uploaded messaging app content as that is stored locally only on your device. If you delete your account, it’s possible your data could remain in encrypted backups until those backups are rotated out. `Our policy would be that backups are used only for restoration and are securely stored. So, even if your data lingers in a backup for a few weeks post deletion, it wouldn’t be accessible for normal use and would eventually be deleted by rotation.
•    Legal Requirements and Prevention: We might retain certain information if we believe it’s necessary for legal disputes or enforcement. For instance, if we terminate your account for a breach and we think we might need logs or communications as evidence, we might keep those specific records until the issue is resolved. Also, if a law mandates keeping data (like records for law enforcement requests or records related to minors in certain cases), we comply with those retention laws.
•    User Content (on device): Since we don’t keep user content, retention of that is in your hands. On our servers, we don’t have to worry about deleting your messages because we never had them. If you uninstall the app, presumably the local data goes with it (unless you backed it up).
•    Inactive Accounts: If your account is inactive (no login) for a very long time, we might eventually remove it as part of general cleaning, but currently we don’t have a strict policy like “delete after X years of inactivity.” If we ever implement that, we’d try to notify you via email beforehand. But given the use case, we suspect if someone stops using it, it might be because their matter resolved, and they might want to keep records. We wouldn’t want to delete an account just because of inactivity if there’s data someone might return to. Because the data is local, even if we removed your server account, you could still have the local archive (just wouldn’t get updates or new logins without re-registering).
•    Upon Request: Under various privacy laws (like GDPR or CCPA), you have rights to request deletion of your personal data. We honor those (discussed in Section 6). If you make such a request, and we have no lawful reason to deny it, we will delete the info as requested, and instruct our processors to do the same.
After the retention period ends, we will either delete your personal information or anonymize it (so it can no longer be associated with you) such as by aggregating it with other data. For example, if we delete your account, we might keep an anonymized count like “a user from X region who signed up in 2025” in stats, but nothing that identifies you.
Keep in mind, certain residual copies might remain in our system (like in email archives or backup tapes) for a short time, but we’ll continue to protect that information even if it’s beyond active use.
6. Your Rights and Choices
You have several rights regarding your personal information and how it’s used. We strive to make it easy for you to exercise these rights.
Access and Portability: You have the right to request a copy of the personal information we hold about you. Given our limited collection, this would typically include your account details (like email, subscription status), and maybe log entries tied to your account. You can request this by contacting us at privacy@custodycomms.com. We will provide you with a copy in a common format (often JSON or CSV) of the data we have. For most users, you already see much of this in the app settings (email, etc.), but we’ll gladly provide the raw data we have. For “portability” – if requested, we can provide data in a machine-readable format. Frankly, since we don’t store your content, the main data we can port is account meta-data. If you need your actual messages, those are on your device – you can export them from the app directly via Evidence Export (which is the best way to get a portable copy of your messages on the app).
Correction (Rectification): If any of your personal information that we have is incorrect or outdated, you have the right to ask us to correct it. For instance, if your email has a typo, you can often correct it in-app or by contacting support. We verify before making changes to ensure security (for example, if you want to change the email, we might need you to prove account control). We encourage you to keep especially your contact info current so you don’t miss notices.
Deletion (Erasure): You can request that we delete your personal information. As noted, you can delete your account from within the app (if feature available) or by contacting support. This will remove personal identifiers from our systems. There are some caveats: we might retain some data if we have a legal obligation or a compelling legitimate interest (for example, we can’t delete transaction records needed for financial reporting, or we might keep a record that “an account with this email was deleted on X date” to handle things like refund proof or to prevent certain abuse). But we will inform you if any such data is retained and why. If you have data stored on your device, deleting your account won’t remove that – you’d have to delete the app or data locally. Also, if multiple users are involved (like your co-parent also has data on their device), deleting your account doesn’t delete data from their app (they will still have whatever record of communications on their side, since that’s not on our server either). We’re just clarifying that we cannot reach out and delete data from someone else’s device – that’s like asking WhatsApp to delete messages from your friend’s phone; not possible for us, and also because each side’s data is separate. Typically, if you ask us to delete info, we will do so within 30 days and confirm when done.
Objection to Processing: If we were to process data based on legitimate interests or for direct marketing, you have the right to object to that processing. For example, if we ever started sending marketing emails, you can opt out any time (unsubscribe link in email or via settings). If you believe we’re processing some data without a good reason, let us know and we’ll either stop or explain the compelling reason. Given our limited use (performing contract or legal compliance mostly), this is rarely an issue.
Restriction of Processing: You can ask us to temporarily “pause” processing certain data under specific circumstances – for instance, if you contest the accuracy of data or have objected and are waiting for us to decide on that, or if you need data for a legal claim but we were going to delete it. We’ll accommodate those scenarios as required by law.
Consent Withdrawal: In any situation where we rely on your consent to process data, you have the right to withdraw that consent at any time. For example, if we rely on consent to send marketing push notifications, you can disable those in the app settings or device settings, which is effectively withdrawing consent. Withdrawing consent won’t affect the lawfulness of processing we did before that point, and note that often we don’t rely on consent but on other bases (like fulfilling the contract to run the service).
California Residents (CCPA/CPRA Rights): If you’re in California, you have similar rights under the California Consumer Privacy Act (as amended by CPRA). These include the right to know what personal info we collect, the right to access it, the right to delete it (with some exceptions), the right to correct inaccurate info, and the right to opt-out of “sale” or “sharing” of personal info. Let’s clarify relevant parts:
•    We have described the categories of info we collect in Section 1 (identifiers like email, internet activity like logs, etc.). We do not sell personal info. We also do not “share” it in the CPRA sense for cross-context behavioral advertising (we don’t do any behavioral ads).
•    You can request: (1) Disclosure of what categories of personal info we have collected, the sources, the business purpose, and the categories of third parties we share it with. (We’ve basically outlined that here in the policy.) You can also request specific pieces of info (which is essentially the access request above). (2) Deletion of your personal info (with exceptions like if needed to complete a transaction, for legal compliance, etc.). (3) Correction of inaccurate info. (4) If we did sell/share info (we don’t), you could opt out, but no need here. Also (5) not to be discriminated against for exercising rights, which we will not do – we won’t deny you service or give different quality just because you exercise your privacy rights.
•    To make a request, contact us at our designated methods (we’ll likely have a web form or email for CCPA requests specifically). We will verify your identity (for example, by asking you to email from the registered address or provide some info that matches our records). If you have an authorized agent, we’d need proof of their authorization. We aim to respond within 45 days as required (or explain if we need more time).
•    We have not sold personal info so the opt-out is moot. We also don’t offer financial incentives against your data (like we’re not paying or discounting based on data sharing), so no notice needed there.
EU/EEA/UK Residents (GDPR Rights): If you are in the European Economic Area or similar jurisdictions with GDPR-like laws, you have the rights of access, rectification, erasure, restriction, objection, and data portability as described above. You also have the right to object to processing for direct marketing or for legitimate interests. We don’t do marketing without consent, and for legitimate interests (like improving service) we believe it’s balanced, but you can object if you have reasons and we’ll consider them. If you feel your rights are infringed, you can also lodge a complaint with your local data protection authority. If you need to know who that is, we can help guide you.
We also ensure that we will not discriminate against you for exercising any rights. For example, if you request deletion, we’ll delete your account if possible, but we won’t retain something out of spite or deny you some service solely because you made a privacy request (beyond the natural consequence that deleting account means you can’t use it, obviously).
Opt-Out of Communications: As mentioned, you can opt out of promotional emails by clicking “unsubscribe” in the email or adjusting your preferences. For push notifications, control that via device settings or app settings. For any cookies or tracking on the website, you can use browser controls or our provided cookie banner (if applicable) to opt out of analytics.
Do Not Track: Some browsers have “Do Not Track” signals. Our website doesn’t respond differently to DNT signals, because currently we don’t have third-party ads or tracking beyond possibly Google Analytics which doesn’t act on DNT. But we’ll state that clearly: we respect privacy but at this time we can’t guarantee a changed behavior for DNT signals (most sites treat it this way unless legally required to honor it, which in the U.S. it isn’t widely).
Data Transfer Rights: If you’re outside the U.S., note that your data will be transferred to the U.S. (see Section 8). By using the service, you consent to that. For EU users, we rely on contractual measures (SCCs) or necessity of service to transfer data. If you want more details or a copy of our transfer safeguards, you can request it.
Exercising Rights: To exercise any privacy rights, you can contact us at privacy@custodycomms.com (or a dedicated web portal if we have one). We may need to verify your identity by asking for info like your account email and perhaps a confirmation code. We will respond within the timeframe required by law (usually within 30 days for EU, 45 for California, etc., with possible extension). Where we cannot fulfill a request, we will explain why (for example, if you request deletion but we have to keep some data for legal reasons, we’ll tell you that).
Finally, if you have any issues or dissatisfaction with how we handle your data or requests, please let us know and we will try to resolve it. If not, you always have the right to escalate (like contacting a regulator or seeking remedies).
7. Attorney-Client Confidentiality and Privilege
Given CustodyComms’ use in legal contexts, we want to explicitly address how using our Service interacts with attorney-client privilege and confidentiality obligations:
No Third-Party Access: CustodyComms is designed such that we do not have access to the substantive content of communications between you and your attorney (if you use it in that capacity) or between co-parents. Because all content is stored locally and not on our servers, CustodyComms, LLC is not a “third party” to those communications in the traditional sense. In legal terms, generally, if a client shares a confidential communication with a third party, privilege may be waived. However, certain exceptions exist: communications remain privileged if disclosed to a person or entity necessary for the communication or furthering the legal representation, and made with an expectation of confidentiality. In our case, we argue that using CustodyComms is akin to using a secure tool (like a locked filing cabinet) that analyzes communication between parties, rather than a situation of sharing info with an unrelated third party.
Preservation of Privilege: Using CustodyComms should not waive attorney-client privilege. When you (client) and your lawyer communicate via CustodyComms, the communications stay between you two – we at CustodyComms cannot read them. Courts have held that storing privileged data with a secure cloud service doesn’t waive privilege, as long as reasonable steps are taken to maintain confidentiality. For example, a court noted that if a client reasonably expects that no one else will access the data (like when using an encrypted storage or service), that’s still within privilege. CustodyComms goes a step further by not even holding the data, so the “third party” (us) has effectively no knowledge of the content. In analogy, if you draft a letter to your lawyer and keep it in a locked box that you purchased from a company, the company that sold the box doesn’t have your letter. Similarly, we provided the app, but we don’t possess the communications. Therefore, you and your attorney can treat CustodyComms as a private channel.
Confidentiality: Lawyers have ethical obligations (e.g., ABA Model Rule 1.6) to keep client information confidential. Using CustodyComms aligns with those duties because it employs strong security and does not disclose the info to the provider. Attorneys should still use reasonable care (like ensuring their device with the CustodyComms app is secure, and advising clients to do the same). But from a technical standpoint, our service was built to uphold confidentiality – we don’t see or mine your data, and we don’t share it. If an attorney is concerned about using any third-party software, they should know that we have no mechanism to eavesdrop on their communications.
Legal Demands and Your Data: If law enforcement or a litigant served CustodyComms with a subpoena for user communications, we would be unable to provide them, because we don’t have them. If, hypothetically, we were compelled to testify or produce evidence about communications, the best we could do is hand over any hashed or encrypted records we might have (which we don’t) or logs showing two users analyzed messages at X times. In essence, we are structured to avoid becoming a repository that could be subpoenaed for content. This safeguards not only privilege but also general privacy.
User Responsibilities: It’s important that users (especially lawyers and clients) do not break privilege on their own. For instance, if you export a conversation and email it over regular email to someone, that might risk privilege if it’s beyond the necessary parties. Or if a client shows a friend their CustodyComms messages with their attorney, that could waive privilege (because that friend is an unnecessary third party). CustodyComms can’t prevent users from disclosing their own info. We just ensure we aren’t the source of any leak or waiver.
Work Product: Similar logic applies to attorney work product (notes, strategies recorded in the app). If those remain in CustodyComms, they remain in the attorney’s sole possession (on their device) and aren’t given to us, so work product protection is maintained. If the attorney shares certain notes with the client through the app, that’s still within the attorney-client bubble.
Data in Transit/Storage: In the future, we may have a feature that allows clients, and their attorneys communicate via the app. We would use encryption so that data in transit between attorney and client’s apps (if any sync or direct messaging via server happened) is protected. If messages are exchanged in-app, it might be device-to-device or through a server relay. If we do relay, it’s encrypted such that we can’t read it. So even in transit, confidentiality is preserved from our perspective.
Logging and Metadata: In the future, we may have a feature that allows clients, and their attorneys communicate via the app. We would keep minimal metadata (like login times, etc.). In a scenario where someone tries to see if two accounts communicated, we honestly wouldn’t have explicit records of that content exchange. At most, we might see that two accounts were active. But we don’t log “User A sent X messages to User B at 3pm” because the actual sending is local. If a feature did require our server to mediate, we’d try not to log recipients or content, just generic counts. So, metadata leakage is minimal. Thus, even the fact of an attorney-client relationship might not be discernible from our systems (contrasted with something like Gmail, where an observer could see A emailed B).
Caveat - Cloud Backups: Note, if you use a cloud backup service on your device (like iCloud backup or Google Drive backup of app data), then the data is being copied to that third party (Apple/Google). That could raise privilege questions, since those companies might technically access it under certain conditions. That’s outside CustodyComms’ involvement. Attorneys might want to advise clients to not include privileged communications in unencrypted backups. Our app cannot control your device’s backup settings. For maximum confidentiality, one might turn off cloud backup for our app or rely on our own export encryption. That’s a user choice. We aren’t responsible for what you or your device does outside our app.
If CustodyComms Staff Involvement: On the rare occasion you ask us for technical help that involves your data, we might need to handle some of it (e.g., you send us an export to debug a formatting issue). In doing so, we’ll treat it as highly confidential. But strictly speaking, sharing anything with us (even a snippet) is akin to bringing in a consultant – might be covered under privilege if for service of your attorney, but that gets legally gray. Our advice: avoid sending us any privileged content. We usually can troubleshoot without seeing real messages (we can use dummy data to replicate a bug). If we do see any, we will keep it confidential and delete it after use, but do understand that showing it to us might technically be a disclosure (though arguably for support services, which could be seen as an agent scenario – similar to using an e-discovery vendor, which doesn’t break privilege because they’re a service provider assisting the law firm).
No Legal Advice From Us: Keep in mind, while we talk about privilege here, we’re not providing legal advice ourselves. Consult your own counsel if you have concerns about privilege. But we’ve designed this tool to preserve confidentiality and privilege.
In summary, CustodyComms is built to uphold attorney-client confidentiality. We function like a secure vault for communications, not a party to them. As long as you and your attorney use the Service as intended (and keep your accounts secure), your privileged communications should remain protected. We have structured our data handling such that using CustodyComms does not constitute disclosure to a third party that would waive privilege. If you or your attorney have more questions about this, we’re happy to provide technical details so you can be comfortable.
8. International Users and Data Transfers
CustodyComms is based in the United States, and our servers and operations are primarily located in the U.S. If you use our Service from outside the U.S., please be aware that your information will likely be transferred to, stored, and processed in the United States. The data protection laws in the U.S. may differ from those in your country, and may not be considered as stringent.
However, we take steps to ensure your privacy is protected consistent with this Policy and applicable law, regardless of where the data is processed. If you are in the European Economic Area (EEA), United Kingdom (UK), Switzerland or other regions with data transfer restrictions, we rely on legal transfer mechanisms to transfer your data to the U.S.
Legal Bases for Transfer (for EU/EEA Users): CustodyComms, LLC is the “data controller” for your personal data. When we transfer personal data from the EEA/UK to the U.S., we typically rely on one of the following legal bases:
•    Performance of a Contract: The transfer is necessary to provide you with the Service you signed up for. (For example, to create your account and let you use the app, we have to process your data on our U.S. servers.) Article 49 of GDPR recognizes that if the transfer is necessary for performance of a contract between the user and us (or for pre-contractual steps at the user’s request), that is a valid basis. By signing up and using CustodyComms, you are requesting our Service, which requires that we process your data in the U.S.
•    Standard Contractual Clauses (SCCs): We may incorporate the European Commission’s Standard Contractual Clauses into our terms with service providers or within our company, to ensure an adequate level of data protection for transferred data. These clauses contractually bind the receiving party (us, or our vendors) to protect your data to EU standards. If you want to see a copy of our SCCs or understand how they apply, you can contact us.
•    Your Consent: In some cases, we might ask for your explicit consent to transfer data. For instance, if in the future we handle any sensitive personal data from the EU, we might rely on explicit consent for storage in the U.S. However, for now, the contract necessity covers it.
No matter the mechanism, we also implement additional safeguards as needed (like encryption in transit and at rest, strict access controls, etc., as described in Security).
International Hosting Partners: As noted, our infrastructure might use global providers. Some ancillary data (like error logs) might be processed by systems potentially outside the U.S. (though we try to choose U.S. or EU data centers). If any sub-processor (like our email service or analytics) processes data outside of the U.S./EU, we ensure they too use SCCs or equivalent.
Local Laws: If you’re using CustodyComms from a jurisdiction where certain privacy or data storage laws apply (e.g., some countries require data about citizens to remain in country), you should be aware that by using our service, your data is being sent to the U.S. We ask that you only use the service if you consent to this and it’s lawful in your jurisdiction. If you’re not sure, consult local laws or contact us for any clarifications.
Our Commitment: Regardless of where your data is processed, we handle it under the principles outlined here. That means we value your privacy whether you’re in Massachusetts or in Europe or anywhere else. We do not engage in any practices that would be considered fundamentally incompatible with the GDPR, for example. We don’t do automated profiling or selling of data or such.
Data Protection Officer: Under GDPR, because we generally do not process sensitive data on a large scale or systematically monitor individuals, we have determined we do not currently require a formal Data Protection Officer (DPO). However, we do have personnel responsible for privacy matters. If you have any questions or requests regarding your personal data, you can reach our privacy team at the contact provided below. If in the future our user base expands significantly in Europe or laws change, we will appoint a DPO or EU representative as needed and update this policy.
Your Choices (International): If you are not in the U.S. and are uncomfortable with your data being transferred or stored in the U.S., you may choose not to use our Service. We try to be transparent so you can make an informed choice. We believe our protections are strong and our practices are ethical, but we understand concerns about differing legal regimes.
In summary, we do facilitate global use of CustodyComms, but all users’ data will be processed in the United States. We use appropriate safeguards (like encryption and legal frameworks) for cross-border data transfers. By using CustodyComms, you understand and consent to this transfer, processing, and storage of your information in the U.S. as described.
If you have any specific questions about international data handling, please contact us and we’ll be happy to explain or address them.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make any significant changes, we will notify you in an appropriate manner.
Notification of Changes: We will post the updated Privacy Policy on our website and update the “Effective Date” at the top. If the changes are material, we will provide a more prominent notice. For example, we might notify you by email (sent to the address associated with your account) or display an in-app message or prompt. “Material changes” could include, for instance, if we started collecting additional personal information beyond what’s listed, or if we change how we use data in a way that you might not reasonably expect under the current policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of CustodyComms after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with a change, you should discontinue use of the Service and may request deletion of your data.
For example, if we ever were to change our stance on selling data (unlikely, as that’s against our philosophy), that would be a huge change we’d definitely email everyone about and likely require opt-in. On more minor changes (like clarifying wording, or updating a processor list), a simple notice on our site might suffice.
If you have any questions about any change, feel free to reach out to us for clarification.
10. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please reach out to us. We’re here to help.
Contact us by email: privacy@custodycomms.com (This is our dedicated address for privacy-related inquiries and requests.)
Contact us by mail:
CustodyComms, LLC
Attn: Privacy Team
131 Continental Dr. Suite 305
Newark, DE 19713
USA
(Use the above mailing address for formal written requests or correspondence. If you’re an EU resident and need to send something to a representative, currently use the main address until we appoint any EU representative.)
We will respond to your inquiries as promptly as possible, typically within 30 days. If you are contacting to exercise a specific right (like access or deletion), please provide enough information for us to verify your identity and locate your data (for example, the email you registered with, and what action you’re requesting). We may ask for additional verification info solely to confirm you are who you say, for your data’s safety.
If you feel that we have not adequately addressed your questions or concerns, you have the right to contact your local data protection authority or privacy regulator. For example, EU users can reach out to their country’s supervisory authority, and California users can contact the CA Attorney General’s office. But we truly prefer you talk to us first so we can resolve it amicably.
Thank you for taking the time to read our Privacy Policy. We value your trust and are committed to protecting your privacy while providing you with a useful and secure service.

bottom of page