Privacy Policy

1. Introduction and Scope

Allies ("we," "our," or "us") provides a coparenting coordination platform available on iOS, Android, and web (the "Service"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use our Service.

We understand that the information you share with us is among the most sensitive data a technology company can hold: custody schedules, court orders, financial records, communications about your children, and details about your family structure. We designed our data practices with this responsibility in mind.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service.

2. Information We Collect

2.1 Account Information

When you register for the Service, we collect:

Full legal name, email address, and phone number
Account type (coparent, step-parent, legal guardian, or professional)
Profile photograph (optional)
Professional credentials, if applicable (bar number, license number, professional certifications)

2.2 Family and Children's Information

To provide coparenting coordination tools, we collect information about your family as provided by you:

Children's names, dates of birth, and ages
Custody schedules, parenting time allocations, and holiday schedules
Pickup and drop-off locations for custody exchanges
School, medical, and extracurricular information (as voluntarily provided by parents)
Emergency contact information

Children under 13: We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13. All children's data is entered and managed exclusively by a parent or legal guardian. Children's profiles, when created, have restricted read-only calendar access with no messaging, document, or financial capabilities.

2.3 Court Documents and Legal Records

When you upload legal documents to the Service, we collect and process:

Court orders, custody agreements, parenting plans, and related legal documents (typically PDF files)
Text and data extracted from those documents by our AI system, including custody schedules, financial obligations, decision-making provisions, and restrictions
Financial records including child support payments, shared expense receipts, and reimbursement requests

You represent that you have the legal right to upload any court documents you submit. Court orders are generally public records, but you should consult your attorney if your order contains sealed or confidential provisions.

2.4 Communications

The Service is designed to create a documented record of coparent communications. We collect:

All messages sent between coparents through in-app messaging, including text and any attached files
Message metadata (timestamps, delivery status, read receipts)
Video and audio call metadata (duration, participants, timestamps). We do not record the audio or video content of calls
Email and SMS invitation messages sent through the platform

2.5 Biometric Data

If you enable Face ID, Touch ID, or fingerprint authentication, biometric data is processed and stored exclusively on your device using the manufacturer's secure enclave (Apple Secure Enclave or Android Keystore). We never receive, transmit, process, or store your biometric data on our servers. We only receive a binary authentication result (pass/fail) from your device.

2.6 Device and Technical Data

Device type, operating system version, and application version
IP address and approximate geographic location (city/state level, not precise GPS coordinates)
Push notification tokens for delivering alerts
Crash logs and error reports for debugging
General usage analytics (feature usage, session duration) to improve the Service

3. How We Use Your Information

3.1 Providing and Operating the Service

Account creation, authentication, and access control
Facilitating communication between coparents and authorized family members
Managing custody schedules, calendar events, and exchange logistics
Tracking shared expenses, child support, and financial obligations
Storing, organizing, and retrieving court documents and legal records
Generating tamper-resistant records for potential court use

3.2 AI-Powered Features

Allies uses artificial intelligence (powered by Anthropic's Claude API) to enhance your experience. When AI features are used, specific data is transmitted to Anthropic for processing:

Document Extraction: The text content of uploaded court orders is sent to Anthropic's API to identify and extract custody schedules, financial obligations, decision-making provisions, and other key terms. The original document file remains stored on our infrastructure only.
Onboarding Assistant: Your conversational responses during initial setup are processed by AI to configure your account appropriately for your family situation.
Tone Analysis (optional, user-enabled): If you enable this feature, message content may be analyzed to identify high-conflict language patterns and suggest calmer alternatives before sending.

How Anthropic handles your data: All data sent to Anthropic is processed under their Commercial Terms of Service. Under those terms:

Your data is not used to train Anthropic's AI models
Data is encrypted in transit (TLS) and at rest
Anthropic does not retain API inputs or outputs beyond what is necessary to provide the service and detect abuse

See Anthropic's Privacy Policy for complete details.

3.3 Safety, Security, and Legal Compliance

Detecting and preventing unauthorized access, fraud, or abuse of the Service
Responding to valid court orders, subpoenas, search warrants, and other legal process
Protecting the safety and welfare of children, consistent with applicable mandatory reporting laws
Reporting child sexual abuse material (CSAM) to NCMEC and law enforcement
Enforcing our Terms of Service
Cooperating with law enforcement investigations when legally required

4.1 Within Your Family Network

Information you enter into the Service (messages, schedule changes, expense entries) is shared with other members of your family network based on their role and the permissions you and your coparent have configured. If you grant access to a professional (attorney, therapist, mediator), that professional may view shared family data within the scope of their authorized access.

Note on shared data and account deletion: If you delete your account, shared data (messages you sent, schedule entries you created, expense records) may remain accessible to your coparent and authorized professionals because that data is part of the shared family record. See Section 6 for full data retention details.

4.2 Service Providers

We use the following third-party service providers, each processing only the minimum data necessary for their function:

Supabase — Database hosting, user authentication, and file storage (Privacy Policy)
Anthropic (Claude AI) — Document extraction and AI features (Privacy Policy)
Stream — Real-time messaging infrastructure and video calls (Privacy Policy)
Stripe — Payment processing. We never store your credit card numbers; all payment card data is handled exclusively by Stripe (Privacy Policy)
Firebase (Google) — Push notification delivery and crash reporting (Privacy Policy)

All service providers are bound by data processing agreements that prohibit them from using your data for their own purposes and require them to maintain appropriate security controls.

4.3 Legal Disclosures

We may disclose your information when compelled by valid legal process, including:

Court orders and subpoenas in family law proceedings (custody, divorce, protective orders)
Law enforcement requests accompanied by valid legal process (warrants, court orders)
Child protective services investigations
Emergency disclosures where we reasonably believe there is an imminent threat of serious harm to a child or adult

We will notify you of legal requests for your data when legally permitted to do so. If a request is accompanied by a non-disclosure order, we will comply with that order but will notify you when the order expires or is lifted.

4.4 We Do Not Sell Your Data

We make the following commitments regarding your personal information:

We do not sell, rent, lease, or trade your personal information to any third party
We do not use advertising networks, behavioral targeting, or ad-supported business models
We do not share your data for cross-context behavioral advertising
We do not use your data to build marketing profiles or sell insights derived from your family information
We do not share your data with data brokers

5. Data Security

Given the sensitive nature of family law data, we implement comprehensive security measures:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Encryption at rest: All stored data, including court documents, messages, and financial records, is encrypted using AES-256
Row-level security: Database access controls ensure that each user can only access data they are authorized to view based on their family membership and role
Authentication: Multi-factor authentication and device biometric authentication are available and recommended
Professional audit logging: All data access by professionals (attorneys, therapists, mediators) is logged with timestamps, creating an accountability trail
Infrastructure certifications: Our primary infrastructure providers (Supabase, Stream, Stripe) maintain SOC 2 Type II certification
Secure file storage: Uploaded court documents are stored in isolated, encrypted storage with access restricted to authorized family members and professionals

5.1 Breach Notification

In the event of a data breach that compromises your personal information, we will:

Notify affected users within 72 hours of confirming the breach
Provide a clear description of the data affected and the steps we are taking to remediate
Recommend protective actions you should take
Notify applicable regulatory authorities as required by law
If children's data is involved, provide separate, specific notification to affected parents or guardians consistent with COPPA requirements

6. Data Retention

Our retention periods are designed to balance your need for long-term records (for court use) with privacy principles of data minimization:

Data Type	Retention Period
Account profile data	Duration of active account
Messages and communication logs	Duration of active account (for potential court use)
Court documents and extracted data	Duration of active account + 7 years after closure (legal compliance)
Financial records and expense history	Duration of active account + 7 years (IRS requirements)
Professional access audit logs	Duration of active account + 3 years
Profile data after account deletion	Deleted within 30 days
Backups containing deleted data	Purged within 90 days of deletion request
Biometric data	Never stored on our servers (device-only)

Litigation holds: Data that is subject to active or reasonably anticipated legal proceedings will be retained until the matter is fully resolved, regardless of the standard retention schedule. We will notify you of any litigation holds affecting your data when legally permitted to do so.

Shared data after account deletion: Messages you sent, schedule entries you created, and expense records you entered may remain accessible to your coparent as part of the shared family record, even after you delete your account. This is necessary because your coparent may rely on these records for their own legal purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you in a structured, machine-readable format
Correction: Correct inaccurate or incomplete information in your account
Deletion: Request deletion of your account and associated personal data, subject to our legal retention obligations and the rights of your coparent to shared records
Data portability: Receive your data in a standard format (JSON or CSV) for transfer to another service
Opt-out of AI features: Disable optional AI features (tone analysis, message moderation) at any time in your account settings. Core features like document extraction are performed only when you affirmatively upload a document
Communication preferences: Unsubscribe from promotional communications at any time. Transactional notifications (security alerts, schedule changes, coparent messages) cannot be disabled while your account is active

7.1 How to Delete Your Account

You can delete your account at any time using one of these methods:

In the app: Go to Profile → Privacy & Security → Delete Account. Follow the prompts to confirm deletion.
Via email: Send a request to privacy@alliesapp.com with your account email address.

When you delete your account:

Your profile, preferences, and personal data are deleted immediately
Your coparent will be notified that you have deleted your account
Database backups containing your data are purged within 90 days
Messages, schedules, and expenses you created remain accessible to your coparent as part of the shared family record
Financial records are retained for 7 years per IRS requirements

For complete details, see our Support page.

To exercise any of these rights, email us at privacy@alliesapp.com. We will verify your identity and respond within 30 days. We will not charge a fee for reasonable requests.

8. Children's Privacy (COPPA Compliance)

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws:

No direct collection from children: Only parents or legal guardians (18+) may create accounts. Children under 13 never create their own accounts
Parent-managed profiles: A parent creates and fully controls their child's profile, including the ability to view, modify, or delete it at any time
Restricted access: Children's profiles have calendar view only. No access to messaging, documents, financial records, or professional communications
No marketing use: Children's data is never used for marketing, advertising, profiling, AI training, or any purpose beyond providing the core Service
Minimal data: We collect only the minimum data necessary for the child profile (name, date of birth) plus schedule information
Parental controls: Parents can review, modify, or delete all data associated with their child's profile at any time through their account settings
Breach notification: If a breach involves children's data, we will provide specific, prioritized notification to affected parents

9. U.S. State Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose about you
Right to Delete: Request deletion of your personal information, subject to legal exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary
Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (family relationships, court documents) only as necessary to provide the Service
Right to Non-Discrimination: We will not discriminate against you for exercising any privacy right

To exercise your California rights, contact privacy@alliesapp.com. We will verify your identity before processing your request.

Other U.S. States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), and other states with comprehensive privacy laws have similar rights to access, correct, delete, and port their personal data. We honor these rights regardless of your state of residence. Contact privacy@alliesapp.com to exercise these rights.

10. International Users

Allies is primarily operated in the United States. Your data is stored in U.S. data centers operated by our infrastructure providers. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

EU/UK users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for international data transfers. You have the right to obtain a copy of these clauses by contacting us. You may also have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection supervisory authority.

Legal basis for processing (GDPR): We process your data based on: (a) your consent (account creation); (b) performance of our contract with you (providing the Service); (c) our legitimate interests (security, fraud prevention, service improvement); and (d) legal obligations (mandatory reporting, responding to court orders).

11. Cookies and Tracking (Web Application)

Our web application uses the following categories of cookies:

Strictly necessary: Authentication session cookies and security tokens required for the Service to function. These cannot be disabled
Functional: Cookies that remember your preferences (theme, display settings). These improve your experience but are not required
Analytics: Anonymous, aggregated usage data to help us understand which features are used and identify issues. We do not use third-party analytics services that track you across websites

We do not use:

Advertising or marketing cookies
Third-party tracking pixels or web beacons
Cross-site tracking technologies
Fingerprinting or other persistent identification methods

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent the web application from functioning.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

Notify you by email at least 30 days before the changes take effect
Provide an in-app notification summarizing the key changes
Update the "Last Updated" date at the top of this page
Maintain an archive of previous versions available upon request

Your continued use of the Service after the effective date of a modification constitutes acceptance of the updated policy. If you disagree with the changes, you may close your account before the effective date.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled:

Privacy inquiries and rights requests: privacy@alliesapp.com
General support: support@alliesapp.com
Security vulnerabilities or incidents: security@alliesapp.com

We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.