Skip to main content
Your privacy, plainly explained

Privacy Policy

Our Family Defender helps families document custody and family-law cases. This policy explains exactly what we collect, how it is used, and the control you keep over it — in fifteen short sections.

We never sell your data
AI features are optional
Encrypted, isolated storage

Last updated May 7, 2026 · Our Family Defender

THE SHORT VERSION

We collect only what's needed to run your case — and we never sell it.
AI and Gmail features are optional and limited to what you turn on.
Your data is encrypted and walled off from every other account.
You can export or delete everything, anytime.
01

Information We Collect

We collect only what's needed to provide and improve the service.

  • Account information. Your name and email when you create an account. If you subscribe to a paid plan, payment information is collected and processed by Stripe, Inc. — we do not store credit card numbers.
  • Case data. The case-related data you provide — daily parenting logs, documents, communications, issues, expenses, and case configuration. This is stored exclusively within your isolated tenant account.
  • Gmail data. If you enable Gmail integration, we access and store emails from the specific addresses you choose to monitor — including content, metadata (sender, recipient, date, subject), and attachments. We only access emails matching your monitored addresses, never your entire inbox.
  • AI usage data. When you use AI features we record the volume of AI usage (number and size of requests) to apply your plan's included AI Credit and any optional top-ups. We manage the AI provider relationship on your behalf, so you never provide or store third-party API keys.
  • Usage data. Anonymized usage metrics (page views, feature usage, AI request counts) to improve the service and manage usage-based billing. This cannot be linked to your case information.
  • Device & browser data. Your IP address, browser type, and device information when you access the service. Used for security (detecting unauthorized access) and not linked to your case data.

In plain English: You control what you upload — and Gmail access is limited to the addresses you choose.

02

How We Use Your Information

We use your information to:

  • Provide the core documentation and case-management features.
  • Process AI requests (email analysis, tone scoring, report generation, draft assistance).
  • Sync and store emails from your connected Gmail account.
  • Generate reports and analytics within your account.
  • Send service-related notifications, reminders, and alerts.
  • Process payments and manage your subscription.
  • Detect and prevent fraud, abuse, and unauthorized access.
  • Improve the service based on anonymized, aggregated usage patterns.

We do not use your case data for advertising, marketing to third parties, or training AI models. Your data is used solely to provide you with the service.

In plain English: Your data runs your account — never ads, never AI training.

03

AI Data Processing

When you use AI-powered features, relevant portions of your data are transmitted to our AI provider for processing:

  • Provider. We currently use Anthropic (maker of Claude). AI usage is included with paid plans, and we manage the provider relationship on your behalf.
  • What is sent. Email content for analysis, document text for summarization, communication content for tone scoring, case context for report generation, and draft prompts for communication assistance.
  • Retention. Our AI provider processes data in real time and does not retain it for training purposes under our commercial agreement.
  • Your control. AI features are optional. You can use Our Family Defender's core features without triggering any AI data processing.

In plain English: AI is optional, and your data is never used to train AI models.

04

Gmail Data

If you connect your Gmail account, the following applies:

  • Scope of access. We request read-only access and only read emails matching the specific addresses you configure as monitored contacts.
  • Data stored. Email subject, body, sender, recipients, date, Gmail labels (read/starred), thread information, and attachments.
  • Sync frequency. Emails are synced automatically every 15 minutes for monitored addresses.
  • Revocation. You can disconnect Gmail at any time from your settings. Disconnecting stops future syncing but does not delete previously imported emails — you may request deletion of those separately.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

In plain English: We only read the addresses you pick — and you can disconnect anytime.

05

Data Sharing

We do not sell, rent, or share your personal information or case data for marketing or advertising. We share data only in these limited circumstances:

  • AI providers. When you use AI features, relevant data is sent to Anthropic for processing.
  • Payment processing. Payment information is processed by Stripe under their privacy policy.
  • Email service. We use Resend to deliver transactional emails (verification codes, reminders, notifications). Only your email address and notification content are shared.
  • Legal requirements. We may disclose data when required by law, subpoena, court order, or government request.
  • Safety. We may disclose information if we believe in good faith it is necessary to protect the safety of any person.

In plain English: Your case is never sold. We share only with the vendors that run the service, or when the law requires it.

06

Team & Practitioner Access

When you invite team members (attorneys, parenting coordinators, or other professionals) to your account, they gain access to your case data based on the permissions you assign. This is a voluntary sharing of your data that you control.

Team members access your data through their own authenticated accounts. You can modify permissions or remove team members at any time from your settings.

Practitioners using professional accounts may access multiple client accounts. Each client's data remains isolated and is only accessible to practitioners who have been explicitly invited by that client.

In plain English: You decide who on your team sees your case — and you can revoke it anytime.

07

Cookies & Sessions

We use the following cookies and similar technologies:

  • Session cookie (mcs_session). A secure, HTTP-only cookie containing your encrypted session token. Essential for authentication; expires after 7 days.
  • Stripe cookies. Our payment processor may set cookies for fraud prevention during checkout.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies, and we do not participate in cross-site tracking or retargeting.

In plain English: Only the cookies needed to log you in and take payment. No ad tracking.

08

Data Security

We implement industry-standard security measures to protect your data:

  • TLS 1.3 encryption for all data in transit.
  • AES-256 encryption for sensitive data at rest.
  • Tenant-level data isolation — every database query is scoped to your tenant ID.
  • Cloudflare edge security, including DDoS protection and a Web Application Firewall.
  • Rate limiting on authentication and API endpoints.
  • Encrypted storage of API keys and sensitive credentials.

While we take extensive measures to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

In plain English: Bank-grade encryption, and your case is walled off from every other account.

09

Data Retention & Deletion

We retain your data for as long as your account is active. Upon cancellation or deletion:

  • Your data is retained for 30 days to allow for recovery or export.
  • After 30 days, all data is permanently and irreversibly deleted.
  • You may request immediate deletion, processed within 72 hours.
  • Backups containing your data are purged on their normal rotation schedule (no more than 30 days).

We may retain anonymized, aggregated data (that cannot be linked to you) for analytics purposes.

In plain English: Cancel and your data is gone within 30 days — or 72 hours if you ask.

10

Your Rights

You have the right to:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Request correction of inaccurate personal data.
  • Deletion. Request deletion of your account and all associated data.
  • Data portability. Request an export of your data in a machine-readable format.
  • Withdraw consent. Withdraw consent for optional processing (such as Gmail integration or AI features) at any time.
  • Object. Object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at support@ourfamilydefender.com. We will respond within 30 days.

In plain English: It's your data. Access, export, or delete it whenever you want.

11

Children's Privacy

Our Family Defender does not knowingly collect personal information directly from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

The service is designed for use by adults — parents, attorneys, and professionals — who may enter information about minor children as part of custody case documentation. This information is entered and controlled by the adult account holder, not by the children themselves.

If you believe a child under 13 has provided us with personal information, please contact us immediately at support@ourfamilydefender.com.

In plain English: Our Family Defender is for adults. We don't knowingly collect data from anyone under 13.

12

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know. Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to delete. Request deletion of your personal information, subject to certain exceptions.
  • Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights.
  • No sale of data. We do not sell personal information and have not sold personal information in the preceding 12 months.

To exercise your CCPA rights, contact us at support@ourfamilydefender.com.

In plain English: California residents have extra rights — and we've never sold personal info.

13

International Data

Our Family Defender is hosted on Cloudflare's global network. Your data may be processed in data centers located in the United States and other countries where Cloudflare operates. By using the service, you consent to the transfer of your data to these locations.

If you are located in the European Economic Area, United Kingdom, or other regions with data-protection laws, we process your data based on your explicit consent (provided at account creation) and our legitimate interest in providing the service.

In plain English: We're hosted globally; using Our Family Defender means your data may be processed in the US.

14

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or in-app notification at least 30 days before the changes take effect.

The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the service after changes take effect constitutes acceptance of the revised policy.

In plain English: We'll give you 30 days' notice before any material change.

15

Contact

Questions about this policy or how your data is handled? We're one email away — reach the Our Family Defender team and we'll respond within 30 days.