Parenting Path, Inc. (“Parenting Path,” “we,” “us,” or “our”) operates the Parenting Path mobile application and website at parentingpath.net (together, the “Service”). We take the privacy of co-parents, children, and domestic violence survivors seriously. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have over it.
Because our Service is used in legally sensitive situations — including court-ordered co-parenting, domestic violence safety planning, and family law proceedings — we have built our data practices around the principle that less data, held more securely, is always better.
If you are a California resident, the additional disclosures in the California Privacy Rights section apply to you. If you are located in the European Union or United Kingdom, the GDPR/UK GDPR section applies to you.
Information We Collect
1.1 Information You Provide Directly
Account information. When you register, we collect your first name, last name, email address, and password (stored as a bcrypt hash — we never store your actual password). You may optionally provide a phone number, profile photo, timezone, language preference, and date format preference.
Family and child information. To use the co-parenting features, you create a family unit and optionally add child profiles. Child profiles may include the child’s name, date of birth, school information, allergies, medications, and emergency contacts. This information is voluntarily provided by you and is shared between both co-parents in your family unit.
Messages. We store all messages sent through the Service. This is a core feature of the product — the message record is tamper-evident and may be used in legal proceedings. Messages cannot be deleted once sent.
Expenses and receipts. We store expense records and receipt photos. Receipt photos are stored in Cloudflare R2 storage.
Court orders. We store court order PDF documents you upload. These are processed through AWS Textract for text extraction and through our AI service for clause identification. The original PDF and extracted text are stored.
Calendar events. We store all calendar events you create, including change requests and their outcomes.
Safety information. Safety preferences are stored per user. Safety events (screenshot alerts, quick-exit triggers, new device logins) are logged in an append-only record. The safety journal is encrypted on your device using AES-256-GCM encryption. The encryption keys are stored in your device’s secure enclave. We never receive, store, or can access the plaintext content of your safety journal.
Payment information. We do not collect or store your payment card information. All payment processing is handled by Stripe, Inc. We store the subscription status, plan, Stripe customer ID, and invoice history associated with your account.
Professional account information. Attorneys, mediators, guardians ad litem, and other professionals who create professional accounts provide their bar number or professional licence number, firm name, and state. This information is verified before the account is activated.
1.2 Information We Collect Automatically
Device and usage data. When you use the Service, we automatically collect your device type (iOS or Android), operating system version, app version, device model, and a push notification token issued by Expo. We also collect information about how you use the Service — which features you use, when, and how often — for the purpose of improving the product and detecting abuse.
Log data. Our servers record standard log data including your IP address, request timestamps, and API endpoints accessed. Professional accounts additionally log every data access event (which family data was viewed, when, and from which IP address).
Crash reports. We use Sentry to collect crash reports. Crash reports may include device information, the sequence of actions leading to the crash, and in some cases a device identifier. Crash reports do not include message content, expense details, or other personal co-parenting data.
Analytics. We use Google Analytics 4 to understand how visitors use our website (parentingpath.net). This does not apply to the mobile app, which uses only product analytics for crash reporting and feature usage (via Sentry). We do not use advertising-based analytics.
Google Analytics: We use Google Analytics to understand how our website is used. Google Analytics collects information anonymously and reports website trends without identifying individual visitors.
Location data. We do not collect your location data continuously or without your consent. If you choose to enable exchange-only location sharing for a custody exchange event, your real-time location is shared with your co-parent only during the defined exchange window (30 minutes before and after the scheduled exchange). Location data from that window is deleted from our servers immediately when the window closes. Outside of exchange windows, we never access your location.
Photo metadata (EXIF) stripping. Every photo you upload through any part of the Service — messages, receipts, profile photos, court order scans — has all EXIF metadata (including GPS coordinates, device model, and timestamps) stripped before the photo is stored. We do this automatically on every photo upload without exception. This is a safety requirement, not optional behaviour.
1.3 Information from Third Parties
We receive limited information from the following third parties as part of operating the Service:
Stripe. After a payment event, Stripe sends us a webhook notification containing your subscription status, the amount charged, and the billing period. We do not receive your card number or bank details from Stripe.
Google (Calendar OAuth). If you connect your Google Calendar, we receive an OAuth access token and refresh token from Google. These are stored encrypted using AES-256-GCM. We use these solely to sync your calendar events. We do not access any other Google data.
Apple (CalDAV). If you connect your Apple Calendar, we receive an iCloud app-specific password from you directly (not from Apple). This is stored encrypted using AES-256-GCM and used solely for calendar sync.
How We Use Your Information
We use your information for the following purposes:
To provide the Service. To operate the co-parenting platform, including messaging, calendar management, expense tracking, court order compliance monitoring, child wellbeing tracking, dispute resolution, and court report generation.
To process AI tone analysis. When you send a message, the text content of that message is sent to Groq Cloud (our AI inference provider) for tone scoring. Groq returns a score and, when the score exceeds the threshold, three alternative rewrite suggestions. Message content sent to Groq is processed for this purpose only and is subject to Groq’s data processing terms.
To process court order documents. PDF documents you upload are sent to AWS Textract for optical character recognition. The extracted text is then processed by our AI service for clause identification. Both services process your document content for this purpose only.
To process receipts. Receipt photos are sent to AWS Textract for text extraction (amount, merchant name, date). This processing is used to pre-fill expense form fields.
To send communications. We use Mailgun to send transactional emails including email verification, password reset, report notifications, and billing receipts. For users with DV Safety Mode enabled, these emails use generic sender names and subject lines that do not identify Parenting Path.
To deliver push notifications. We use Expo’s Push Notification service, which routes notifications through Apple’s APNs and Google’s FCM, to deliver time-sensitive alerts. For users with DV Safety Mode enabled, notifications contain no identifying content — only a badge increment.
To store files. We use Cloudflare R2 (an S3-compatible cloud storage service) to store court order PDFs, expense receipt photos, court report PDFs, dispute agreement PDFs, profile photos, and safety journal attachments (encrypted). All files are stored privately with no public access.
To process payments. We use Stripe to handle subscription billing. Your payment details are entered directly into Stripe’s hosted payment form and are never transmitted to our servers.
To monitor for crashes. We use Sentry to detect and diagnose application crashes, helping us fix bugs and maintain reliability.
To prevent abuse. We use automated and manual review to detect and prevent spam, harassment, abuse of the Service, and fraudulent account activity.
To comply with legal obligations. We may use or retain your information to comply with applicable laws, respond to valid legal process, and protect the rights, property, or safety of Parenting Path, our users, or others.
How We Share Your Information
We do not sell your personal information. We do not share your personal information with third parties for advertising or marketing purposes.
We share your information only in the following circumstances:
With your co-parent. Messages, calendar events, expense records, and child wellbeing data are shared with the co-parent in your family unit. This is the core function of the product. The specific data visible to each parent is documented in the app’s feature descriptions.
With professionals you authorise. If you grant an attorney, mediator, guardian ad litem, or other professional access to your data, that professional can view the data categories you have authorised. Every access event is logged. You can revoke access at any time.
With service providers (sub-processors). We share data with the following third-party services that process data on our behalf:
AI inference
OCR processing
File storage
Email delivery
Website analytics
In response to legal process. We may disclose your information in response to a valid court order, subpoena, search warrant, or other legal process. We will notify you of any such request unless prohibited by law or unless we determine that notification would create a serious risk to you or others.
Your safety journal content is encrypted on your device and cannot be accessed by us. We cannot produce safety journal content in response to legal process because we do not hold it.
In a business transfer. If Parenting Path is acquired, merges with another company, or transfers assets in a bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you before your information is subject to a different privacy policy.
To protect safety. We may share information when we believe in good faith that disclosure is necessary to prevent imminent harm to a person or to prevent fraud.
Children’s Privacy (COPPA)
Parenting Path is designed for adults (parents, professionals) and is not intended for children. We do not knowingly collect personal information from children under the age of 13 through the registration process.
Child profiles. Co-parents may create profiles for their children within the Service. This is done by the parent (an adult user) and may include the child’s name, date of birth, school name, allergies, and medications. If the Service is used on a device accessible to the child, parents are responsible for managing that access.
Child mood data. Parents may log daily mood check-ins for their children. This data is visible to both parents and, with explicit parent consent, to a verified therapist. It is never shared for advertising or commercial purposes.
If you believe that a child under 13 has provided personal information through our registration process without parental consent, please contact us at privacy@parentingpath.net and we will delete that information promptly.
Safety Journal and Domestic Violence Data
Our Safety Journal is designed to be inaccessible to us, to Parenting Path, and to your co-parent. The encryption keys for your journal are generated on your device and stored in your device’s secure hardware enclave. We store only encrypted ciphertext on our servers — unreadable without your device key.
We cannot read your journal content. We cannot provide your journal content to law enforcement or in response to a subpoena. If you lose your device without exporting your journal, the content may not be recoverable.
Safety event log. The safety event log (screenshot alerts, quick-exit uses, new device login alerts) is stored in plaintext in our database and is accessible to us. In the event of a legal request, this log could be produced. The log does not contain the content of your communications.
DV Safety Mode preferences. Your safety preferences (which features are enabled) are stored in our database but are never transmitted to or made visible to your co-parent.
Data Retention
We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations and to maintain the integrity of court-admissible records.
| Data type | Retention period |
|---|---|
| Account data (name, email) | Retained while account is active. After deletion: 30 days for recovery, then deleted. |
| Messages | Retained indefinitely while active. Cannot be deleted — may constitute legally significant communications. After account deletion: 3 years (or longer if required by law), then deleted. |
| Expenses and receipts | Retained indefinitely while active. After deletion: 7 years for tax and legal purposes, then deleted. |
| Court orders and generated reports | Retained indefinitely while active. After deletion: 7 years, then deleted. |
| Safety event log | Retained indefinitely while active. After deletion: 1 year, then deleted. |
| Tone analysis scores | Retained indefinitely as part of the communication audit log (legally significant record). |
| Crash reports (Sentry) | 90 days. |
| Server access logs | 90 days. |
| Payment records and invoices | 7 years to comply with tax and financial recordkeeping laws. |
| Google/Apple Calendar OAuth tokens | Deleted immediately upon disconnecting your calendar or deleting your account. |
Data Security
We implement the following technical security measures:
We cannot guarantee absolute security. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by applicable law.
Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
Right to access
You may request a copy of the personal information we hold about you.
Right to correction
You may request that we correct inaccurate personal information.
Right to deletion
You may request that we delete your account and personal information. Some data (messages, expense records, court documents) may be retained for legal and compliance reasons even after an account deletion request, as described in Section 6.
Right to portability
You may request an export of your personal data in a machine-readable format.
Right to object or restrict processing
You may object to certain types of processing or request that we restrict how we use your data.
Right to withdraw consent
Where we rely on consent to process your data, you may withdraw that consent at any time.
To exercise any of these rights, email us at privacy@parentingpath.net. We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), as amended effective January 1, 2026.
Categories of personal information collected in the past 12 months
We do not sell personal information. We do not share personal information for cross-context behavioural advertising.
Sensitive personal information. We collect sensitive personal information (as defined by the CPRA) including log-in credentials, co-parent communications, health expense data, and children’s information. We use this information only to provide the Service you have requested. We do not use sensitive personal information for any purpose beyond what is necessary to provide the Service. You have the right to limit our use of your sensitive personal information to the extent the CPRA permits.
Do Not Sell or Share My Personal Information. We do not sell or share your personal information as defined by the CCPA/CPRA. To submit a rights request, email privacy@parentingpath.net or visit parentingpath.net/legal/privacy-rights.
Shine the Light. California Civil Code Section 1798.83 permits California residents to request information about disclosures to third parties for direct marketing purposes in the prior calendar year. We do not disclose personal information to third parties for direct marketing.
EU/UK GDPR
If you are located in the European Union or United Kingdom, the following additional disclosures apply.
Data controller. Parenting Path, Inc. is the data controller for personal information processed through the Service. Contact: privacy@parentingpath.net.
Legal bases for processing
Contract performance. We process your account data, messages, calendar, and expense information because it is necessary to provide the Service you have contracted for.
Legitimate interests. We process device data, log data, and crash reports based on our legitimate interest in maintaining, improving, and securing the Service.
Legal obligations. We may process data to comply with applicable legal requirements.
Consent. Where we rely on consent (such as for optional push notification content), you can withdraw consent at any time.
International data transfers
By using the Service, your data is transferred to and processed in the United States. If you are located in the EU/UK, this transfer is made pursuant to the EU–US Data Privacy Framework (where applicable) or standard contractual clauses approved by the European Commission.
Data Protection Officer
We have not appointed a formal DPO as we are a small company not engaged in large-scale systematic monitoring. Privacy enquiries should be directed to privacy@parentingpath.net.
Right to lodge a complaint
If you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with your local data protection supervisory authority.
- EU residents: European Data Protection Board — edpb.europa.eu
- UK residents: Information Commissioner’s Office — ico.org.uk
Cookies and Tracking
The Parenting Path mobile app does not use advertising cookies or third-party tracking SDKs.
The parentingpath.net website uses:
Google Analytics 4 for website traffic analysis. We use GA4 in analytics-only mode without advertising features. You can opt out via Google’s opt-out browser add-on at tools.google.com/dlpage/gaoptout.
Session cookies. Our website uses a session cookie to maintain your login state. This cookie is strictly necessary and expires when you close your browser.
We do not use advertising cookies, pixel trackers, or fingerprinting technologies.
Third-Party Links
The Service may contain links to third-party websites or services (such as links to legal resources or DV hotlines). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app and by email before the changes take effect. The “Last Updated” date at the top of this page indicates when it was last revised.
Your continued use of the Service after an updated Privacy Policy has been posted constitutes your acceptance of the changes.
Contact
For privacy questions, data access requests, or data deletion requests:
Post
Parenting Path, Inc.
United States
National Domestic Violence Hotline
1-800-799-7233 (SAFE) — Available 24/7
If you are in an emergency, call 911.