This Privacy Policy explains how CoParent Pilot, LLC ("CoParent Pilot," "we," "us," or "our") collects, uses, retains, and shares information when you use the CoParent Pilot web application and related services (the "Service"). This Policy is part of, and uses terms defined in, our Terms of Service.

Three things make CoParent Pilot different, and you should understand them before you use the Service: (1) parent-to-parent communications — and any calendar entry, note, upload, journal entry, or expense entry you share with your co-parent — are preserved permanently and cannot be deleted by anyone until the youngest child in your family profile turns 18; (2) communications with your connected attorney are end-to-end encrypted and we can never access, view, or recover them; and (3) the Service is offered only in the United States. Content you do not share with your co-parent stays under your control.

1. United States Only

The Service is directed solely to individuals residing in the United States, its territories, and possessions. We do not market to, offer service in, or knowingly collect personal information from individuals located outside the United States. All data is stored on servers located in the United States. Because the Service is U.S.-only, this Policy is written to comply with U.S. federal and state law; it does not implement, and we do not undertake compliance with, the GDPR, UK GDPR, PIPEDA, or other non-U.S. privacy regimes. If you use the Service from outside the United States in violation of our Terms of Service, you do so at your own risk and your information will be processed in the United States under U.S. law.

2. Information We Collect

• Account information: name, email address, phone number, password (hashed), state of residence, and account settings.
• Family profile information: information you, an adult user, enter about your family, including your children’s names, birthdates, school, health, and activity details, and your co-parent’s name and contact information. The youngest child’s birthdate is also used to compute the retention period described in Section 5.
• The Permanent Record: the contents of parent-to-parent messages and attachments, plus any calendar entry, note, upload, journal entry, or expense entry you share with or post to your co-parent ("Shared Content"), together with associated metadata (timestamps, delivery and read events, sharing events, edit attempts).
• Private Content: your calendars, notes, journals, uploads, drafts, and expense entries that you have not shared with your co-parent, which remain under your control.
• Attorney-channel data: encrypted ciphertext of attorney communications (we cannot read it) and limited non-content records (e.g., that an attorney connection exists, connection dates, message counts).
• Payment information: processed by our payment processor; we receive plan, status, and partial card details, not full card numbers.
• Device and usage information: IP address, browser type, device identifiers, log data, and in-app activity, collected directly and through cookies and similar technologies.

3. How We Use Information

We use information to: provide and secure the Service; create and preserve the Permanent Record as described in Section 5; operate the encrypted attorney channel; process payments; provide support; send service, security, and legal notices; send marketing email you can opt out of at any time (see the CAN-SPAM Act, 15 USC 7701 et seq.; detect and prevent fraud, abuse, and violations of our Terms; and comply with law. We do not sell your personal information, we do not share it for cross-context behavioral advertising, and we do not use the contents of your communications for advertising or to train artificial-intelligence models.

4. Legal Bases You Are Agreeing To (Stored Communications Act)

CoParent Pilot stores the contents of user communications as a provider of electronic communication and remote computing services. Federal law generally prohibits us from disclosing the contents of stored communications, 18 USC 2702(a), subject to exceptions including disclosure to an addressee or intended recipient, 18 USC 2702(b)(1), disclosure with the lawful consent of the originator, addressee, or intended recipient, 18 USC 2702(b)(3), and disclosure compelled by legal process, 18 USC 2703. By using the Permanent Record you consent to the storage and disclosures described in Section 6.3 of the Terms of Service and Section 7 below.

5. Retention — The Permanent Record

5.1 Retention Until the Youngest Child Turns 18

The Permanent Record — parent-to-parent communications plus all Shared Content (any calendar entry, note, upload, journal entry, or expense entry shared with or posted to your co-parent) — is retained until the youngest child identified in your family profile reaches age 18. It cannot be edited, deleted, or "unshared" during that period by you, your co-parent, or CoParent Pilot support staff — even if you close your account, stop paying, or both parents request deletion. Once an item is shared, the as-shared version is preserved permanently, even if you later edit or delete your own copy. This retention is the product you are purchasing: a complete, tamper-resistant record of co-parenting communications suitable for use in court.

5.2 Retention of Other Data

• Private Content: retained until you delete it or close your account; deleted from production systems within 30 days of deletion and from backups within 90 days.
• Attorney-channel ciphertext: retained while the connection is active and deleted 90 days after you disconnect the attorney or close your account. We cannot read it at any point.
• Account and billing records: retained for the life of the account plus the period required for tax, accounting, and legal-defense purposes (generally 7 years).
• Device/usage logs: retained up to 24 months, then deleted or de-identified.

5.3 After the Retention Period

When the youngest child in the family profile turns 18, the parties will be offered a 90 day window to export the Permanent Record, after which it will be permanently deleted.

6. Attorney-Connected Communications — Zero Access

Communications between you and your connected attorney are end-to-end encrypted on your devices. CoParent Pilot does not possess the decryption keys. We cannot access, view, scan, moderate, restore, recover, or produce the contents of attorney-connected communications — for you, for your co-parent, for ourselves, or in response to a subpoena, warrant, or court order. If we receive legal process directed at attorney-channel content, we can produce only encrypted ciphertext and the limited non-content records described in Section 2. If you lose your keys or credentials, that content is permanently unrecoverable.

7. How We Share Information

• With your co-parent: the Permanent Record — messages and Shared Content — is, by design, visible to both connected co-parents. Private Content is never visible to your co-parent unless and until you share it, at which point it becomes part of the Permanent Record.
• With your connected attorney: content you send through the attorney channel, and any portions of your account you affirmatively grant your attorney permission to view.
• Service providers: hosting, security, payment, analytics, and support vendors bound by contract to use information only to provide services to us.
• Legal process and safety: we disclose information, including Permanent Record contents, in response to valid subpoenas, court orders, and warrants consistent with the Stored Communications Act, 18 USC 2703, and we may disclose information to a governmental entity if we believe in good faith that an emergency involving danger of death or serious physical injury requires disclosure without delay, 18 USC 2702(b)(8), (c)(4). We report apparent child sexual abuse material to the National Center for Missing & Exploited Children as required by 18 USC 2258A.
• Business transfers: in a merger, acquisition, financing, or sale of assets, information may be transferred subject to this Policy’s retention commitments; any successor remains bound by Section 5 and Section 6.
• We never: sell personal information, rent user lists, or disclose the Permanent Record to advertisers or data brokers.

8. Children’s Privacy

The Service is for adults 18 and older. It is not directed to children under 13, and we do not knowingly collect personal information online from children, within the meaning of the Children’s Online Privacy Protection Act, 15 USC 6501(1), 6502(a)(1). Information about children in the Service is entered by their parents or legal guardians — adults — as part of the family profile and Permanent Record. If we learn that a child under 13 has created an account or submitted personal information directly to us, we will delete the account and that information promptly. To report it, contact info@coparentpilot.com.

9. Your Privacy Rights and Choices

9.1 All Users

You may access and update account information in settings; export your Permanent Record and Private Content at any time; delete Private Content at any time; opt out of marketing email via the unsubscribe link; and manage cookies through your browser.

9.2 State Privacy Rights

Depending on your state of residence (e.g., California, Colorado, Connecticut, Texas, Virginia, and others), you may have rights to access, correct, delete, or obtain a portable copy of personal information, and to appeal a denial. Submit requests to info@coparentpilot.com; we will verify your identity and respond within the time required by your state’s law.

Important limitation: state-law deletion rights do not override the Permanent Record retention described in Section 5. State privacy statutes recognize exceptions to deletion, including where retention is necessary to perform the contract between the business and the consumer — which is exactly what the Permanent Record is. See, e.g., Cal Civ Code 1798.105(a), (c)-(d) (right to delete and its exceptions). A deletion request will be honored as to all other personal information we hold about you, consistent with Section 5.2.

We do not discriminate against users for exercising privacy rights. Because we do not sell personal information or share it for cross-context behavioral advertising, there is nothing to opt out of under those provisions, and we treat universal opt-out signals (e.g., Global Privacy Control) accordingly.

10. Security and Breach Notification

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption in transit and at rest, role-based access controls, audit logging, and tamper-evident storage for the Permanent Record. No system is perfectly secure; we cannot guarantee absolute security. If a security breach affects your unencrypted personal information, we will notify you without unreasonable delay as required by applicable state breach-notification laws, including Michigan’s Identity Theft Protection Act, MCL 445.72, and the breach-notification law of your state of residence.

11. Changes to This Policy

We may update this Policy prospectively. Material changes will be announced by email and in-app notice at least 30 days before they take effect. We will never retroactively weaken the retention commitments in Section 5 or the zero-access commitment in Section 6 for communications already sent.

12. Contact Us

CoParent Pilot, LLC, 307 W 6th St., Suite 207, Royal Oak, MI 48067, Attn: Privacy, info@coparentpilot.com.