1. Introduction
ND Family Support Platform ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
Please read this Privacy Policy carefully. By using our Service, you consent to the practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide when using our Service:
- Account Information: Name, email address, and authentication provider details (Google, Microsoft, Apple, etc.)
- Assessment Data: Responses to our 8-step assessment, including diagnosis information, age, challenges, support systems, and goals
- Questions and Conversations: Questions you ask our AI system and the resulting conversation history
- Custom PDF Requests: Topics, specific needs, and preferences for custom PDF guides (Professional tier only)
- Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
- Email Preferences: Subscription status for marketing emails and drip campaigns
2.2 Information Collected Automatically
When you access our Service, we automatically collect certain information:
- Usage Data: Pages visited, features used, time spent on the platform, question count, PDF downloads
- Device Information: Browser type, operating system, device type, IP address
- Cookies and Tracking: Session cookies, authentication tokens, analytics cookies
- Log Data: Server logs including timestamps, errors, and system events
2.3 Information from Third Parties
We receive limited information from third-party services:
- OAuth Providers: Basic profile information (name, email) from Google, Microsoft, Apple when you sign in
- Payment Processor: Payment confirmation and subscription status from Stripe
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 To Provide and Improve Our Service
- Deliver personalized AI-powered responses to your questions
- Tailor guidance based on your assessment data
- Track question limits and subscription features
- Process PDF downloads and custom PDF requests
- Improve our AI models and response accuracy
- Develop new features and resources
3.2 To Communicate with You
- Send welcome emails and onboarding guidance
- Deliver educational drip campaigns (if subscribed)
- Notify you of custom PDF completion
- Send payment confirmations and receipts
- Respond to your support inquiries
- Provide important service updates
3.3 For Analytics and Research
- Analyze usage patterns and trends
- Measure platform performance and engagement
- Conduct research on neurodivergent family support (using anonymized data)
- Generate aggregate statistics (e.g., "500+ families supported")
3.4 For Legal and Security Purposes
- Prevent fraud and abuse
- Enforce our Terms of Service
- Comply with legal obligations
- Protect our rights and the safety of our users
4. How We Share Your Information
We do NOT sell your personal information. We may share your information only in the following circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our Service:
- Manus (Platform Provider): Hosting, infrastructure, and OAuth authentication
- Stripe: Payment processing and subscription management
- SendGrid: Email delivery for transactional and marketing emails
- OpenAI: AI-powered question answering (anonymized queries only)
- Cloud Storage: Secure storage for PDF files and user data
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
4.2 Legal Requirements
We may disclose your information if required by law or in response to:
- Court orders or subpoenas
- Government or regulatory requests
- Legal processes or investigations
- Protection of our rights or safety of others
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you of any such change and your options regarding your data.
4.4 With Your Consent
We may share your information for other purposes with your explicit consent.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted over the internet is encrypted using HTTPS/TLS
- Secure Storage: Data at rest is encrypted in our databases
- Access Controls: Limited employee access to personal data on a need-to-know basis
- Authentication: Secure OAuth login with session management
- Regular Audits: Periodic security reviews and vulnerability assessments
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to provide our Service and comply with legal obligations:
- Active Accounts: Data retained while your account is active
- Deleted Accounts: Most data deleted within 30 days of account deletion
- Legal Requirements: Some data (e.g., payment records) retained for 7 years for tax/legal compliance
- Anonymized Data: Aggregated, anonymized data may be retained indefinitely for research
7. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
7.1 Access and Portability
- Request a copy of your personal data
- Export your conversation history and assessment data
7.2 Correction and Deletion
- Update or correct inaccurate information in your account settings
- Request deletion of your account and associated data
7.3 Opt-Out and Unsubscribe
- Unsubscribe from marketing emails via the link in any email
- Manage email preferences in your account settings
- Opt out of analytics cookies (though this may affect functionality)
7.4 Data Restriction and Objection
- Request restriction of processing in certain circumstances
- Object to processing based on legitimate interests
To exercise these rights, please contact us at [email protected]. We will respond within 30 days.
8. Children's Privacy
Our Service is intended for parents and caregivers of neurodivergent individuals. We do not knowingly collect personal information from children under 13.
While you may provide information about your child in assessments and questions, we do not require children to create accounts or provide their own personal information.
If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.
By using our Service, you consent to the transfer of your information to:
- United States (where our servers are located)
- Other countries where our service providers operate
We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience:
10.1 Essential Cookies
- Session Cookies: Keep you logged in and maintain your session
- Authentication Tokens: Verify your identity securely
10.2 Analytics Cookies
- Usage Analytics: Track page views, feature usage, and engagement
- Performance Monitoring: Identify errors and optimize performance
10.3 Managing Cookies
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of our Service.
11. Third-Party Links
Our Service may contain links to third-party websites or resources. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of our Service after changes constitutes acceptance of the updated Privacy Policy.
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect and how it's used
- Right to delete your personal information (with certain exceptions)
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, contact us at [email protected].
14. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Our legal basis for processing your data includes:
- Contract: To provide our Service as agreed
- Consent: For marketing communications and optional features
- Legitimate Interests: To improve our Service and prevent fraud
- Legal Obligation: To comply with applicable laws
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
By using the ND Family Support Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.