Understanding Australian Privacy Law for Co-Parenting Apps

Why privacy law matters for co-parenting

Co-parenting platforms handle some of the most sensitive personal information imaginable: children's names, medical details, school information, financial records, and the communications between separated parents. Under Australian law, this data is protected by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

The 13 Australian Privacy Principles

The APPs set the standard for how Australian organisations must handle personal information. Here are the ones most relevant to co-parenting:

APP 1 — Open and transparent management

A platform must have a clear, publicly available privacy policy that explains how it handles your data. If you can't find the privacy policy, or it's buried in legal jargon, that's a red flag.

APP 3 — Collection of solicited personal information

A platform should only collect information it actually needs. A co-parenting app asking for your employment history, social media profiles, or contact list would be over-collecting.

APP 6 — Use or disclosure

Your data shouldn't be used for purposes you didn't agree to. A co-parenting platform selling de-identified user data to advertisers would likely breach APP 6.

APP 11 — Security of personal information

This is the big one. Platforms must take reasonable steps to protect your data from misuse, interference, loss, and unauthorised access. For a co-parenting platform, this means:

• Encryption at rest (your data is encrypted on the server)
• Encryption in transit (your data is encrypted between your device and the server)
• Access controls (only you and your co-parent can see shared records)
• Audit logging (every access is recorded)

Notifiable Data Breaches

If a platform suffers a data breach that's likely to result in serious harm, it must notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC). This is mandatory under the Privacy Amendment (Notifiable Data Breaches) Act 2017.

Data sovereignty: Where is your data stored?

Under APP 8, organisations must take reasonable steps to ensure overseas recipients don't breach the APPs. Many co-parenting platforms are US-based, meaning your data is stored under US law — which has very different privacy protections to Australia.

CoParentOS stores data in Singapore (AWS ap-southeast-1 region), which has comparable privacy protections and lower latency for Australian users.

Retention: How long is your data kept?

Australian tax law requires financial records to be kept for at least 5 years (ATO) to 7 years (Corporations Act 2001). Co-parenting records — especially expenses and handovers — may be relevant to family law proceedings years after they were created.

A platform that deletes your data 90 days after you stop paying is not compliant with Australian law.

The takeaway: Before you enter your child's details into any platform, read the privacy policy. Look for Australian-specific compliance, clear retention periods, and encryption in transit and at rest.