CoParentOS

Legal

Privacy Policy

Last updated: 19 June 2026

CoParentOS Privacy Policy

Last updated: 19 June 2026

About This Policy

CoParentOS ("we", "us", "our") is a co-parenting platform operated by Digital Enterprises (ABN 23 991 493 713). This privacy policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We built CoParentOS to help separated parents keep a shared, accurate record of expenses, communications, schedules, and child-related administration. The data you enter belongs to you. We handle it with care.

If you have questions about this policy, contact us at privacy@coparentos.com.au.

APP 1 — Open and Transparent Management

We manage personal information openly and transparently. This policy is:

  • Published at [coparentos.com.au/privacy] and linked from every page of the application
  • Available free of charge
  • Written in plain language

We review this policy at least annually. Updates are posted here with the date of change. If we make material changes that affect your rights, we will notify you by email and through the application.

APP 2 — Anonymity and Pseudonymity

You cannot use CoParentOS anonymously or pseudonymously. The platform exists to create an attributable, auditable record for two separated parents. Both parents' identities are verified and associated with a shared household.

You may browse public pages (home page, pricing) without providing personal information.

APP 3 — Collection of Solicited Personal Information

What We Collect

We collect only the information needed to operate the platform. We collect it directly from you.

Account information:

  • Email address
  • Display name
  • Relationship to the household (parent, admin)

Household information:

  • Household name (the family group)
  • Children's names and dates of birth (entered by a parent)

Platform data you create:

  • Expense records (merchant, amount, category, due date, payer/ower)
  • Evidence files (receipts, invoices, screenshots)
  • Messages between parents
  • Calendar events (care schedules, appointments, handovers)
  • Notes (private reflections and shared factual notes)
  • Legal documents (court orders, solicitor correspondence, police reports)
  • Financial disclosure documents (bank statements, tax returns, superannuation statements)
  • Parenting plans (living arrangements, decision-making agreements)
  • Handover check-in data (timestamps, GPS coordinates, distance from agreed location)
  • Child inbox data (provider emails forwarded from school, medical, and activity contacts)

Billing information:

  • Payment method details are processed by Stripe. We do not receive or store your full card number. We receive a token, the last four digits of your card, and its expiry date.

Automatically collected:

  • Authentication logs (login timestamps, IP addresses)
  • Audit logs (who changed what and when — these are essential for the platform's evidence function)

Sensitive Information

Some data you enter may be sensitive under the Privacy Act — for example, health information about a child, or information in legal documents. We only collect sensitive information when you choose to provide it, and only where it is reasonably necessary for the platform's function.

We do not collect:

  • Government identifiers (Tax File Number, Medicare number, driver's licence number) unless you voluntarily include them in uploaded documents. We recommend you redact these before uploading.
  • Biometric information
  • Information about your political opinions, religious beliefs, or sexual orientation

APP 4 — Dealing with Unsolicited Personal Information

If we receive personal information we did not ask for (for example, if you email us supporting documents we didn't request), we will assess whether we could have collected it under APP 3. If not, we will delete or de-identify it as soon as practicable.

APP 5 — Notification of Collection

When we collect personal information, we take reasonable steps to notify you of:

  • Our identity and contact details
  • The purposes of collection
  • Who we may disclose it to
  • How you can access and correct it
  • Whether the collection is required by law
  • The consequences if you do not provide the information
  • Any cross-border disclosure

This privacy policy serves as that notification. Where we collect information through the application, we provide contextual notice at the point of collection.

APP 6 — Use and Disclosure

How We Use Your Information

We use your personal information only for the purposes for which it was collected, or for related purposes you would reasonably expect:

  • To provide the co-parenting platform (expense tracking, messaging, scheduling, child inbox, evidence retention)
  • To facilitate lawyer and professional access when you grant it
  • To process payments (via Stripe)
  • To send service emails (password reset, subscription notifications, security alerts)
  • To maintain the audit trail required for the platform's evidence function
  • To improve the platform (de-identified usage patterns only)
  • To comply with legal obligations

Who We Share It With

Both parents in your household: Platform data (expenses, messages, calendar, evidence) is visible to both parents in the shared household. This is how the platform works — it's a shared record.

Lawyers and professionals you authorise: You may grant time-limited, read-only access to specific financial disclosure documents. Access is logged and can be revoked at any time.

Our service providers:

  • Supabase Inc. — Database, authentication, and file storage (hosted in Singapore)
  • Vercel Inc. — Application hosting (global edge network)
  • Stripe Inc. — Payment processing (card data tokenised; we do not receive full card numbers)

Legal obligations: We may disclose information if required by Australian law, a court order, or a law enforcement agency with proper authority.

What We Don't Do

  • We do not sell your data. Ever.
  • We do not use your data for advertising.
  • We do not share your data with data brokers.
  • We do not use your data to train AI models unless you explicitly opt into an AI feature (e.g., document analysis).

APP 7 — Direct Marketing

We send only service-related emails (account notifications, subscription receipts, security alerts) and, with your express consent, an optional co-parenting newsletter. We do not use personal information for third-party direct marketing.

APP 8 — Cross-Border Disclosure

Where Your Data Is Stored

Personal information you provide is stored with:

Service ProviderLocationData Stored
SupabaseSingapore (ap-southeast-1, AWS)All platform data (database, files, auth)
VercelGlobal edge (US, Europe, Asia-Pacific)Application code and serverless function logs
StripeGlobal (primary processing in United States)Payment tokens and transaction records

By using CoParentOS, you acknowledge that your data may be stored in Singapore and processed in the United States.

We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs. Supabase, Vercel, and Stripe each maintain industry-standard security certifications (SOC 2, ISO 27001).

APP 9 — Adoption, Use, or Disclosure of Government-Related Identifiers

We do not adopt, use, or disclose government-related identifiers (Tax File Numbers, Medicare numbers, Centrelink reference numbers, driver's licence numbers) as our own identifiers. Our internal record identifiers are UUIDs generated by the system.

If you upload documents that contain government identifiers, we do not extract or index them separately. We recommend redacting identifiers you don't need to share before uploading.

APP 10 — Quality of Personal Information

We take reasonable steps to ensure the personal information we hold is accurate, up-to-date, and complete.

  • You enter and maintain your own information — you are best placed to ensure its accuracy
  • The platform provides status workflows (e.g., expense queries) that let either parent flag potential inaccuracies
  • You can update your profile information at any time through the Settings page
  • Audit logs capture who made what change and when — errors can be identified and traced

APP 11 — Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security practices are documented in our Security Policy. Key measures include:

  • Encryption: AES-256 at rest (Supabase); TLS 1.3 in transit
  • Access control: Row Level Security ensures each household's data is isolated; multi-factor authentication required
  • Audit logging: All data changes are logged with timestamps and actor identification
  • Vendor assessment: All service providers assessed for security (vendor details available on request)

If we become aware of a data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

APP 12 — Access to Personal Information

You have the right to access the personal information we hold about you. Most of your information is accessible directly through the application — you can view your expenses, messages, calendar, documents, and settings at any time.

If you need information beyond what's available in the application, or if you want a structured export, contact us at privacy@coparentos.com.au. We will respond within 30 days. We may need to verify your identity before releasing information.

There is no charge for making an access request. We may charge a reasonable fee for providing access if the request is complex or resource-intensive — we will let you know before proceeding.

We may refuse access in limited circumstances permitted by the Privacy Act (for example, where access would unreasonably impact another person's privacy). If we refuse access, we will tell you why in writing.

APP 13 — Correction of Personal Information

You have the right to correct personal information we hold about you. You can correct most information directly through the application. Changes are logged in the audit trail and may be visible to the other parent in your household.

If you believe information is incorrect and cannot correct it yourself, contact us at privacy@coparentos.com.au. We will respond within 30 days.

If we refuse to correct information, we will tell you why. You may request that we attach a statement of your view to the information.

Data Retention

See our Data Handling and Retention Policy for detailed retention periods. In summary:

  • Paid accounts: Records are preserved for the life of the subscription plus the full legal retention period (7 years minimum)
  • Unpaid/inactive accounts: Data enters read-only mode for a 90-day export window after subscription expiry. After the export window, data is moved to secure cold storage and retained for the full legal retention period (7 years for financial records; parenting records until youngest child turns 25). It is not deleted at 90 days.
  • Deletion requests: You can request deletion of your data after the legal retention period has expired. We will comply unless we need to retain it for legal reasons (e.g., to defend a legal claim or comply with statutory obligations)

Children's Privacy

CoParentOS does not allow children to create accounts, log in, or interact directly with the platform. All child-related data is entered by an adult parent. See our Child Safety Policy for more information.

APP 11 — Death, Incapacity, and Data Access

Under APP 11, we must take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. The death or permanent incapacity of a co-parent presents a unique challenge: the surviving parent, the child's guardian, and the deceased parent's estate may all have legitimate interests in accessing the records.

Surviving Co-Parent

Shared household records (expenses, calendar, messages, parenting plans, child inbox) remain accessible to the surviving co-parent through their own account. No special request is required for shared data — it belongs to the household, not to an individual parent.

Deceased Parent's Personal Records

Personal records belonging to the deceased or incapacitated parent (private notes, personal settings, personal messages not shared with the household) are archived. Access may be granted to:

  • A nominated Legacy Contact: Each parent can designate a Legacy Contact in Account Settings. Upon verified death or permanent incapacity, the Legacy Contact receives read-only access to the deceased parent's personal records.
  • The executor or administrator: Upon presentation of a Grant of Probate or Letters of Administration, the estate's legal representative may access the deceased parent's records. This is particularly relevant for financial records needed for estate administration, outstanding expense claims, or Family Court proceedings.
  • Pursuant to a court order: Records may be released under subpoena or court order.

Verification

To protect against unauthorised or premature access, we require:

  • A certified copy of the death certificate, or
  • A medical certificate of permanent incapacity from a treating specialist, or
  • A Grant of Probate or Letters of Administration, or
  • A court order

We will respond to verified requests within 10 business days. Access is read-only — no changes can be made to a deceased parent's records.

Notification

When a death or permanent incapacity is verified:

  • The surviving co-parent is notified (if not the applicant)
  • Any nominated Legacy Contact is notified
  • The deceased parent's account is marked as archived (not deleted)
  • Data retention continues according to the standard retention schedule (see Data Handling Policy)

If Both Parents Are Deceased

Where both parents are deceased and the child is a minor, the child's legal guardian or a court-appointed representative may apply for access to the household records. Verification requires a court order, guardianship order, or equivalent legal documentation.

Complaints

If you have a complaint about how we have handled your personal information, contact us at privacy@coparentos.com.au. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5218, Sydney NSW 2001

Contact

Privacy Officer CoParentOS Email: privacy@coparentos.com.au

Legal Framework

This policy is written to comply with:

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles (APPs), Schedule 1 of the Privacy Act
  • Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
  • Office of the Australian Information Commissioner (OAIC) guidance for health service providers and small businesses