Security
Data Handling & Retention
Version 1.0 · Effective 19 June 2026
Data minimisation
We collect only what the platform needs to function. No advertising data, no browsing history, no unnecessary personal details. Every field in the database exists for a specific co-parenting purpose. See our Privacy Policy for a full list of what we collect and why.
Where your data lives
All platform data — your expenses, messages, calendar, documents, and child profiles — is stored in a managed database in Singapore (AWS ap-southeast-1). Files you upload are stored in encrypted cloud storage in the same region.
Application code runs on a global edge network for fast access wherever you are. Payment information is processed through Stripe — we never receive or store your full card number.
How we use your data
Your data is used only to operate the co-parenting platform:
- Expense records, messages, calendar, and documents — visible to both parents in your household
- Authentication — verifying who you are when you log in
- Audit logging — an immutable record of changes, required for evidence integrity
- Service emails — password resets, security alerts, subscription notifications
What we don't do:
- We don't sell your data. Ever.
- We don't use your data for advertising.
- We don't share your data with data brokers.
- We don't use your data to train AI models without your explicit consent.
Data portability
Your data is yours. You can export it at any time through the Dashboard. Exports include expenses with status history, messages, calendar events, and evidence files — in structured formats with full metadata.
If you need a complete export beyond what the self-service tool provides, contact privacy@coparentos.com.au. We'll provide a machine-readable export within 30 days. No charge.
Retention periods
| Data type | Retention period | Why |
|---|---|---|
| Financial records (expenses, payments) | 7 years | ATO record-keeping requirements |
| Parenting records (plans, schedules, messages) | Until youngest child turns 25 | Family law limitation periods |
| Legal documents | 7 years after last legal action | May be needed for future proceedings |
| Audit logs | 7 years | Evidence integrity and compliance |
| Authentication logs | 1 year | Security monitoring |
Retention aligns with the Income Tax Assessment Act 1936 (s 262A), the Corporations Act 2001 (s 286), and the Family Law Act 1975.
What happens when a subscription ends
- 90-day export window: Your data stays accessible in read-only mode. Both parents can export everything.
- Cold storage: After 90 days, data is moved to secure cold storage — not accessible through the platform but retained for the full legal period.
- Deletion: After the retention period expires (7 years for financial records, until youngest child turns 25 for parenting records), data is permanently deleted.
You can also request deletion of your data once the legal retention period has passed. Contact privacy@coparentos.com.au.
Death or incapacity of a parent
If a co-parent dies or becomes permanently incapacitated, household records remain available to the surviving parent through their own account. The deceased parent's personal records can be accessed by a nominated Legacy Contact, the estate executor, or by court order.
We recommend every parent set up a Legacy Contact in Account Settings. It's free, takes a minute, and ensures your records are accessible if the worst happens. See our Privacy Policy (APP 11) for full details.
Data breach notification
If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.
We maintain a documented incident response plan and conduct periodic testing.
Questions?
Contact privacy@coparentos.com.au for data-related enquiries or security@coparentos.com.au for security questions.