Privacy Policy

Effective Date: May 20, 2026

1. Introduction

LifeMap AI ("we", "us", "our") operates lifemap-ai.com. We are committed to protecting your privacy and your family's data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.

2. Information We Collect

  • Account info: name, email, password (hashed via Supabase Auth)
  • Child profiles: name, date of birth, diagnoses, care notes, developmental milestones
  • Care team data: member roles, permissions, communication preferences
  • Calendar & scheduling data: appointments, therapy sessions, school events
  • Documents: IEPs, evaluations, prescriptions, care plans uploaded by you
  • Usage data: log data, device info, IP address, pages visited
  • AI interaction data: prompts, responses, and journal entries used to generate insights

3. How We Use Your Data

  • Provide and maintain the LifeMap AI platform
  • Generate personalized AI insights, advocacy responses, and care recommendations
  • Coordinate care team communications and calendar sync
  • Process payments and manage subscriptions
  • Send essential service notifications
  • Improve and personalize the user experience
  • Comply with legal obligations

4. Data Storage & Security

  • Data stored on Supabase (PostgreSQL) with row-level security
  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls enforced at application and database levels
  • Regular security audits and vulnerability assessments

We never sell your personal data or your children's data. Ever.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — Database, authentication, file storage
  • Anthropic (Claude) — AI features (prompts processed but NOT used to train models)
  • Google — OAuth login, Calendar sync (calendar.readonly scope)
  • Stripe — Payment processing (we never store card numbers)

6. Children's Privacy (COPPA Compliance)

  • We do not knowingly collect data directly from children under 13
  • All child profile data is entered and controlled by parents/legal guardians
  • Parents have full control: view, edit, export, or delete all child data at any time
  • AI features process child data only to serve the parent/guardian

7. Your Rights

  • Access, correct, or delete your personal data
  • Export all your data (profiles, journals, documents) in portable format
  • Opt out of non-essential communications
  • Request complete account deletion and data erasure
  • California residents: CCPA rights (Do Not Sell, Right to Know, Right to Delete)
  • EU/UK residents: GDPR rights (data portability, right to be forgotten, DPA on request)

8. Data Retention

  • Active accounts: retained while account is active
  • Deleted accounts: data permanently deleted within 30 days
  • Backups: purged within 90 days of deletion request
  • Waitlist emails: retained until launch or until unsubscribe

9. Changes to This Policy

We may update this policy. Material changes communicated via email and in-app notice at least 30 days before taking effect.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: