Privacy Policy
Effective Date: June 23, 2026
1. Introduction
Ditri ("we", "us", "our") operates ditri.ai. We are committed to protecting your privacy and your family's data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.
2. Information We Collect
- Account info: name, email, password (hashed via Supabase Auth)
- Child profiles: name, date of birth, diagnoses, care notes, developmental milestones
- Care team data: member roles, permissions, communication preferences
- Calendar & scheduling data: appointments, therapy sessions, school events
- Documents: IEPs, evaluations, prescriptions, care plans uploaded by you
- Usage data: log data, device info, IP address, pages visited
- AI interaction data: prompts, responses, and journal entries used to generate insights
3. How We Use Your Data
- Provide and maintain the Ditri platform
- Generate personalized AI insights, advocacy responses, and care recommendations
- Coordinate care team communications and calendar sync
- Process payments and manage subscriptions
- Send essential service notifications
- Improve and personalize the user experience
- Comply with legal obligations
4. Data Storage & Security
- Data stored on Supabase (PostgreSQL) with row-level security
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Role-based access controls enforced at application and database levels
- Regular security audits and vulnerability assessments
We never sell your personal data or your children's data. Ever.
5. Third-Party Services
We use the following third-party services to operate the platform:
- Supabase — Database, authentication, file storage
- Anthropic (Claude) — AI features (prompts processed but NOT used to train models)
- Google — OAuth login, Calendar sync (calendar.readonly scope)
- Stripe — Payment processing (we never store card numbers)
- OneSignal — Push notifications (device identifiers and push tokens stored by OneSignal to deliver notifications)
6. Children's Privacy (COPPA Compliance)
- We do not knowingly collect data directly from children under 13
- All child profile data is entered and controlled by parents/legal guardians
- Parents have full control: view, edit, export, or delete all child data at any time
- AI features process child data only to serve the parent/guardian
7. Data Practices
Your family's data is encrypted in transit and at rest. We never sell your data and never use it to train AI models. Data is shared only with the service providers required to operate Ditri (hosting, AI processing, notifications, payments) and with care team members you invite. You may export or delete your data at any time from Settings.
8. Your Rights
- Access, correct, or delete your personal data
- Export all your data (profiles, journals, documents) in portable format
- Opt out of non-essential communications
- Request complete account deletion and data erasure
- California residents: CCPA rights (Do Not Sell, Right to Know, Right to Delete)
- EU/UK residents: GDPR rights (data portability, right to be forgotten, DPA on request)
9. Data Retention
- Active accounts: retained while account is active
- Deleted accounts: data permanently deleted within 30 days
- Backups: purged within 90 days of deletion request
- Waitlist emails: retained until launch or until unsubscribe
10. Changes to This Policy
We may update this policy. Material changes communicated via email and in-app notice at least 30 days before taking effect.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us: