Privacy

Effective: 2026-05-25

differentpace is a calm family memory system, operated from Massachusetts. The product is designed to hold sensitive notes about your family, so the privacy posture is a feature, not a footnote. This page explains what we collect, why, who we share it with, and how you control it. We don't sell your data, and we don't use it to train any model.

Who this policy covers

This policy applies to people who use differentpace through differentpace.app and our other publicly available surfaces. The service is offered only to residents of the United States who are at least 18 years old. If you're outside the United States or under 18, please do not use the service.

What we collect

• Account basics. Email address, a display name if you provide one, and a password stored as a salted, industry-standard one-way hash — we never see your password. If you sign in with Google or Apple instead, we receive only the provider's permanent user identifier and the email/name they choose to share with us.
• Child profiles. Whatever you enter — nickname, age range, grade band, strengths, things that help, sensitivities, communication style, routines, support history. We deliberately do not have fields for legal names, birthdates, or structured diagnoses.
• Events, meetings, follow-ups. The breadcrumbs you capture, plus meeting metadata and prep notes you write.
• Documents you upload (evaluations, reports, letters). The file contents are encrypted at rest using authenticated symmetric encryption with a server-side key. The original filename and an optional note you provide are stored unencrypted so you can find them.
• Billing metadata. If you subscribe, Stripe handles payment information. We store the Stripe customer and subscription IDs returned to us; we never see card numbers.
• Operational logs. Standard web-server logs (IP address, user-agent, request path, response code), retained for approximately 30 days for operational and security purposes. If Sentry is configured for error tracking, exception information may be sent there.
• Audit log. Sensitive actions inside your family (caregiver role changes, caregiver removal, invitations sent and revoked, child or document deletion, document downloads) are recorded for security and auditability. Visible only to family owners.

Sensitive personal information

Some of what you record in differentpace qualifies as "sensitive personal information" under the California Consumer Privacy Act (and similar laws in other states): login credentials, possibly information about a child's health or disability if you write about it in a profile or breadcrumb, and the contents of documents you upload. We use this information only to operate the service for you and the people you invite into your family. We do not use sensitive personal information for advertising, profiling that produces legal or similarly significant effects, or any purpose unrelated to delivering the service.

What we do not collect

• No full legal names or birthdates for children.
• No structured diagnosis field. Diagnoses, when relevant, live in the free-text support history field as calm parent narrative.
• No third-party analytics, no tracking pixels, no advertising identifiers. We keep first-party traffic stats for ourselves (pageviews per route, devices, referrers) using a daily-rotating hash of IP and user-agent — no raw IPs are stored, and the hash cannot be linked across days. No third party ever sees your visits.
• No social or community layer; nothing is shared outside your family by default.
• No school or clinician integrations. Nothing in your family is sent to school districts, EHRs, or insurance.
• No embeddings or vector indexing of your notes.
• No precise geolocation. No biometric identifiers. No data from your contacts, calendar, microphone, or camera.

How we use what we collect

We use the data only to:

• Operate the product — render your memory surfaces, generate reflections, prepare meeting summaries.
• Send account and operational email (verification, password reset, invitations, billing receipts).
• Process subscription payments through Stripe.
• Diagnose and fix bugs, including via error tracking when Sentry is configured.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We do not use your content to train any artificial-intelligence model.

AI features

When an Anthropic API key is configured, generating a reflection or a per-meeting prep summary sends a small, recent slice of your events (typically the past few weeks of breadcrumb text, child nickname, and a short context note) to the Anthropic API. Anthropic processes the request to return a generated summary and, under their commercial terms, does not retain inputs to train their models. We do not maintain long-term embeddings or a vector store of your content.

The AI features are summaries and observations, not automated decisions that produce legal or similarly significant effects about you or anyone in your family.

Sharing inside a family

You can invite another caregiver to your family. Once they accept, they can see the same data you can, scoped to their role: Owner (full access, including billing), Caregiver (read + write), or Viewer (read-only). You can change or revoke their role at any time from the Family tab. Owners can also view the family audit log.

Service providers (subprocessors)

We rely on a small, named set of vendors who process data only on our instructions and under written agreements. Each is bound to maintain confidentiality and security commensurate with the sensitivity of the data:

• Render — application hosting and managed PostgreSQL.
• Resend — transactional email (verification, password reset, invitations, billing receipts).
• Stripe — payment processing for paid plans.
• Anthropic — AI generation for reflections and per-meeting prep summaries, only when enabled.
• Sentry — error and exception tracking, when configured.
• Google and Apple — only if you choose to sign in with their identity services.

Cookies and similar technologies

differentpace uses only essential cookies needed to operate the service:

• An authentication cookie that keeps you signed in (up to 30 days).
• A security cookie that protects forms against cross-site request forgery (up to 7 days).
• A short-lived sign-in cookie used only during the Google or Apple sign-in round-trip (10 minutes).

We do not use advertising cookies, analytics cookies, cross-site tracking, or third-party scripts that profile you. Because of that, there is no cookie consent banner. We honor Global Privacy Control (GPC) signals and Do Not Track headers, but since we don't sell or share personal information for advertising, these signals don't change how we operate.

Data retention

• Your account and content. Retained until you delete them. Account deletion removes the entire family and cascades to children, events, meetings, follow-ups, documents, reflections, invitations, and OAuth links.
• Operational logs. Approximately 30 days.
• Audit log entries. Approximately 90 days (configurable; pruned by a daily cleanup job).
• Auth tokens. Email-verification tokens and password-reset tokens are stored as one-way hashes and expire within their lifetime (1 hour for password reset).
• Backups. Backups may persist for a short rolling window after an item is deleted from the live database. We do not restore deleted user data on request after deletion.

Security and incident notification

We take reasonable and appropriate administrative, technical, and physical measures to protect your information. These include: industry-standard, salted password hashing; signed and HttpOnly session cookies; cross-site-request-forgery protection on every state-changing form; modern security response headers, including HTTP Strict Transport Security in production; rate limiting on authentication endpoints; authenticated encryption at rest for uploaded documents; one-way hashing of short-lived auth tokens; and least-privilege access controls for the operations team.

No system is perfectly secure. If we discover a security incident that involves unauthorized access to your personal information, we will notify you and the appropriate regulators within the timeframes required by applicable state law, by email to the address associated with your account.

Children's data

differentpace is built for parents and caregivers to record observations about their children, not as a service used by children. We do not knowingly accept account registrations from anyone under 13, and we do not direct the service to children. Children themselves do not have accounts, cannot sign in, and are not the audience for the product.

If you believe a child under 13 has created an account with us in violation of these terms, please contact [email protected] and we will investigate and delete the account.

Not a HIPAA covered entity

differentpace is consumer software, not a healthcare provider, health plan, healthcare clearinghouse, or business associate under the Health Insurance Portability and Accountability Act (HIPAA). Information you enter is not "Protected Health Information" within the meaning of HIPAA, and we do not enter into business-associate agreements. If you need software that handles PHI under HIPAA, please use a service designed for that purpose.

Your rights

Regardless of where you live in the United States, you can:

• Access and download a copy of your data in JSON form from Settings.
• Correct information by editing it directly in the app.
• Delete a document, a child, or your entire family and account from Settings. Deletion is final.
• Withdraw consent by deleting your account or unlinking a third-party identity provider.

California Privacy Notice

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights:

• Right to know what personal information we collect, the categories of sources, the business purpose, and the categories of recipients.
• Right to access the specific pieces of personal information we hold about you.
• Right to delete your personal information, subject to limited exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing for cross-context behavioral advertising. We do not sell or share personal information in this way, so there is nothing to opt out of.
• Right to limit use and disclosure of sensitive personal information. We only use sensitive personal information for the permitted business purposes described above.
• Right to non-discrimination — we won't deny service, charge different prices, or provide a different quality of service because you exercised a privacy right.

How to exercise these rights: email [email protected] from the address on your account, or use the export/delete tools in Settings. We respond within 45 days; complex requests may extend by an additional 45 days with notice.

Authorized agents: you may designate an authorized agent to submit a request on your behalf. We will ask for written proof of authorization and may verify the request directly with you.

Right to appeal: if we deny your request, you may appeal by replying to our denial email or writing to the same address. We will respond within 45 days.

Massachusetts residents

differentpace is operated from Massachusetts. We comply with Massachusetts data-security regulation 201 CMR 17.00 ("Standards for the Protection of Personal Information of Residents of the Commonwealth") in our handling of personal information about Massachusetts residents: a written information security program, encryption of personal information in transit and at rest where appropriate, and reasonable access controls. If a security incident requires notification, we will notify affected Massachusetts residents, the Attorney General, and the Director of Consumer Affairs and Business Regulation as required by M.G.L. c. 93H.

Other state privacy rights

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Indiana, Tennessee, Florida, or another state with a comprehensive consumer privacy law, you generally have rights similar to the California rights above: to access, correct, delete, port a copy of your data, and opt out of "sales" or "targeted advertising." Specific details and timelines vary by state. You can exercise these rights the same way: email [email protected] or use the tools in Settings.

Washington residents: differentpace is not a "regulated entity" and does not collect "consumer health data" within the meaning of Washington's My Health My Data Act. We do not sell personal information.

Nevada residents: we do not sell personal information as the term is defined under NRS 603A.

Geographic scope

The service is offered to residents of the United States only. We do not market the service to people outside the United States. If you access the service from outside the United States, you do so on your own initiative and are responsible for compliance with local law. Information we collect is stored and processed on servers in the United States.

Do Not Track and Global Privacy Control

We honor Global Privacy Control (GPC) signals and Do Not Track headers. Because we do not sell or share personal information for cross-context behavioral advertising and do not run analytics or advertising scripts, these signals don't change how we operate — we already behave as if you had sent them.

Changes to this policy

If we make material changes, we will announce them by email to account owners and update the "Effective" date at the top. Your continued use of the service after the effective date of a change means you accept the updated policy.

Contact

Privacy questions, requests, or data-subject access requests: [email protected].