Security & Trust

Your co-parenting history is sensitive. Here's how we protect it.

Encryption

All traffic is TLS 1.2+ in transit. Data at rest is encrypted at the storage layer.

Access control

Every database table enforces row-level security: a record is only readable by the circle members entitled to see it. Professional access is per-case, per-role, fully revocable.

Audit logs

Sensitive actions — exports, professional access, admin operations — are recorded with actor, timestamp, and target. You can review your own circle's audit log at any time.

Authentication

Email/password with optional Google sign-in. Passwords are hashed with industry standards. Sessions are bound to the issuing device.

Data portability

You can export your circle's data as CSV/PDF at any time. Account deletion is one click — we remove your records on the deletion timeline disclosed in our Privacy policy.

Subprocessors

We use Supabase (PostgreSQL hosting, auth, storage) and Stripe (payments).

Reporting a vulnerability

Found something? Email security@thecoparentcircle.com. We respond within two business days.