Privacy Policy

Last updated: May 31, 2026

Accord (“Accord,” “we,” “us,” or “our”) provides a mobile application that helps legal professionals and their clients organize structured divorce asset sessions. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Accord mobile app and related services (collectively, the “Service”).

1. Who we are

Accord operates the Service at accordapp.org and related subdomains such as app.accordapp.org.

Privacy questions or requests: support@accordapp.org

2. Information we collect

Depending on how you use the Service, we may collect:

• Account information — email address, display name, and account role (admin or client).
• Organization information — organization name and membership details when you belong to or administer an organization.
• Session and asset data — descriptions, values, photos, and related content you or other participants submit during asset sessions.
• Invite and authentication data — invite tokens are handled securely; we store only cryptographic hashes of invite tokens, not the raw token values.
• Technical and usage data — device type, app version, IP address, and diagnostic logs needed to operate, secure, and improve the Service.
• Payment-related identifiers — if you purchase a subscription, Stripe processes payment details; we receive subscription status and customer identifiers, not full card numbers.

3. How we use information

We use personal information to:

• Provide, maintain, and secure the Service;
• Authenticate users and enforce role-based access controls;
• Send transactional emails such as invitations and account notices;
• Process subscriptions and billing where applicable;
• Respond to support requests and comply with legal obligations;
• Monitor reliability, prevent abuse, and improve product quality.

4. Legal bases (Canada)

Where applicable under Canadian privacy law (including PIPEDA and, for Quebec users, Law 25), we rely on:

• Contract — to provide the Service you or your organization requested;
• Legitimate interests — to secure the Service, prevent fraud, and improve functionality, balanced against your rights;
• Consent — where required, such as for optional analytics or non-essential communications.

5. How we share information

We do not sell your personal information. We may share information with:

• Service providers that help us operate the Service, including:
  • Supabase (hosting, database, authentication, and file storage in Canada);
  • Resend (transactional email delivery);
  • Stripe (subscription billing, when enabled);
  • Sentry and similar tools (error monitoring, with PII redaction where configured);
  • PostHog or similar tools (product analytics, without raw email in event properties).
• Other participants in your organization or session, as permitted by your role and the Service’s access rules.
• Legal and safety — when required by law, court order, or to protect rights, safety, and security.

6. Data location and transfers

Primary production data is stored in Supabase’s Canada (Central) region (ca-central-1). Some subprocessors may process limited data in other countries under contractual safeguards appropriate to the nature of the processing.

7. Retention

We retain personal information for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. When data is no longer required, we delete or anonymize it in accordance with our retention practices.

8. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, role-based access controls, row-level security in our database, and secret management practices. No method of transmission or storage is completely secure.

9. Your rights and choices

Depending on your location, you may have the right to:

• Access and receive a copy of personal information we hold about you;
• Request correction of inaccurate information;
• Request deletion of your account and associated data, subject to legal retention needs;
• Withdraw consent where processing is consent-based;
• Object to or restrict certain processing, where applicable.

To exercise these rights, contact support@accordapp.org. We may need to verify your identity before fulfilling a request.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may also be communicated through the app or by email where appropriate.

12. Contact

Email: support@accordapp.org

This is an MVP privacy policy intended for early deployment. Have qualified legal counsel review it before scaling distribution or handling large volumes of sensitive matter data.