Privacy Policy
Accord (“Accord,” “we,” “us,” or “our”) provides a mobile application that helps legal professionals and their clients organize structured divorce asset sessions. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Accord mobile app and related services (collectively, the “Service”).
At a glance: we collect only what is needed to run secure asset sessions; we do not sell personal information; primary data is stored in Canada; and you can request access, correction, or deletion by emailing support@accordapp.org.
1. Who we are
Accord operates the Service at accordapp.org and related subdomains such as app.accordapp.org.
For privacy questions or to exercise your rights, contact support@accordapp.org.
2. Information we collect
The information we collect depends on your role (lawyer/admin or client) and how you use the Service. Categories include:
- Account information — email address, display name, and account role (admin or client).
- Organization information — organization name and membership details when you belong to or administer an organization.
- Session and asset data — descriptions, values, photos, and related content you or other participants submit during asset sessions.
- Invite and authentication data — invite tokens are handled securely; we store only cryptographic hashes of invite tokens, not the raw token values.
- Technical and usage data — device type, app version, IP address, and diagnostic logs needed to operate, secure, and improve the Service.
- Payment-related identifiers — if you purchase a subscription, Stripe processes payment details; we receive subscription status and customer identifiers, not full card numbers.
3. How we use information
We use personal information only for purposes connected to the Service, including to:
- Provide, maintain, and secure the Service;
- Authenticate users and enforce role-based access controls;
- Send transactional emails such as invitations and account notices;
- Process subscriptions and billing where applicable;
- Respond to support requests and comply with legal obligations;
- Monitor reliability, prevent abuse, and improve product quality.
4. Legal bases (Canada)
Where Canadian privacy law applies — including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec users, Law 25 — we process personal information on the following bases:
- Contract — to provide the Service you or your organization requested;
- Legitimate interests — to secure the Service, prevent fraud, and improve functionality, balanced against your rights;
- Consent — where required, such as for optional analytics or non-essential communications.
5. How we share information
We do not sell your personal information. We may share information only in the circumstances below.
-
Service providers (subprocessors) that help us operate the Service,
including:
- Supabase — hosting, database, authentication, and file storage in Canada;
- Resend — transactional email delivery;
- Stripe — subscription billing, when enabled;
- Sentry (and similar tools) — error monitoring, with PII redaction where configured;
- PostHog (or similar tools) — product analytics, without raw email in event properties.
- Other participants in your organization or session, as permitted by your role and the Service’s access rules.
- Legal and safety — when required by law, court order, or to protect rights, safety, and security.
6. Data location and transfers
Primary production data is stored in Supabase’s Canada (Central) region
(ca-central-1). Some subprocessors may process limited data in other
countries under contractual safeguards appropriate to the nature of the processing.
7. Retention
We retain personal information for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. When data is no longer required, we delete or anonymize it in accordance with our retention practices.
8. Security
We use administrative, technical, and organizational measures designed to protect personal information, including:
- Encryption in transit;
- Role-based access controls;
- Row-level security in our database;
- Secret management practices.
No method of transmission or storage is completely secure. If you have concerns about the security of your account, contact us at support@accordapp.org.
9. Your rights and choices
Depending on your location, you may have the right to:
- Access and receive a copy of personal information we hold about you;
- Request correction of inaccurate information;
- Request deletion of your account and associated data, subject to legal retention needs;
- Withdraw consent where processing is consent-based;
- Object to or restrict certain processing, where applicable.
To exercise these rights, email support@accordapp.org. We may need to verify your identity before fulfilling a request.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us at support@accordapp.org so we can delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may also be communicated through the app or by email where appropriate.
12. Contact
Privacy questions, requests, and complaints: support@accordapp.org
MVP notice: This is an MVP privacy policy intended for early deployment. Have qualified legal counsel review it before scaling distribution or handling large volumes of sensitive matter data.