Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between KoParEx ("Data Processor") and you ("Data Controller") for the use of KoParEx services that involve the processing of personal data.

This DPA is designed to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

• "Personal Data" means any information relating to an identified or identifiable natural person, including children's names, custody schedules, and parent contact information.
• "Processing" means any operation performed on personal data, including collection, storage, retrieval, consultation, use, disclosure, and deletion.
• "Data Subject" means the individual to whom personal data relates, including parents and children in the co-parenting arrangement.
• "Sub-processor" means any third party engaged by KoParEx to process personal data, such as Supabase for data storage or Stripe for payments.

Subject Matter: Co-parenting management platform services

Duration: For the duration of your subscription to KoParEx

Nature and Purpose:

• Facilitate custody schedule management
• Enable secure communication between co-parents
• Store and organize family-related documents
• Track shared expenses and activities
• Generate reports for legal purposes

Types of Personal Data:

• Parent names, email addresses, and phone numbers
• Children's names and ages
• Custody schedules and exchange information
• Communication messages between co-parents
• Document metadata and content

Categories of Data Subjects:

• Parents/Legal guardians
• Children (limited information)
• Other authorized family members

KoParEx shall:

• Process personal data only on documented instructions from you, unless required by law
• Ensure that persons authorized to process personal data have committed to confidentiality
• Implement appropriate technical and organizational measures to ensure security of processing
• Not engage sub-processors without your prior written consent
• Assist you in responding to data subject requests
• Delete or return all personal data after termination of services
• Make available all information necessary to demonstrate compliance
• Notify you without undue delay of any personal data breach

KoParEx implements the following technical and organizational measures:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Employee training on data protection
• Incident response procedures
• Physical security of data centers (via cloud providers)
• Audit logging and monitoring

You consent to KoParEx engaging the following sub-processors:

We will notify you of any changes to sub-processors with 30 days notice.

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA). KoParEx ensures appropriate safeguards through:

• Standard Contractual Clauses with sub-processors
• Adequacy decisions where applicable
• Additional security measures for international transfers
• Data minimization principles

KoParEx will assist you in fulfilling your obligations to respond to data subject requests, including:

• Right of access to personal data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing

Requests should be sent to [email protected]

Upon termination of services:

• You may export your data for 30 days after termination
• We will delete all personal data within 90 days, except where retention is required by law
• Deletion certificates will be provided upon request
• Anonymized data may be retained for analytics purposes

Data Protection Officer:
Email: [email protected]

Amendments: This DPA may be updated to reflect changes in legal requirements or processing activities. We will notify you of material changes with 30 days notice.

Last updated: July 7, 2025