Privacy Policy

Tribunal OS ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our case management software and website.

1. Information We Collect

Information You Provide

We collect information you voluntarily provide when using our services, including:

• Account Information: Name, email address, phone number, diocese affiliation, and role when you create an account or request a demo.
• Case Data: Information entered into the system related to tribunal cases, including party information, witness details, documents, notes, and communications.
• Communications: Messages you send to us through contact forms, email, or other channels.

Information Collected Automatically

When you access our website or application, we may automatically collect:

• Usage Data: Pages visited, features used, and actions taken within the application.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP address, access times, and referring URLs.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process and manage tribunal cases as directed by your diocese
• Send transactional emails (account confirmations, case notifications, etc.)
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve user experience
• Protect against unauthorized access and ensure system security
• Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We will never use your data for our own marketing purposes or share it with third parties for their marketing. We may share information only in the following circumstances:

• Within Your Diocese: Case data is accessible to authorized users within your diocese according to their assigned roles and permissions.
• Service Providers: We work with trusted third-party providers (hosting, email delivery, etc.) who process data on our behalf under strict confidentiality agreements.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• Protection of Rights: We may disclose information to protect our rights, privacy, safety, or property, or that of our users or others.

4. Data Security

We implement robust security measures to protect your information:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Role-based access controls limiting data access to authorized personnel
• Regular security assessments and monitoring
• Secure, US-based data centers with redundancy and backup systems
• Row-level security ensuring complete diocese data isolation

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Case data is retained according to your diocese's requirements and applicable canonical and civil law. Upon termination of your account, we will retain your data for up to 90 days to allow for data export, after which it will be securely deleted unless a longer retention period is required by law or canonical requirements. You may request deletion of your account and personal information at any time, subject to these retention requirements.

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Object to or restrict certain processing activities
• Request a portable copy of your data

To exercise these rights, please contact us at privacy@tribunalos.com.

7. Cookies and Tracking

We use essential cookies necessary for the application to function properly (authentication, session management). We use privacy-focused analytics that do not track individual users or use cookies for advertising purposes. We do not use third-party advertising cookies.

8. Third-Party Services

Our service integrates with the following third-party providers:

• Supabase: Database hosting and authentication (infrastructure powered by Amazon Web Services)
• Vercel: Application hosting (infrastructure powered by Amazon Web Services)
• Resend: Transactional email delivery

Each provider has their own privacy policies governing their use of data. Our infrastructure providers (including AWS) process data on our behalf and are contractually obligated to protect your information.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: