Raposa trust centre

Privacy Policy

What data Raposa holds, why we hold it, where it lives, and what rights you have.

Last updated: 23 May 2026.

Raposa cares for sensitive records about families and children. This policy explains, in plain English, what data we hold, why we hold it, where it lives, and what you can do about it.

If anything in this policy is unclear, email privacy@raposa.ai and we will explain it without making you read the whole document.

Who We Are

Raposa provides a shared care record for separated families. For privacy questions, contact privacy@raposa.ai.

If you are in the UK or EU, we act as the data controller for personal data we hold about you. If you are in the US, we describe ourselves as the business under California CCPA / CPRA and other applicable state privacy laws.

The Data We Collect

We collect only what we need to run Raposa as a care record service.

Data You Give US When You Create An Account

  • Your email address.
  • A password, stored only as a one-way hash; we never see the plaintext.
  • Your name and any optional profile details, such as phone, address, or photo, that you choose to add.
  • Your role on each care record you create or join.

Data You Add When You Use Raposa

  • The contents of your care record: messages, drafts, schedules, handovers, expenses, agreement documents.
  • Files you upload, such as court orders, parenting plans, school letters, photos, and receipts, along with their SHA-256 checksums and the time and identity of the user who uploaded them.
  • An append-only log of significant events on your care record, including who joined, what was sent, and what was exported.

Data We Collect Automatically

  • Your IP address and basic device information when you connect, for security and abuse prevention.
  • Cookie-less, page-level analytics events via Plausible Analytics, self-hosted on our Hetzner infrastructure in Helsinki, Finland. No third-party analytics provider receives this data.

Data Stripe Handles for US

When you subscribe, Stripe collects and processes your payment card details. Card numbers never reach Raposa’s servers. Stripe sends us only what we need to manage your subscription: customer ID, subscription status, plan, and invoice metadata.

Special Category Data

We do not deliberately collect special category data, such as health, biometric, sexual orientation, or political-affiliation data. However, users may incidentally include such data when they upload documents, send messages, or describe events involving their child. We process that data only insofar as it appears inside records you have created.

Why We Hold This Data

Under UK GDPR and EU GDPR, we rely on the following lawful bases:

What we doLawful basis
Providing the Raposa service you signed up forPerformance of a contract
Taking payment through StripePerformance of a contract
Keeping the service secure and preventing abuseLegitimate interests
Anonymous, cookie-less product analyticsLegitimate interests
Meeting tax, regulatory, or legal-order obligationsLegal obligation
Sending optional product updates after you opt inConsent

We do not rely on consent for the core service. You do not have to agree to optional marketing in order to use Raposa.

How We Use Your Data

  • To run Raposa: store your records, deliver messages, generate exports, manage your subscription.
  • To communicate with you about your account, your subscription, security issues, or this policy.
  • To keep the service secure: detect abuse, debug issues, recover from incidents.
  • To improve the product through anonymous, cookie-less analytics.

We do not:

  • Sell your data.
  • Share your data with advertisers.
  • Use your records, messages, or uploads to train AI models. If we ever introduce AI-assisted features that need your data, we will ask first and explain exactly what happens.
  • Profile your behaviour to make automated decisions about you.

Who We Share Your Data With

Other People in Your Care Record

This is the whole point of Raposa: members of your care record can see what their role and access permit. Adding or removing a member is a deliberate action you take, and every access change is logged.

Our Subprocessors

We use a small, named list of third-party services to run Raposa.

ProviderWhat it processesWhereDPA
Hetzner Online GmbHHosting, database, file storageFinland (EU)DPA
Stripe Payments Europe Ltd / Stripe Inc.Subscription billingEU and USDPA
Amazon Web Services SESAccount verification, password reset, invite delivery, evidence-export notificationsEU, SES eu-central-1GDPR center

Plausible Analytics is self-hosted on Hetzner alongside the rest of the application, so it is not a third-party subprocessor.

We require every subprocessor to handle your data with appropriate safeguards. The list is reviewed at least quarterly.

We only disclose your data to law enforcement, regulators, or other parties when we are legally compelled to do so, for example by a court order valid in the jurisdiction where the data is held. Where we are legally permitted to tell you about such a request, we will.

Business Transfers

If Raposa is acquired or merges with another company, your data may be part of the transferred assets. If that happens, we will tell you in advance and give you a meaningful opportunity to export and delete your data first.

International Transfers

Your records live in Helsinki, Finland, inside the European Union, on Hetzner infrastructure. They are not routinely copied to other regions.

  • For UK users: data transferred from the UK to the EU is covered by the UK government’s adequacy decision for the EU.
  • For EU users: data is already inside the EEA.
  • For US users: your data lives outside the US, under EU GDPR. We treat this as a stronger protection, not a weaker one.

Stripe handles payment data for users in both regions; Stripe’s own privacy notice describes its international transfer mechanisms.

How Long We Keep Your Data

DataRetention
Your account and care record contentsWhile your subscription is active, plus 30 days after cancellation, then deleted unless legally required to retain.
Billing recordsAt least 7 years, subject to applicable tax and accounting law.
Account authentication credentialsDeleted on account deletion request.
Audit events on your care recordRetained while the care record exists; deleted with the care record.
Security and abuse-prevention logsRetained only as long as needed for security, debugging, and legal obligations.
Anonymous analyticsRetained in aggregate form for product analysis.

If a court order or other legal obligation requires us to retain specific data longer, we will retain only what we are required to and tell you where we can.

Security

A separate page describes our security practices in concrete detail: Security and data residency. The headlines:

  • All data encrypted in transit.
  • Passwords stored only as one-way hashes.
  • Access controlled by role and care-record membership; every change logged.
  • SHA-256 checksums on every uploaded artifact.
  • Append-only event log with baseline hash chaining.
  • Honest about limits: hash chaining is not court-certified notarisation, and we say so.

Your Rights — UK and EU Users

You have the following rights under UK GDPR and EU GDPR:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data, with limited exceptions such as billing records we must keep for tax.
  • Restrict how we process your data while we resolve a query.
  • Port your data. Raposa care record exports satisfy this for the care-record contents.
  • Object to specific processing, for example our legitimate-interest-based analytics.
  • Withdraw consent at any time for anything we relied on consent for.
  • Not be subject to decisions based solely on automated processing. We do not do this.

To exercise any of these rights, email privacy@raposa.ai. We will respond within one month, as required.

You can also complain to a regulator if you believe we have mishandled your data:

  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • Ireland: Data Protection Commission — dataprotection.ie
  • Any EU country: your national data protection authority.

We would rather you came to us first, but you do not have to.

Your Rights — United States Users

US privacy law is a patchwork of state laws. This section explains how we apply them.

Baseline

We apply UK / EU GDPR standards to all user data, including data held about US users. That means US users get the same access, correction, deletion, and portability rights described above, by default.

California

If you are a California resident, you have the right to:

  • Know what personal information we collect about you, why, and who we share it with.
  • Request access to specific pieces of information.
  • Request deletion of personal information, subject to legal retention requirements.
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information.
  • Opt out of “sale” or “sharing” of personal information. Raposa does not sell or share personal information for cross-context behavioural advertising.
  • Not be discriminated against for exercising any of these rights.

To exercise CCPA / CPRA rights, email privacy@raposa.ai. You can also authorise an agent in writing to make the request on your behalf.

Other States

If you reside in a state with a comprehensive privacy law, we honour the rights granted by that state’s law. Email privacy@raposa.ai with your state and request.

”Do Not Sell Or Share”

We do not sell or share personal information for behavioural advertising. There is therefore no “Do Not Sell or Share” link on the website beyond this statement.

Notice At Collection

When you sign up, you provide the categories of personal information listed in this policy, for the purposes listed in this policy. We retain it for the periods described above.

Children’s Data

  • Children are not users of Raposa. Our service is for adults: parents, guardians, lawyers, mediators, caregivers, and school contacts.
  • Information about children may appear inside care records that adults create and upload. The parent or guardian who creates the record is responsible for the lawfulness of that processing.
  • We do not knowingly collect personal information directly from children. If we learn that a child created an account directly, we will delete it.
  • Raposa is designed for adults only and does not target children.

Cookies and Tracking

  • Strictly necessary cookies only. We use a small number of cookies to keep you signed in and to remember your region preference. These cannot be turned off without breaking the service.
  • No third-party advertising cookies. Ever.
  • No third-party analytics cookies. Our analytics use Plausible Analytics, self-hosted, with no cookies and no cross-site tracking.
  • No fingerprinting.
  • No “Do Not Track” header behaviour to honour or ignore because we have nothing to disable on a per-user basis.

We do not currently use a cookie banner because we do not need consent for strictly necessary cookies, and we use no other cookies. If that ever changes, we will add one.

Marketing

  • We do not send marketing emails by default.
  • If we ever introduce a product newsletter, it will be opt-in, with a one-click unsubscribe in every email.
  • We will not pass your email to any third-party marketing service.

Changes to This Policy

If we make a material change, we will email everyone with an active account at least 30 days before the change takes effect, and tell you what changed and why.

Cosmetic edits, such as typos or formatting, may be made without notice. The “last updated” date changes whenever anything in this policy changes.

Contact and Complaints

You can also escalate to a regulator using the details above.