Privacy Policy

1.1This Privacy Policy (“Policy”) describes how Divorsay, Inc., a Delaware corporation (“Divorsay,” “we,” “us,” or “our”), collects, uses, shares, discloses, and protects personal information in connection with your use of our platform and services (collectively, the “Platform”).

1.2This Policy applies to all users of the Platform, including individual consumers (“Consumer Users”) and licensed legal professionals (“Attorney Users”), regardless of state of residence.

1.3 Effective Date. This Policy is effective as of April 24, 2026 (Version 2.4). It supersedes all prior versions.

1.4 Relationship to Terms of Service.This Policy is incorporated into and forms part of Divorsay’s Terms of Service (Version 2.3, Effective April 20, 2026) (the “Terms”). Where this Policy cross-references liability, indemnification, or insurance matters, those provisions are governed primarily by the Terms, including Sections 17 (Limitation of Liability) and 18 (Insurance Coverage) thereof.

1.5 Not a Law Firm; No Legal Advice.Divorsay is not a law firm and does not provide legal advice, legal representation, or legal services. Use of the Platform does not create an attorney–client relationship between you and Divorsay.

2.1 Divorsay is not a law firm and does not engage in the practice of law. We provide legal information to Consumer Users and legal research tools to Attorney Users; neither constitutes legal advice, legal opinions, legal strategies, or legal representation.

2.2 Feature-specific disclaimers (Auntia AI, Settlement Modeling, Communication Shield, ClearSplit, Case Framing Engine) are set forth in the Terms and in the in-Platform feature descriptions. Outputs from AI Features are informational only and should not be submitted to courts, opposing counsel, mediators, or any third party without review and modification by a licensed attorney in your jurisdiction.

3.1 Capitalized terms have the meanings set forth here or, if not defined here, in the Terms.

“Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including any equivalent category under the CCPA (as amended by CPRA), VCDPA, CPA, CTDPA, UCPA, and any other applicable state privacy law.

“Sensitive Personal Information”means Personal Information that reveals SSN, driver’s license, state ID, or passport numbers; account log-in combined with passwords; precise geolocation; racial or ethnic origin; religious beliefs; union membership; mail/email/text contents; genetic data; biometric data processed for identification; health information; and information concerning sex life or sexual orientation.

“Service Providers” means third parties engaged by Divorsay to perform services on our behalf under written contracts limiting their use of Personal Information.

“Case Intelligence Network” or “CIN” means our de-identified, aggregated data infrastructure used to improve Platform models, legal research, and settlement analytics, as further described in Section 13.

4.1 Information You Provide Directlyincludes identifiers (name, email, phone, postal address, IP, account log-in credentials, government-issued IDs where required for verification); family-law case information (marital history, separation date, children’s names and DOBs, custody and visitation, protective orders); financial information (income, assets, liabilities, tax returns, bank/brokerage statements, retirement and business-valuation data); communications content (messages drafted in Communication Shield, notes uploaded to the Evidence Vault, Platform-based correspondence); and sensitive categories you elect to provide (mental or physical health, domestic violence, substance use, religion, sexual orientation where relevant to your matter).

4.2 Information Collected Automatically includes device and log data, cookies and similar technologies (subject to Section 21 consent), and aggregate usage telemetry.

4.3 Information from Third Parties includes identity-verification vendors, payment processors, public-records sources, and authorized attorneys representing you.

5.1 Classification. Mental health, substance use, and therapy-related information is classified as Sensitive Personal Information and receives heightened protection, including access restrictions, encryption at rest and in transit, and dedicated audit logging.

5.2 Disclosure Limits. Divorsay will not disclose mental-health information to third parties except (a) with your explicit consent, (b) pursuant to lawful process, (c) to comply with mandatory reporting obligations under Section 9, or (d) as necessary to protect the safety of the User or a third party.

5.3 Non-Waiver of Privilege.Uploading mental-health records to the Platform is not intended to and does not waive therapist–patient, psychotherapist, or clergy privileges that may otherwise apply. Users are advised to consult counsel before disclosing privileged materials.

6.1 Financial Data. Bank statements, brokerage statements, tax returns, and similar records are stored in encrypted form and accessed only on a need-to-know basis.

6.2 GLBA.Where applicable, we comply with the Gramm-Leach-Bliley Act’s Safeguards Rule and provide the required privacy disclosures.

6.3 Payment Data. We use PCI-DSS compliant payment processors; Divorsay does not store full payment-card numbers on its own systems.

7.1 No Direct Child Accounts. The Platform is intended for users aged 18 and older. We do not knowingly collect Personal Information directly from children under 13.

7.2 Custody and Parenting Information.Personal Information about minor children is collected only through their custodial parent or legal guardian for the limited purpose of supporting the User’s family-law matter. Such information is treated as Sensitive Personal Information.

7.3 Retention of Child-Related Data. Upon case closure, child-related data is retained only as required by applicable law, or as needed to respond to litigation holds under Section 10, and is otherwise deleted or de-identified.

8.1 AI Models. Auntia AI and certain other AI Features are powered by third-party large language models, including Anthropic Claude. Model versions, training data sources (general), and known limitations are described on the AI Transparency Page.

8.2 Training Use. User inputs and User Content are not used to train third-party foundation models without your explicit, granular consent. User inputs may be used in de-identified, aggregated form within the Case Intelligence Network (see Section 13).

8.3 AI Errors. AI outputs may contain errors, including hallucinations and fabricated citations. Users are solely responsible for verification. Remedies for AI Errors are governed by Section 17 of the Terms (Limitation of Liability, including the AI-Error Carve-Out and Ombudsperson process).

9.1 Crisis Detection System. The Platform includes automated detection for indications of imminent self-harm, homicidal ideation, or child abuse. Positive detections trigger in-app safety resources and, where required by law, reporting to appropriate authorities.

9.2 Safety Features. Users may enable enhanced privacy settings including quick-exit, PIN masking, and pseudonymous profile display to mitigate risk to survivors of domestic violence.

9.3 Mandatory Reporting. Divorsay personnel may be required by state or federal law to report credible indications of child abuse, elder abuse, or imminent harm. We will attempt to notify the User contemporaneously unless doing so would violate law or increase risk to a third party.

10.1 Preservation Obligations. Upon receipt of a valid preservation notice, subpoena, or court order, Divorsay will apply a litigation hold to the affected Account(s), suspending automated deletion and retaining responsive records.

10.2 User Notice. We will attempt to notify affected Users of third-party requests for their data, except where prohibited by law or by the terms of a protective order.

10.3 Minimum Disclosure. We disclose only that Personal Information that is responsive to the request and permitted by law.

10.4 Automatic Preservation Upon Crisis Detection. In addition to holds initiated in response to third-party legal process, Divorsay applies an automatic, system-level preservation hold to any Account for which the Crisis Detection System described in Section 9.1 records a positive detection. Such an automatic hold suspends the operation of routine deletion, de-identification, and retention-period expirations with respect to the affected Account, including with respect to AI-Interaction Audit Records described in Section 18A, for the duration of the Company’s preservation obligations under applicable law. The existence of an active preservation hold does not limit a User’s ability to exercise any other right under this Policy except the right of deletion with respect to records subject to the hold.

10.5 Immutable Backup Posture. Compliance audit records and related preservation-sensitive data are backed up to immutable, write-once-read-many (WORM) storage in compliance mode with a retention period of not less than thirty-six (36) months, subject to extension by any active preservation hold. This control is maintained to preserve evidentiary integrity and to support the audit and security-program obligations referenced in Section 15.

11.1 DPAs Required. All Service Providers who process Personal Information on our behalf are subject to written data processing agreements containing confidentiality, security, breach-notification, subprocessor-flow-down, and audit-right provisions consistent with applicable state privacy laws.

11.2 Subprocessor List. A current list of material subprocessors is maintained at divorsay.com/legal/subprocessors.

12.1 We use Personal Information to:

• Operate, maintain, and improve the Platform and Services
• Personalize feature outputs to your jurisdiction and matter
• Authenticate Users and prevent fraud, abuse, and unauthorized access
• Communicate with you regarding your Account, case, transactions, and service announcements
• Comply with legal obligations, including mandatory reporting, tax, and audit requirements
• Support insurance claims administration under Section 18 of the Terms where a covered event has occurred

13.1 Purpose. The Case Intelligence Network is our infrastructure for using de-identified, aggregated data to improve Platform accuracy, settlement estimation, and legal-research quality.

13.2 De-Identification Standard. Data contributed to the CIN is processed using a documented de-identification methodology that removes direct and reasonably linkable indirect identifiers prior to use in aggregated analytics.

13.3 Opt-Out. Users may opt out of CIN contribution through Account Settings without affecting Service access.

14.1 Categories of Recipients. We share Personal Information with: (a) Service Providers; (b) Attorney Users whom you have authorized; (c) affiliates; (d) successors in connection with a merger, acquisition, or asset sale; (e) law-enforcement authorities and courts pursuant to valid legal process; and (f) insurance carriers, claims administrators, and professional advisors in connection with actual or potential claims implicating the insurance described in Section 16 of this Policy and Section 18 of the Terms.

14.2 No Sale of Personal Information.Divorsay does not “sell” or “share” Personal Information as those terms are defined in the CCPA/CPRA for purposes of cross-context behavioral advertising.

15.1 Administrative, Technical, and Physical Safeguards. Divorsay maintains a written information-security program aligned with industry standards, including AES-256 encryption at rest, TLS 1.2+ in transit, role-based access controls, least-privilege provisioning, annual penetration testing, continuous vulnerability scanning, and incident-response procedures.

15.2 Employee Training. All Divorsay personnel with access to Personal Information complete annual privacy and security training.

15.3 Incident Response. Security incidents are escalated under our Incident Response Plan, which includes engagement of cyber-forensic firms and notification under Section 19. Incident response is supported by the Cyber Liability Insurance described in Section 16.2.3.

16.1 Purpose. This Section 16 describes the insurance coverages Divorsay maintains to support the risk-allocation framework set forth in Sections 17 and 18 of the Terms. Nothing in this Section 16 expands or contracts the substantive rights, remedies, or obligations established in the Terms, which control in the event of any conflict.

16.2 Coverage Categories.Divorsay maintains the following lines of coverage with reputable carriers authorized to do business in the United States, each subject to the policy terms, conditions, exclusions, and limits of the applicable policy: (16.2.1) Professional Liability Insurance; (16.2.2) Errors & Omissions (E&O) Coverage; (16.2.3) Cyber Liability Insurance; (16.2.4) Product Liability Insurance.

16.3 Policy Limits Disclosure. Current carriers, policy limits, retentions, and effective dates are disclosed on the Insurance Disclosure Page. The Insurance Disclosure Page is updated upon any material change and is incorporated into this Policy and into the Terms by reference.

16.4 Relationship to Liability Cap.The insurance is maintained to support Divorsay’s obligations under the Base Liability Cap, the Secondary AI-Error Cap, the expedited refund mechanism, and the reciprocal indemnification framework, all as set forth in Section 17 of the Terms.

16.5 No Third-Party Beneficiary; Not a Guarantee of Recovery. The insurance described here is maintained for the benefit of Divorsay. You are not a named insured or additional insured by virtue of your use of the Platform.

16.6 Notice of Material Lapse. If Divorsay allows any of the coverages listed in 16.2 to lapse without equivalent replacement coverage, Divorsay will post notice on the Insurance Disclosure Page and provide in-Platform notice to active Users within thirty (30) days.

16.7 Use of Data in Claims Administration. Where a claim implicates any of the coverages described in this Section 16, Divorsay may share relevant Personal Information with insurers, reinsurers, brokers, claims administrators, coverage counsel, and forensic vendors, subject to appropriate confidentiality protections.

17.1 Primary Location.Divorsay’s full limitation-of-liability framework, including the Base Liability Cap, the AI-Error Carve-Out (Ombudsperson process, Expedited Refund Mechanism, Secondary AI-Error Cap), the Reciprocal Indemnification regime, and the statutory carve-outs, is set forth in Section 17 of the Terms and is incorporated into this Policy by reference.

17.2 Summary for Convenience.Solely as a non-binding summary, and subject in all respects to the controlling language of the Terms: (17.2.1) Aggregate liability for direct damages is capped at the greater of $10,000 or the fees actually paid by the affected User to Divorsay during the twelve (12) months preceding the event giving rise to the claim; (17.2.2) Claims arising from an AI Error are eligible for the AI-Output Ombudsperson review process and the Expedited Refund Mechanism, with a Secondary AI-Error Cap of $25,000; (17.2.3) Reciprocal Indemnification covers Divorsay’s gross negligence, willful misconduct, and Gross AI-Output Errors; (17.2.4) Statutory carve-outs preserve liabilities that cannot be limited under California Civil Code § 1668 or other applicable law.

17.3 Data Breach Remedies. Claims arising from a data breach or cyber incident are governed jointly by the notification and security provisions of this Policy (Sections 15 and 19), the liability framework of Terms Section 17, and the Cyber Liability Insurance described in Section 16.2.3 of this Policy and Section 18 of the Terms.

17.4 Control. In the event of any inconsistency between this Section 17 and the corresponding provisions of the Terms, the Terms control.

18.1 Retention Schedule.Personal Information is retained only as long as necessary for the purposes described in this Policy, including to (a) provide the Services, (b) comply with tax, audit, and other legal obligations, (c) enforce rights and resolve disputes, (d) support insurance claims administration under Section 16, and (e) preserve evidentiary integrity with respect to AI-Interaction Audit Records in accordance with the Company’s preservation obligations under applicable law, as further described in Section 18A.

18.2 Default Periods. Unless a longer period is required by applicable law, a litigation hold, a categorical exemption under Section 18A, or the insurance-administration exception, Account data is deleted or de-identified within twenty-four (24) months after Account closure.

18.3 Litigation Hold Override. Retention periods are superseded by any applicable litigation hold under Section 10.

18.4 Deletion Requests and Categorical Exemptions. Where a User submits a request under Section 20 to delete Personal Information, Divorsay will honor the request except with respect to information that is subject to (a) an active litigation hold under Section 10, including an automatic preservation hold triggered under Section 10.4; (b) an obligation under applicable law to retain the information; (c) the insurance-administration exception under Section 16; or (d) a categorical retention exemption set forth in Section 18A, including with respect to AI-Interaction Audit Records. Where a request is declined in whole or in part, the User will be informed of the specific basis for the decline, the categories of information subject to retention, and the User’s right to appeal where applicable under state law.

18.5 Methods of Disposal. For Personal Information subject to deletion, Divorsay applies one or more of the following methods as appropriate to the record type and medium: secure cryptographic erasure, nullification of direct identifiers rendering the record not reasonably linkable to a specific consumer, or physical destruction of media. For records subject to continuing retention under Section 18A, the record is preserved in its original form within access-controlled systems as described therein.

18.6 Transition and Grandfather Treatment. Users whose Accounts were created prior to the Effective Date of this Policy will receive separate notice of the retention framework set forth in this Section 18 and in Section 18A. Such Users will be afforded a period of thirty (30) days from the date of that notice during which they may elect, by submitting a deletion request, to have their historical AI-Interaction Audit Records (as defined in Section 18A) handled under the prior retention framework, in which case direct identifiers within such historical records will be nullified within sixty (60) days following the election. For all Users from and after the Effective Date, retention of AI-Interaction Audit Records is governed exclusively by Section 18A.

18A.1 Scope.“AI-Interaction Audit Records” means records generated by the Platform when a User interacts with an AI Feature (including Auntia AI and any successor AI Feature), consisting of: the session identifier and associated Account identifier; the User input or prompt; the model-generated response; the identity and version of the underlying model; the disclaimers and safety notices displayed to the User at the time of the interaction; the session IP address; the timestamp; the state of the Crisis Detection System at the time of the interaction; and, where applicable, tokens-processed and cost-attribution metadata (collectively, the records maintained in the Company’s compliance audit log and AI usage log systems).

18A.2 Retention Period. AI-Interaction Audit Records are retained for a period of three (3) years from the date of the interaction, subject to extension by any litigation hold under Section 10 (including automatic preservation holds under Section 10.4) or by any longer period required by applicable law.

18A.3 Legal Bases for Retention.Divorsay retains AI-Interaction Audit Records in reliance on the retention exemptions available under applicable state privacy law. Solely by way of illustration under the CCPA (as amended by CPRA), such retention is maintained in reliance on Cal. Civ. Code § 1798.105(d), including without limitation: (a) § 1798.105(d)(2) (detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, including adversarial use of AI Features); (b) § 1798.105(d)(3) (debugging to identify and repair errors that impair existing intended functionality of AI Features); (c) § 1798.105(d)(7) (enabling solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business, including quality assurance and safety monitoring of AI Features in a legal-adjacent product); and (d) § 1798.105(d)(9) (complying with a legal obligation, including the Company’s common-law and statutory obligations to preserve evidence where litigation is reasonably foreseeable, its authentication obligations under applicable rules of evidence, and its obligations under Federal Rule of Civil Procedure 37(e)). Analogous exemptions under the VCDPA, CPA, CTDPA, UCPA, and other applicable state laws are relied upon as available.

18A.4 Access Controls; No Re-Identification Attempts. Access to AI-Interaction Audit Records is restricted on a least-privilege, need-to-know basis to Divorsay personnel engaged in safety, quality-assurance, security, incident-response, compliance, audit, and legal functions. Divorsay personnel are prohibited from attempting to re-identify, correlate across datasets for profiling purposes, or otherwise misuse AI-Interaction Audit Records outside the purposes described in this Section 18A. Violations are subject to disciplinary action up to and including termination.

18A.5 No Sale; No Cross-Context Sharing; No Training. Divorsay does not sell AI-Interaction Audit Records, does not share such Records for cross-context behavioral advertising, and does not use such Records for the training of third-party foundation models. Internal use of such Records to evaluate and improve the Platform, including within the Case Intelligence Network described in Section 13, is performed only on de-identified or aggregated derivatives, consistent with Section 13.

18A.6 Disclosure Pursuant to Legal Process. AI-Interaction Audit Records may be produced in response to a subpoena, court order, or other valid legal process, subject to the minimum-disclosure principle in Section 10.3 and the user-notice provision in Section 10.2 where permitted.

18A.7 Consent and Notice at Account Creation.At the time a User creates an Account, the User is presented with a distinct, affirmative acknowledgment that AI-Interaction Audit Records generated from the User’s use of AI Features will be retained for three (3) years in accordance with this Section 18A, and an immutable archival copy of the exact acknowledgment language presented to the User is maintained by Divorsay. The terms of this Section 18A form part of the User’s agreement with the Company upon Account creation.

18A.8 Scheduled Destruction. Upon expiration of the retention period specified in Section 18A.2, and in the absence of any litigation hold or other legal obligation requiring further retention, AI-Interaction Audit Records are destroyed or de-identified in accordance with Section 18.5 and a destruction record is maintained for audit purposes.

19.1 Notification Obligations. In the event of a confirmed data breach affecting Personal Information, Divorsay will notify affected Users and applicable regulatory authorities within the timeframes required by applicable state and federal law, and in any event no later than seventy-two (72) hours after confirmation where required.

19.2 Contents of Notice. Notices will describe the nature of the incident, the categories of Personal Information affected (where known), the steps taken in response, recommended protective actions, and contact information.

19.3 Cyber Insurance.Response efforts, including forensic investigation, notification services, and credit monitoring, may be supported by Divorsay’s Cyber Liability Insurance as described in Section 16.2.3.

20.1 California (CCPA/CPRA).California residents have rights to know, delete, correct, limit use of Sensitive Personal Information, and opt out of “sales” and “sharing.” Divorsay does not sell or share Personal Information for cross-context behavioral advertising. The right to delete is subject to the statutory exemptions set forth at Cal. Civ. Code § 1798.105(d), as applied by Divorsay pursuant to Section 18A of this Policy with respect to AI-Interaction Audit Records, and to other exemptions applicable under law. Where a deletion request is denied in reliance on a statutory exemption, California residents retain the right to appeal the denial in accordance with applicable law, and to file a complaint with the California Privacy Protection Agency or the California Attorney General.

20.2 Virginia, Colorado, Connecticut, Utah, and Other Applicable States. Residents of other U.S. states with comprehensive privacy laws have analogous rights, including access, correction, deletion, portability, and, where applicable, appeal of denied requests.

20.3 Exercising Rights. Requests may be submitted through divorsay.com/settings/deletion-request or to privacy@divorsay.com. We will verify your identity before processing a request and respond within the statutorily required period.

21.1 Cookie Consent. Divorsay employs a cookie-consent banner that provides granular controls by category (strictly necessary, functional, analytics, advertising). Non-essential categories are set to off by default and require affirmative consent.

21.2 Sensitive Data Consent. Where Sensitive Personal Information is collected for a purpose not reasonably necessary to provide the requested Services, we will obtain separate opt-in consent.

21.3 Withdrawal. You may withdraw consent at any time through Account Settings; withdrawal does not affect the lawfulness of processing prior to withdrawal.

22.1 Limited Use. Divorsay does not collect biometric identifiers for identification purposes except where explicitly authorized by you for Account authentication.

22.2 Illinois BIPA. If biometric data of Illinois residents is collected, Divorsay will comply with the Illinois Biometric Information Privacy Act (BIPA), including providing written notice, obtaining written release, and maintaining a retention and destruction schedule.

23.1 WCAG Conformance.Divorsay is committed to maintaining conformance with WCAG 2.2 Level AA for the Platform’s consumer-facing surfaces.

23.2 Accessibility Requests. Requests for accommodation or reports of accessibility barriers may be submitted to accessibility@divorsay.com.

24.1 Privacy Inquiries. privacy@divorsay.com

24.2 Data Protection Officer. dpo@divorsay.com

24.3 Mailing Address. Divorsay, Inc., Attn: Privacy, 8 The Green #26142, Dover, DE 19901.

24.4 Registered Agent for Service of Process. Divorsay, Inc. is a Delaware corporation. Legal notices and service of process may be directed to Divorsay, Inc. at its Delaware registered office: 8 The Green #26142, Dover, DE 19901.

25.1We may update this Policy from time to time. Material changes will be posted on this page with a revised Effective Date and, where required by law or where the changes materially affect Users’ rights, we will provide in-Platform or email notice at least thirty (30) days in advance of the change taking effect.

25.2 Your continued use of the Platform after the Effective Date of the updated Policy constitutes acceptance of the updated Policy, except where affirmative consent is required by law.

25.3 Version Log. Version 2.4 (Effective April 24, 2026) adds §§10.4, 10.5, 18A, restructures §18, and updates §20.1 to reflect the application of statutory retention exemptions to the right of deletion. Version 2.3 (Effective April 20, 2026) added Sections 16 and 17. A point-in-time archive of each version is maintained at docs/legal/privacy-policy-versions/.