FamilyBridge
  • Features
  • Pricing
  • FAQ
  • Features
  • Pricing
  • FAQ
LoginSign UpGet Started
FamilyBridge

Court-compliant visitation management for professionals nationwide

Product

  • Features
  • Pricing
  • Get Started

Support

  • FAQ
  • Contact Us

Legal

  • Security
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Data Processing Agreement
© 2026 Overman Labs LLC. FamilyBridge is a trademark of Overman Labs LLC. All Rights Reserved.

Data Processing Agreement

How we process personal data on your behalf

Effective Date: July 16, 2026

Last Updated: July 16, 2026

Version: 1.0

1. Introduction and Scope

This Data Processing Agreement ("DPA") forms part of, and is incorporated by reference into, the agreement between Overman Labs LLC, doing business as FamilyBridge ("FamilyBridge," "we," "us," or "our"), and the customer that accesses or uses the Service ("Customer," "you," or "your"), consisting of our Terms of Service and Privacy Policy (together, the "Agreement").

This DPA applies where, and to the extent that, FamilyBridge processes Personal Data on your behalf in the course of providing the Service — that is, personal information about third parties (such as parents, guardians, children who are the subjects of supervised visitation, attorneys, and other case participants) that you enter into or upload to the Service. By using the Service to process such Personal Data, you accept this DPA. A countersigned copy suitable for procurement is available on request (see Section 14).

If there is any conflict between this DPA and the rest of the Agreement with respect to the processing of Personal Data, this DPA controls.

2. Definitions

Capitalized terms not defined here have the meaning given in the Agreement. For the purposes of this DPA:

  • Applicable Data Protection Law means all privacy and data protection laws applicable to the processing of Personal Data under the Agreement, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA") and other applicable U.S. state privacy laws, and, where applicable, the EU/UK General Data Protection Regulation ("GDPR").
  • Controller (also "Business" under the CCPA) means the party that determines the purposes and means of processing Personal Data.
  • Processor (also "Service Provider" under the CCPA) means the party that processes Personal Data on behalf of the Controller.
  • Personal Data means any information relating to an identified or identifiable natural person that FamilyBridge processes on your behalf under the Agreement.
  • Processing means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • Sub-processor means a third party engaged by FamilyBridge to process Personal Data in connection with the Service.
  • Data Subject means the identified or identifiable natural person to whom Personal Data relates.
  • Personal Data Breach means a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

3. Roles of the Parties

As between the parties, you are the Controller of the Personal Data you process through the Service, and FamilyBridge is the Processor acting on your behalf. You determine the purposes and means of the processing, and you are responsible for establishing and maintaining a valid legal basis and lawful authority for that processing — including any authority (such as a court order or professional engagement) required to process information about case participants and minors.

FamilyBridge processes Personal Data only on your documented instructions. Your use of the features of the Service, together with the Agreement and this DPA, constitutes your complete and final instructions for the processing, unless otherwise agreed in writing. FamilyBridge will inform you if, in its opinion, an instruction infringes Applicable Data Protection Law, except where prohibited by law.

FamilyBridge separately acts as a Controller of account and usage information it collects to operate, secure, and improve the Service, as described in our Privacy Policy. That processing is not governed by this DPA.

4. FamilyBridge's Processing Obligations

FamilyBridge will:

  • Process Personal Data only on your documented instructions, including with regard to transfers, unless required to act otherwise by applicable law (in which case it will inform you, unless the law prohibits it);
  • Ensure that personnel authorized to process Personal Data are bound by appropriate obligations of confidentiality;
  • Implement and maintain appropriate technical and organizational security measures as described in Section 6;
  • Engage Sub-processors only in accordance with Section 5;
  • Taking into account the nature of the processing, assist you by appropriate technical and organizational measures, insofar as possible, to respond to requests from Data Subjects to exercise their rights (Section 7);
  • Assist you in ensuring compliance with your obligations relating to the security of processing, Personal Data Breach notification, data protection impact assessments, and prior consultation, taking into account the nature of the processing and the information available to FamilyBridge;
  • Make available to you information reasonably necessary to demonstrate compliance with this DPA — including relevant third-party security attestations where available — and allow for and contribute to audits conducted by you or an auditor you designate, subject to reasonable prior notice and confidentiality obligations; and
  • At your choice, delete or return Personal Data as described in Section 8.

5. Sub-processors

You provide general authorization for FamilyBridge to engage Sub-processors to process Personal Data in connection with the Service. FamilyBridge's current Sub-processors are listed in Section 4.1 (Service Providers) of our Privacy Policy and currently include Stripe, Anthropic, Supabase, Vercel, Resend, PostHog, Google Analytics, Sentry, and OpenStreetMap.

With respect to each Sub-processor, FamilyBridge will:

  • Impose data protection obligations that are substantially similar to those in this DPA through a written agreement;
  • Remain responsible to you for the performance of the Sub-processor's obligations; and
  • Provide notice of the addition or replacement of a Sub-processor by updating the list in our Privacy Policy and, for material changes, by email or through the Service, giving you a reasonable opportunity to object on legitimate data-protection grounds. If you reasonably object and the parties cannot resolve the objection, you may terminate the affected part of the Service.

6. Security Measures

FamilyBridge maintains technical and organizational measures designed to protect Personal Data against a Personal Data Breach, as further described in Section 5 (Data Security) of our Privacy Policy, including:

  • Encryption of Personal Data in transit (TLS) and at rest (AES-256);
  • Role-based access controls and tenant isolation so that users access only the data they are authorized to access;
  • Audit logging of sensitive operations, including record changes and administrative access; and
  • Hosting on third-party cloud infrastructure providers that maintain their own SOC 2 compliance, with ongoing review of our security practices.

7. Data Subject Rights

The Service provides features that allow you to access, correct, export, and delete Personal Data in order to respond to Data Subject requests. Taking into account the nature of the processing, FamilyBridge will provide reasonable assistance to help you meet your obligations to respond to such requests. If FamilyBridge receives a request directly from a Data Subject relating to Personal Data processed on your behalf, it will, unless legally required to respond, refer the Data Subject to you.

8. Return and Deletion of Personal Data

You may export Personal Data at any time through the Service. Upon termination of the Agreement, and on your request, FamilyBridge will delete or return Personal Data processed on your behalf, except to the extent that retention is required by applicable law or professional record-keeping obligations applicable to supervised-visitation records. Data retention is further described in Section 6 (Data Retention) of our Privacy Policy.

9. Personal Data Breach Notification

FamilyBridge will notify you without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a confirmed Personal Data Breach affecting Personal Data processed on your behalf. The notification will, to the extent known and permitted by law, describe:

  • The nature of the Personal Data Breach;
  • The categories and approximate number of Data Subjects and records concerned;
  • The likely consequences of the breach; and
  • The measures taken or proposed to address the breach and mitigate its effects.

As the Controller, you are responsible for determining whether the Personal Data Breach requires notification to affected Data Subjects, courts, regulators, or other authorities, and for making any such notifications. FamilyBridge's notification is not an acknowledgment of fault or liability.

10. CCPA Service Provider Terms

To the extent the CCPA applies, FamilyBridge is a "Service Provider" and processes Personal Data that constitutes "personal information" only on your behalf. FamilyBridge:

  • Will not sell or share such personal information;
  • Will not retain, use, or disclose the personal information for any purpose other than the business purpose of providing the Service, or as otherwise permitted by the CCPA, including outside the direct business relationship with you;
  • Will not combine the personal information with personal information it receives from, or on behalf of, another party, except as permitted by the CCPA; and
  • Certifies that it understands and will comply with these restrictions.

11. Children's and Minor Personal Data

The Service is designed for professional visitation monitors and is not directed to children. However, the Personal Data you process through the Service may include information about minors who are the subjects of supervised visitation, such as their names, images, and details relevant to visit documentation.

You are the Controller of that information. You represent and warrant that you have the lawful authority and legal basis — such as a court order, professional engagement, or other lawful authorization — to collect and process information about minors and other case participants through the Service. FamilyBridge processes minor Personal Data solely on your instructions for the purpose of supervised-visitation documentation, applies the same security measures described in Section 6, and retains and deletes it in accordance with Section 8.

12. International Transfers and Governing Law

FamilyBridge processes Personal Data in the United States. Where Personal Data originating from a jurisdiction with cross-border transfer restrictions is processed under this DPA, the parties will implement an appropriate transfer mechanism (such as the applicable Standard Contractual Clauses) to the extent required by Applicable Data Protection Law.

This DPA is governed by the laws of the State of California, consistent with the governing-law provision of the Terms of Service. Except as modified by this DPA, the Agreement — including its limitations of liability — remains in full force and applies to this DPA.

13. Changes to this DPA

We may update this DPA to reflect changes in our processing activities, sub-processors, or applicable law. We will post the updated version with a revised "Last Updated" date. Where a change materially reduces the protections in this DPA, we will provide advance notice to the Customer.

14. Details of Processing and Contact

14.1 Details of Processing

  • Subject matter and duration: Processing of Personal Data for the term of your account and as otherwise required by law; further described in Section 6 (Data Retention) of the Privacy Policy and Section 8 of this DPA.
  • Nature and purpose: Providing the supervised visitation management Service, including case management, visit scheduling and documentation, professional report generation, secure document storage, and invoicing.
  • Categories of Data Subjects: Professional users and their staff; parents and guardians; children who are subjects of supervised visitation; attorneys; and other case participants.
  • Categories of Personal Data: Identity and contact information; case information, including party names, relationships, court-order details, and case numbers; visit schedules, observation notes, and incident documentation; photographs and documents uploaded to case files; precise location data captured during a visit where enabled; and, where you enable it, information about minors.
  • Sensitive information: The Personal Data may include information about minors and about family-court matters.
  • Sub-processors: As listed in Section 5 of this DPA and Section 4.1 of the Privacy Policy.

14.2 Contact

To request a countersigned copy of this DPA, exercise rights under it, or ask questions about our processing of Personal Data, please contact:

Overman Labs LLC (dba FamilyBridge)

Data Protection Inquiries

Email: support@familybridge.ai

Website: familybridge.ai