How we process personal data on your behalf
Effective Date: July 16, 2026
Last Updated: July 16, 2026
Version: 1.0
This Data Processing Agreement ("DPA") forms part of, and is incorporated by reference into, the agreement between Overman Labs LLC, doing business as FamilyBridge ("FamilyBridge," "we," "us," or "our"), and the customer that accesses or uses the Service ("Customer," "you," or "your"), consisting of our Terms of Service and Privacy Policy (together, the "Agreement").
This DPA applies where, and to the extent that, FamilyBridge processes Personal Data on your behalf in the course of providing the Service — that is, personal information about third parties (such as parents, guardians, children who are the subjects of supervised visitation, attorneys, and other case participants) that you enter into or upload to the Service. By using the Service to process such Personal Data, you accept this DPA. A countersigned copy suitable for procurement is available on request (see Section 14).
If there is any conflict between this DPA and the rest of the Agreement with respect to the processing of Personal Data, this DPA controls.
Capitalized terms not defined here have the meaning given in the Agreement. For the purposes of this DPA:
As between the parties, you are the Controller of the Personal Data you process through the Service, and FamilyBridge is the Processor acting on your behalf. You determine the purposes and means of the processing, and you are responsible for establishing and maintaining a valid legal basis and lawful authority for that processing — including any authority (such as a court order or professional engagement) required to process information about case participants and minors.
FamilyBridge processes Personal Data only on your documented instructions. Your use of the features of the Service, together with the Agreement and this DPA, constitutes your complete and final instructions for the processing, unless otherwise agreed in writing. FamilyBridge will inform you if, in its opinion, an instruction infringes Applicable Data Protection Law, except where prohibited by law.
FamilyBridge separately acts as a Controller of account and usage information it collects to operate, secure, and improve the Service, as described in our Privacy Policy. That processing is not governed by this DPA.
FamilyBridge will:
You provide general authorization for FamilyBridge to engage Sub-processors to process Personal Data in connection with the Service. FamilyBridge's current Sub-processors are listed in Section 4.1 (Service Providers) of our Privacy Policy and currently include Stripe, Anthropic, Supabase, Vercel, Resend, PostHog, Google Analytics, Sentry, and OpenStreetMap.
With respect to each Sub-processor, FamilyBridge will:
FamilyBridge maintains technical and organizational measures designed to protect Personal Data against a Personal Data Breach, as further described in Section 5 (Data Security) of our Privacy Policy, including:
The Service provides features that allow you to access, correct, export, and delete Personal Data in order to respond to Data Subject requests. Taking into account the nature of the processing, FamilyBridge will provide reasonable assistance to help you meet your obligations to respond to such requests. If FamilyBridge receives a request directly from a Data Subject relating to Personal Data processed on your behalf, it will, unless legally required to respond, refer the Data Subject to you.
You may export Personal Data at any time through the Service. Upon termination of the Agreement, and on your request, FamilyBridge will delete or return Personal Data processed on your behalf, except to the extent that retention is required by applicable law or professional record-keeping obligations applicable to supervised-visitation records. Data retention is further described in Section 6 (Data Retention) of our Privacy Policy.
FamilyBridge will notify you without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a confirmed Personal Data Breach affecting Personal Data processed on your behalf. The notification will, to the extent known and permitted by law, describe:
As the Controller, you are responsible for determining whether the Personal Data Breach requires notification to affected Data Subjects, courts, regulators, or other authorities, and for making any such notifications. FamilyBridge's notification is not an acknowledgment of fault or liability.
To the extent the CCPA applies, FamilyBridge is a "Service Provider" and processes Personal Data that constitutes "personal information" only on your behalf. FamilyBridge:
The Service is designed for professional visitation monitors and is not directed to children. However, the Personal Data you process through the Service may include information about minors who are the subjects of supervised visitation, such as their names, images, and details relevant to visit documentation.
You are the Controller of that information. You represent and warrant that you have the lawful authority and legal basis — such as a court order, professional engagement, or other lawful authorization — to collect and process information about minors and other case participants through the Service. FamilyBridge processes minor Personal Data solely on your instructions for the purpose of supervised-visitation documentation, applies the same security measures described in Section 6, and retains and deletes it in accordance with Section 8.
FamilyBridge processes Personal Data in the United States. Where Personal Data originating from a jurisdiction with cross-border transfer restrictions is processed under this DPA, the parties will implement an appropriate transfer mechanism (such as the applicable Standard Contractual Clauses) to the extent required by Applicable Data Protection Law.
This DPA is governed by the laws of the State of California, consistent with the governing-law provision of the Terms of Service. Except as modified by this DPA, the Agreement — including its limitations of liability — remains in full force and applies to this DPA.
We may update this DPA to reflect changes in our processing activities, sub-processors, or applicable law. We will post the updated version with a revised "Last Updated" date. Where a change materially reduces the protections in this DPA, we will provide advance notice to the Customer.
To request a countersigned copy of this DPA, exercise rights under it, or ask questions about our processing of Personal Data, please contact:
Overman Labs LLC (dba FamilyBridge)
Data Protection Inquiries
Email: support@familybridge.ai
Website: familybridge.ai