Privacy Policy

1. Introduction

CYA Moment (“we,” “us,” or “the Service”) provides tools for individuals to chronologically document incidents, collect evidence, and produce organized records. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Terminology.Within this Privacy Policy and the Terms of Service, “case” refers to the data container the Service uses to group related incidents, evidence, and records belonging to a single user. In the product interface, a case is labeled “CYA” (plural “CYAs”). The terms are interchangeable; “case” is used in this document for legal clarity.

2. Information We Collect

At account creation we collect: your legal first and last name (which you attest to as your true legal name), your email address, an account password (stored only as a salted hash), and the IP address from which you signed up. We also record the version of these legal documents accepted at signup.

While using the Service we store the case records, incident entries, attachments, tags, and contacts you create. We log timestamps for record creation and modification to support evidentiary integrity.

3. How We Use Information

We use your information to operate the Service, authenticate your sessions, deliver exports you request, communicate with you about your account, and maintain the chain-of-custody integrity that gives the Service its evidentiary value.

4. Identity Locking

Because CYA Moment is positioned for legal, workplace, and personal evidentiary use, your legal name is locked at signup and cannot be edited from within the application. Corrections to legal name require a verified support request.

5. Sharing

We do not sell your information. We share information only with: infrastructure providers we contract with to run the Service (database hosting, file storage, email delivery, payment processing); recipients you explicitly invite to view a case; and authorities responding to valid legal process.

6. Retention

Account and case data are retained for the lifetime of your account. On account deletion, all case data is removed within thirty days, with the exception of records we are legally required to retain.

7. Security

We use industry-standard transport encryption, encrypted storage at rest where supported by our providers, and per-user database isolation enforced at the database layer. No system is perfectly secure; we notify affected users of confirmed breaches without undue delay.

8. Your Rights

Depending on your jurisdiction you may have rights to access, correct, export, or delete your data. Contact support to exercise any of these rights.

9. Changes to This Policy

When we change this policy, we increment its version and require re-acceptance for new account creations. Existing accounts retain the version they accepted unless we determine that the change requires re-acceptance.

10. Contact

For privacy questions or to exercise your rights, contact support through the address listed at cyamoment.com.