1. Introduction

TheEgg ("we," "our," or "us"), a sole proprietorship business, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use The Egg surrogacy management platform.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us:

• Account Information: Email address, name, profile information
• Surrogacy Journey Data: Milestones, dates, descriptions, photos
• Financial Information: Expense records, receipts, reimbursement details
• Communication Data: Messages and interactions within the platform
• Documents: Legal documents, medical records, contracts (if uploaded)

2.2 Technical Information

• IP address and location data
• Device information and browser type
• Platform usage patterns and analytics
• Cookies and similar tracking technologies

2.3 Authentication Data

We use Replit's authentication service to manage user accounts. Authentication data is handled according to Replit's privacy practices and our security standards.

3. How We Use Your Information

3.1 Service Provision

• Provide and maintain TheEgg platform functionality
• Enable collaboration between workspace members
• Process and track milestone and expense data
• Provide customer support and technical assistance

3.2 Communication

• Send service-related notifications and updates
• Respond to inquiries and provide support
• Share important platform or legal updates

3.3 Platform Improvement

• Analyze usage patterns to improve functionality
• Identify and fix technical issues
• Develop new features and services

4. Information Sharing and Disclosure

4.1 Workspace Sharing

Information within a workspace is shared among authorized members (intended parents, surrogates, and invited guests) according to their role permissions.

4.2 Service Providers

We may share information with trusted service providers who:

• Provide hosting and technical infrastructure (Replit)
• Assist with customer support and communications
• Help with security monitoring and data protection

4.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Enforce our Terms of Service
• Investigate potential violations or fraud

4.4 No Commercial Sale

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

5. Data Security

5.1 Security Measures

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and updates
• Limited access to personal data by authorized personnel only

5.2 Data Backup and Recovery

We maintain secure backups of your data to ensure continuity of service and protection against data loss.

5.3 Security Limitations

While we implement industry-standard security measures, no system is completely secure. You should protect your account credentials and report any suspected security issues immediately.

6. Your Privacy Rights

6.1 Access and Correction

You have the right to:

• Access your personal information stored in our system
• Request corrections to inaccurate or incomplete data
• Update your profile and account settings
• Download your data in a portable format

6.2 Data Deletion

You can request deletion of your account and associated data. Note that some information may be retained for legal compliance or legitimate business purposes.

6.3 Communication Preferences

You can opt out of non-essential communications through your account settings while still receiving important service and security notifications.

6.4 Canadian Privacy Rights

Canadian users have additional rights under applicable privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information for longer periods when required by law or for legitimate business purposes.

7.1 Retention Periods

• Account Data: Retained while account is active plus 7 years after deletion
• Surrogacy Records: Retained for legal compliance periods (typically 7-10 years)
• Financial Records: Retained per Canadian tax and business record requirements
• Communications: Retained for 3 years for support and legal purposes

8. Data Processing and International Compliance

8.1 Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: To provide our services and fulfill our contractual obligations
• Legitimate Interest: For platform improvement, security, and business operations
• Legal Compliance: To comply with applicable laws and regulatory requirements

8.2 International Data Transfers

Your information may be processed and stored in Canada and other countries where our service providers operate. When transferring data internationally, we ensure:

• Adequate protection measures are in place
• Compliance with applicable data protection laws
• Appropriate safeguards for cross-border transfers
• Contractual protections with third-party processors

8.3 European Users (GDPR Compliance)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain types of processing
• Rights related to Automated Decision-making: Protection from automated profiling

8.4 Data Protection Officer

For GDPR-related inquiries, you may contact our privacy team at privacy@theegg.app. For complaints within the EU, you may also contact your local data protection supervisory authority.

8.5 Cross-Border Data Processing Agreement

9. Children's Privacy

TheEgg is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and maintain security. You can control cookie settings through your browser preferences.

10.1 Types of Cookies

• Essential Cookies: Required for platform functionality
• Analytics Cookies: Help us understand usage patterns
• Security Cookies: Protect against fraud and unauthorized access

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or by email at least 30 days before taking effect.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: