Privacy Policy

Last updated: May 4, 2026

DVHelp.ai is built for people in crisis. We treat your data the same way we'd want our own treated: collected only when needed, kept only as long as needed, and deletable at any time. This page explains exactly what we collect, who else sees it, and what your rights are under California and federal law.

What we collect

When you use DVHelp.ai, we collect three categories of information:

Account information. Your email address, used only to send the one-time login code.
Form data and chat history. The information you provide while filling out your DV-100 — names, addresses, dates, abuse narratives, requested orders. This is stored on Firebase Firestore (a Google service) under your user account.
Technical telemetry. If you visit the public pages, our analytics provider records anonymous, aggregated visit data (page views, country, device type). If something breaks, our error monitor captures the crash with your IP redacted.

We do not collect: your phone number, your physical location beyond what you type into the form, your government IDs, your payment information (the service is free), or any data from third-party sources.

Who else sees your data

DVHelp.ai is built on third-party services. Each one sees only the slice of data it needs:

AI processing provider

Powers the AI that drafts your declaration. Receives the form-data fields and your chat messages while a turn is being processed. Operates under a contract that prohibits retention of your conversation for model training and requires standard enterprise-grade data protection.

Firebase (Google Cloud)

Stores your form data, conversations, and authentication state. Encrypted in transit and at rest. Located in Google's US data centers. · Firebase privacy policy

Resend

Sends your email login codes. Receives only your email address and the OTP code. · Resend privacy policy

Sentry

Captures application errors so we can fix them. We've configured it to NOT send IPs, request bodies, cookies, headers, or local variable values. No Session Replay is recorded. · Sentry privacy policy

Plausible

Privacy-friendly analytics. Counts page views and aggregate visitor stats. Does not use cookies, does not track you across sites, does not collect personal data. · Plausible privacy policy

Vercel

Hosts the website. Receives standard server logs (IP, user agent, request path) for the duration needed to detect abuse and ensure uptime. · Vercel privacy policy

Cookies and similar technologies

We use a small number of cookies and local-storage values:

Authentication cookie (dvhelp_session) — keeps you signed in. HTTP-only, so it can't be read by scripts. Cleared when you sign out.
Consent preference (local storage) — remembers whether you accepted or declined non-essential tracking, so we don't ask twice.

You can decline non-essential tracking from the cookie banner shown on your first visit. You can revoke that decision at any time by clearing your browser's storage for this site.

De-identified data and research

We may use your form data after permanently removing every piece of information that identifies you — names, addresses, phone numbers, email, dates, the names of your children and the respondent, and any other detail that could be traced back to you or anyone in your case — to support academic research and publication on domestic violence, court access, and AI-assisted legal aid.

De-identification is permanent and irreversible. The original copy of your record stays scoped to your account; the de-identified copy cannot be linked back to you.
Research uses include aggregate statistics, model evaluation, and publication in peer-reviewed journals. We do not sell de-identified data to third parties.
You can opt out at any time by emailing privacy@dvhelp.ai with the subject line Research opt-out. Your account-scoped data will continue to function normally; we just won't include even the de-identified version in any research dataset going forward.
Deleting your account also removes any not-yet-aggregated record from research datasets.

How long we keep your data

Conversations and form data: until you delete them, or until you delete your account.
Email-OTP records: 10 minutes (the code expires).
Server logs (Vercel): typically 30 days, then rolled.
Error reports (Sentry): 90 days by default.
Analytics (Plausible): aggregate counts only, retained indefinitely; no individual records.

Your rights

Under the California Consumer Privacy Act (CCPA) and similar laws, you have the right to:

Know what personal information we hold about you.
Delete your data — the entire account, or specific conversations.
Correct inaccurate information.
Opt out of any data sharing for marketing or sale (we don't sell or share your data — but you have the right anyway).
Not be discriminated against for exercising these rights.

To delete a single conversation: hover over it in the sidebar and click the trash icon. To delete your entire account, sign out and email us at privacy@dvhelp.ai — we will wipe everything within 24 hours.

Children's privacy

DVHelp.ai is not intended for users under 18. A minor seeking a restraining order can ask a parent, guardian, or guardian ad litem to file on their behalf. Please contact the OC Self-Help Center for guidance specific to minors.

Security

All data is encrypted in transit (HTTPS) and at rest (Firebase Firestore). Sessions live in HTTP-only cookies, not in browser storage that scripts can read. Access to our backend is restricted to authorized maintainers. We will notify affected users within 72 hours of discovering any data breach involving their information.

Changes to this policy

If we change this policy in a material way, we will surface a notice on the site before the change takes effect, and update the "Last updated" date above.

Contact

Questions, requests, or concerns about your data: privacy@dvhelp.ai.

Disclaimer

This policy is written in plain language for transparency. It is not legal advice and was not drafted by an attorney. If you have questions about your rights under California or federal privacy law, consult a privacy attorney or contact the California Attorney General's privacy office.