Privacy Policy
Last updated: April 11, 2026
1. Introduction
Welcome to AutismDock ("we", "our", or "the Platform"). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our web platform, progressive web application (PWA), and all associated services. AutismDock is a comprehensive support platform for individuals with autism, their families, educators, and professionals. By registering or using our services, you agree to the practices described in this policy.
2. Data Controller
The data controller for your personal data is AutismDock. For any data protection inquiries, you may contact us at support@autismdock.com.
3. Information We Collect
We collect the following categories of information: • Registration data: name, email address, encrypted password, profile type (parent, professional, educator, or individual), registration date. • Profile data: display name, avatar photo, bio, date of birth, gender, city, country, diagnosis, autism level, communication style, sensory sensitivities, triggers, calming strategies, strengths and interests, support needs, allergies, medications, blood type, school name, and additional notes. • Emergency contact data: name, phone number, and relationship for up to two emergency contacts. • Children's data: when a parent/guardian registers a child's information, we collect name, date of birth, diagnosis, communication level, sensory profile, allergies, medications, blood type, school, grade, therapist name, emergency contact, and avatar. • App usage data: sensory logs, routines and completed tasks, earned stars and tokens, AAC/PECS communication history, daily visual schedules, emotion logs, progress in educational games and training courses. • Subscription and payment data: subscription type (free or premium), 7-day free trial status, transaction history processed through Stripe. We do not store credit card data; this is managed exclusively by Stripe. • Device data: device identifier, device name, last activity date, IP address, and browser user agent. • AI interaction data: conversations with our AI assistant (Docky AI) to provide personalized guidance.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under the GDPR: • Contract performance: to provide contracted services, manage your account, process payments, and administer the premium subscription. • Consent: for marketing communications, newsletters, and processing sensitive health-related data (diagnoses, medications). • Legitimate interest: to improve our services, prevent fraud, ensure platform security, and perform aggregated usage analytics. • Legal obligation: to comply with applicable tax, accounting, and regulatory requirements.
5. How We Use Your Information
We use your information to: • Provide, maintain, and improve all AutismDock services, including visual routines, AAC/PECS boards, sensory tools, intervention guides, educational games, and training courses. • Manage the premium subscription system, including the automatic 7-day free trial granted to every newly registered user, and access to exclusive premium features after the trial period expires. • Facilitate communication between Support Circle members, co-parents, and professionals linked through the Care Portal. • Process subscription payments (€3.99/month, with 10% quarterly, 12.5% semi-annual, and 16% annual discounts) securely through Stripe. • Send push notifications, alarms, and alerts related to routines, visual schedules, and appointments. • Generate the SOS Card with emergency medical information. • Administer the gamification system with stars, tokens, levels, and badges. • Provide personalized responses through our AI assistant (Docky AI). • Perform aggregated analytics to improve the platform.
6. Premium Subscription and Trial Period
AutismDock offers a freemium model with the following features: • Free trial: every new user who registers on AutismDock automatically receives 7 days of free premium access. During this period, the user has full access to all premium features without needing to enter payment information. • Premium features: after the 7-day trial period expires, certain advanced features are restricted exclusively to users with an active premium subscription. These include, among others: Care Portal, advanced AI features, advanced social skills tools, detailed report generation, and access to exclusive training content. • Free features: basic platform features such as basic visual routines, AAC boards, community/forum, and certain educational games remain accessible to all registered users. • Payment processing: all payments are processed securely through Stripe. We do not store or have access to your complete credit or debit card data. Stripe acts as an independent payment processor and is PCI-DSS Level 1 certified. • Cancellation: you may cancel your subscription at any time through the subscription management portal. Cancellation is effective at the end of the current billing period.
7. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share information only in the following cases: • Support Circle: with members of your support circle whom you have expressly invited and approved. • Co-parents: with the second parent linked to a child's profile, who will have read access and appointment management. • Linked professionals: with professionals (therapists, educators, doctors) connected through the Care Portal via invitation code. • Service providers: with technology providers necessary to operate the platform, including hosting and database services, Stripe (payment processing), AI services for the Docky AI assistant, and push notification services. • Legal obligations: with judicial or administrative authorities when required by law or in response to a valid legal process.
8. Children's Data Protection
AutismDock is designed to be used by adults (parents, guardians, professionals, and educators) on behalf of children and individuals with autism. We comply with: • GDPR: we do not collect data from minors under 16 without verifiable consent from their parent, mother, or legal guardian. On AutismDock, all children's data is provided and managed exclusively by authorized adults. • COPPA: although we are EU-based, we respect COPPA principles for US users. We do not collect information directly from children under 13. • Data minimization: we only collect children's data strictly necessary to provide the services requested by their parents or guardians. • Parents and guardians can access, modify, or delete their children's data at any time from the child's profile settings.
9. Data Security
We implement robust technical and organizational security measures to protect your personal information: • Encryption in transit: all communications between your device and our servers are encrypted using TLS 1.3. • Encryption at rest: data stored in our database is encrypted. • Row-Level Security (RLS): we use row-level security policies in our database to ensure each user can only access their own data. • Secure authentication: authentication system with bcrypt-encrypted passwords, Google authentication support, and email verification. • Role-based access control: differentiated roles (user, moderator, administrator) with granular permissions. • Device limits: control over the number of devices from which an account can be accessed. • Database security functions: SECURITY DEFINER functions to prevent privilege escalation and unauthorized access. • Audit logging: activity logs to detect unauthorized access.
10. International Data Transfers
Your data may be processed on servers located outside your country of residence, including the European Union and the United States. When we transfer data outside the European Economic Area (EEA), we ensure adequate safeguards exist, such as Standard Contractual Clauses approved by the European Commission or providers' EU-US Data Privacy Framework certification.
11. Cookies and Similar Technologies
We use the following technologies: • Essential cookies: necessary for platform operation, including authentication session management and language preferences. • Local storage (localStorage): to store user preferences such as dark/light mode, selected language, and cached data to improve application performance. • Service Workers: to enable PWA offline functionality and push notifications. We do not use third-party tracking cookies or targeted advertising.
12. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights: • Right of access: request a copy of your personal data. • Right to rectification: correct inaccurate or incomplete data. • Right to erasure ("right to be forgotten"): request deletion of your personal data. • Right to restriction of processing: restrict the processing of your data in certain circumstances. • Right to data portability: receive your data in a structured, commonly used, machine-readable format. • Right to object: object to the processing of your data based on legitimate interest. • Right not to be subject to automated decisions: our AI assistant provides informational guidance, but no automated decision has legal effects on you. • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing. To exercise any of these rights, you can do so through your profile settings or by contacting support@autismdock.com. We will respond to your request within a maximum of 30 days.
13. Data Retention
We retain your personal data according to the following criteria: • Active account data: as long as your account remains active on the platform. • Data after account deletion: if you request account deletion, all your personal data will be removed from our servers within 30 calendar days, including profile data, associated children's data, routines, sensory logs, AI conversation history, and any other personal data. • Billing data: transaction records and invoices are retained for the minimum legally required period for tax and accounting obligations (generally 5-7 years depending on jurisdiction). • Anonymized data: we may retain fully anonymized and aggregated data for statistical purposes and service improvement, as such data does not allow identification of any individual.
14. Notifications and Communications
AutismDock may send you the following communications: • Service notifications: routine alerts, appointment reminders, visual timer alarms, and system notifications. These are essential for service operation. • Transactional communications: payment confirmations, subscription changes, and notices about changes to terms of service. • Newsletter: if you voluntarily subscribe, you will receive autism news, platform updates, and educational resources. You can unsubscribe at any time. Push notifications may include sounds, vibration, and screen flash as aids for people with specific sensory needs. These options are user-configurable.
15. Artificial Intelligence
AutismDock uses artificial intelligence through its Docky AI assistant to provide personalized guidance and support. Important information about AI usage: • Your conversation data with Docky AI is used exclusively to generate relevant responses and is not shared with third parties for AI model training. • AI responses are informational and advisory. They do not constitute professional medical, therapeutic, or psychological advice. • You can delete your AI conversation history at any time. • We use AI models through secure providers that comply with applicable data protection standards.
16. Changes to This Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of any significant changes through: • A prominent notice within the application. • An email to the address associated with your account. • Updating the "Last updated" date at the top of this policy. Continued use of AutismDock after the publication of changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the platform and request account deletion.
17. Supervisory Authority
If you believe that the processing of your personal data violates data protection regulations, you have the right to file a complaint with the competent data protection supervisory authority in your country of residence.
18. Contact
For any questions, requests, or complaints related to this Privacy Policy or the processing of your personal data, you may contact us at: • Email: support@autismdock.com • Through the contact form available in the application. We commit to responding to all requests within a maximum of 30 calendar days.