CS Audit — Privacy Policy

Version 1.0 · Effective March 3, 2026

1. Who We Are

CS Audit is a product of Adam & Lynn Incorporated ("Company," "we," "us," or "our"), a Delaware corporation operating as a Specialty Consumer Reporting Agency under 15 U.S.C. § 1681a(f) of the Fair Credit Reporting Act (FCRA).

This Privacy Policy explains how we collect, use, store, and protect your information when you use CS Audit at adamnlynn.com/cs-audit or any related services (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Password (hashed — we never store plaintext passwords)
• State of residence (for guideline matching)
• Subscription and billing information (processed by our payment provider)

2.2 Documents You Upload

You may upload child support-related documents including court orders, payment histories, enforcement notices, income documentation, and agency correspondence. These documents are:

• Encrypted at rest using AES-256-GCM with per-account encryption keys
• Encrypted in transit via TLS 1.2+
• Inaccessible to us — we do not access or decrypt your documents; only your account holds the decryption key

2.3 Audit Processing Data

When you run an audit, the Service processes your uploaded documents to extract structured data (payment amounts, dates, obligation calculations, enforcement actions). This extracted data is:

• Used solely to generate your Audit Report
• Stored encrypted and associated with your account
• Never shared with third parties

2.4 Early Access & Marketing Emails

If you sign up for early access before creating an account, we collect your email address and the page you signed up from. This information is used solely to notify you when the Service becomes available. We do not sell, share, or use this email for third-party marketing. You can request removal at any time by emailing support@adamnlynn.com.

2.5 Usage Data

We automatically collect limited technical data:

• Browser type and version
• Pages visited within CS Audit
• Timestamps of account activity
• IP address (for security and abuse prevention)

We do not use third-party analytics trackers, advertising pixels, or social media tracking scripts on CS Audit pages.

3. Information We Do NOT Collect

CS Audit does not collect:

• Information about the other parent — We do not profile, track, or report on any individual other than the account holder
• Children's data — We do not extract, index, or process information about minors from uploaded documents. If a document contains a child's name or information, that data remains encrypted and is never used for any purpose beyond generating your audit report
• Social media activity — We do not scrape, import, or analyze social media profiles of any party
• Location tracking — We do not track your real-time location

4. How We Use Your Information

4.1 Primary Use

Your data is used to:

• Generate Fact-Based Specialty Audit Reports
• Cross-reference your records against published state and federal guidelines
• Identify calculation errors, enforcement inconsistencies, and procedural issues
• Manage your account and subscription

4.2 Aggregated & Anonymous Data

We may use anonymized, aggregated data — stripped of all personally identifiable information — for research purposes. For example: "42% of audits in State X identified garnishment calculation errors." This aggregated data cannot be traced back to any individual account.

4.3 We Do NOT Use Your Data For

• Advertising or marketing to third parties
• Selling to data brokers
• Training AI models on your personal documents
• Profiling the other parent or any other individual
• Credit scoring, employment screening, or tenant screening

5. Data Sharing

5.1 We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information or uploaded documents to any third party, for any reason, ever.

5.2 Limited Sharing

We may share limited data only in these circumstances:

• Payment processing: Billing information is shared with our payment processor to manage your subscription. They do not have access to your uploaded documents or audit data.
• Legal compliance: If required by a valid court order, subpoena, or legal process. We will notify you before disclosing information unless prohibited by law from doing so.
• Your attorney: If you designate an attorney through the Attorney Portal, they can access your audit reports. This access is controlled by you and can be revoked at any time.

5.3 FCRA Obligations

As a Specialty Consumer Reporting Agency, we comply with FCRA disclosure requirements. Under 15 U.S.C. § 1681b, we furnish consumer reports only to persons with a permissible purpose — in the case of CS Audit, that means you (the consumer who requested the report) and anyone you explicitly authorize in writing.

6. Data Security

6.1 Encryption

• At rest: AES-256-GCM encryption with unique per-account keys
• In transit: TLS 1.2+ for all connections
• Key management: Encryption keys are derived per-account and never stored alongside encrypted data

6.2 Infrastructure

• Hosted on enterprise-grade cloud infrastructure
• Regular security audits and penetration testing
• Access controls and role-based permissions for all internal systems
• No employee accesses the content of your uploaded documents

6.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of discovery, as required by applicable state breach notification laws. Because uploaded documents are encrypted with per-account keys, a breach of our infrastructure would not expose the content of your documents.

7. Data Retention & Deletion

7.1 Active Accounts

Your data is retained for the duration of your active account. You can download your audit reports at any time.

7.2 Account Deletion

When you delete your account:

• All encrypted documents are permanently destroyed within 30 days
• All audit reports and extracted data are permanently destroyed within 30 days
• Account information (name, email) is deleted within 30 days
• Billing records may be retained for up to 7 years as required by tax law
• Anonymized, aggregated statistical data (not traceable to you) may be retained indefinitely

7.3 Inactive Accounts

Accounts with no login activity for 24 months will receive an email notification. If no response is received within 30 days, the account and all associated data will be deleted.

8. Children's Privacy (COPPA Compliance)

CS Audit is intended for adults aged 18 and older. We do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA).

CS Audit processes parent-to-agency interactions and administrative records. The platform does not target, market to, or collect data from minors. If uploaded documents contain incidental references to minors (such as a child's name on a court order), that information is:

• Stored encrypted and inaccessible to us
• Never extracted, indexed, or used for any purpose beyond generating the audit report
• Permanently destroyed upon account deletion

9. Your Rights

9.1 FCRA Rights

As a consumer whose data is processed by a Specialty Consumer Reporting Agency, you have the right to:

• Access all information in your file
• Dispute inaccurate information (15 U.S.C. § 1681i)
• Request correction or deletion of inaccurate data
• Know who has accessed your report
• Consent before reports are shared with third parties

9.2 State Privacy Rights

Depending on your state of residence, you may have additional privacy rights under laws such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), or similar state legislation. These rights may include:

• Right to know what personal information we collect and why
• Right to delete your personal information
• Right to opt out of the sale of personal information (we don't sell data, so this is already satisfied)
• Right to non-discrimination for exercising your privacy rights

9.3 Exercising Your Rights

To exercise any of these rights, contact us at support@adamnlynn.com. We will respond within 30 days (or sooner if required by applicable law).

10. Cookies & Tracking

CS Audit uses only essential cookies required for the Service to function:

• Session cookies: To keep you logged in during your session
• Security cookies: For CSRF protection and fraud prevention

We do not use:

• Third-party advertising cookies
• Social media tracking pixels
• Cross-site tracking technologies
• Fingerprinting or device identification beyond what is necessary for security

11. Third-Party Services

CS Audit uses the following categories of third-party services:

• Cloud hosting: For infrastructure and data storage (encrypted data only)
• Payment processing: For subscription billing (they do not access your documents or audit data)
• Email delivery: For account notifications and password resets

All third-party service providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing their specific service to us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before the changes take effect. The "Effective" date at the top of this page indicates when the policy was last revised.

Continued use of CS Audit after the effective date of an updated Privacy Policy constitutes acceptance of the updated terms.

13. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us:

Adam & Lynn Incorporated
131 Continental Dr, Suite 305
Newark, Delaware 19713

Email: support@adamnlynn.com

For FCRA-related disputes or data accuracy questions, include "FCRA Dispute" in the subject line for expedited handling.