Legal
Privacy Policy
Last updated: 25 May 2026
Privacy Policy
Last updated: 25 May 2026
The short version
ADHD Reflect is built for people in difficult parenting moments. That means the things you type, tap and answer here are often emotionally sensitive. We treat them that way.
Here is the honest summary:
- We collect the minimum we can.
- We do not sell your data.
- We do not use your data to target advertising.
- We do not share what you type into the assistant with referral partners, advertisers or anyone marketing to you.
- We use a small number of trusted services (listed below) to run the site, send emails and match your input to the right card or guide.
- You can ask us to delete your data at any time.
The rest of this page explains how that works in detail.
If anything here is unclear, email privacy@adhdreflect.com and we will answer in plain English.
Who runs ADHD Reflect
ADHD Reflect is operated by [Legal entity name], ABN [XX XXX XXX XXX], based in Brisbane, Australia.
In this policy, “we”, “us” and “our” mean ADHD Reflect. “You” means anyone using the site, the assistant, the quiz, the newsletter or any of our paid features.
We are based in Australia and bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are in the United Kingdom, European Union, California or another jurisdiction with its own privacy laws, you also have rights under those laws. We have tried to apply the strictest reasonable standard across the board rather than running different versions for different regions.
What we collect
We collect different things depending on what you do on the site.
1. Things you give us directly
Email address. If you sign up for the newsletter, create an account or get your quiz result, we collect your email address.
Quiz answers. If you take the parenting pattern quiz, we collect your answers and the pattern result. If you create an account, we store this so we can match weekly practices to your pattern. If you do not create an account, we use it once to give you a result and do not store it long-term.
Account details. If you create an account, we store the email you used to sign in and a hashed version of your password. We do not store your password in readable form.
Anything you choose to type or speak. If you use the in-the-moment assistant to describe what just happened in your home, we receive that text. If you use voice input, your browser converts speech to text on your device, and we receive only the text. See the section “What we do with what you type” below, because this is the most sensitive part.
Payment details. If you ever upgrade to a paid tier, payment is processed by Stripe. We do not see or store your card number. We receive a record that you paid, your subscription status, and the country your card was issued in.
Anything you send us by email. If you email us, we keep your message and reply.
2. Things we collect automatically
Country-level location. We use your IP address to work out your country, so we can show you the right crisis lines and support resources. We do not store precise location, suburb or postcode unless you give it to us deliberately.
Basic technical information. Standard web logs, including IP address, device type, browser, the pages you visited and the time. We use these for security, debugging and to understand how many people use the site.
Analytics. We use Plausible (or a similar privacy-friendly analytics tool), which counts page views without cookies and without identifying individual users. See our Cookies and analytics page for details.
3. Things we do not collect
We do not collect or ask for:
- your child’s name, photo, school or details;
- your partner’s name or details;
- your full address, suburb or postcode;
- your phone number, unless you choose to give it to us;
- your health records, diagnosis or prescription information;
- any details you have not chosen to share.
If you type any of these into the assistant, we will end up receiving them, but we ask you not to. The assistant is designed to work with general descriptions, not identifying details.
What we do with what you type into the assistant
This is the most sensitive part of the site, so we want to be specific.
When you type or speak something into the in-the-moment assistant (“I just yelled at my kid”, “the homework meltdown again”, and so on), here is what happens:
- Your text is sent to Anthropic’s Claude API in the United States. Anthropic uses it only to return a match to one of our pre-written cards or guides. Per Anthropic’s published terms, API inputs are not used to train their models unless we explicitly opt in, which we do not.
- The assistant returns a short list of likely card or guide matches.
- We log only the matched card or guide ID and a general category tag.
- We do not log your raw query by default.
There is one exception. If the assistant cannot match your query to a card or guide, we may log the text so we can use it to decide what to write next. We will only do this if you tick the consent box that appears when this happens. You can use the assistant without ticking the box; you just will not see “your query helped us write a new guide” as a result later.
We also run a crisis-language check on what you type. If you describe something that looks like a safety risk to you, your child or someone else, we will not try to match a card. We will show you crisis support options for your country instead.
We do not link what you type to your email, your account or your payment details.
Sensitive information
The Australian Privacy Act treats some information as sensitive, including information about your health.
ADHD Reflect is not a health service. We do not provide diagnosis, therapy, treatment or clinical care. But we recognise that ADHD-related content, quiz answers about your parenting and descriptions of moments at home are emotionally sensitive, and may be considered sensitive information under Australian law.
We treat all of this as sensitive by default. That means:
- we only collect it with your knowledge and where it is needed to give you what you came for;
- we apply tighter access controls inside our systems;
- we do not share it with advertisers, marketers or referral partners;
- we do not use it to build a profile that follows you around the internet.
Who we share data with
We use a small number of carefully chosen services to run ADHD Reflect. These are listed below, with the reason we use them and what we share.
| Service | What it does | What we share with it |
|---|---|---|
| Anthropic (Claude API) | Matches your assistant input to the right card or guide. | The text you type into the assistant. Not used for model training. |
| ConvertKit (or Resend) | Sends the newsletter and weekly practice emails. | Your email address and which pattern you scored on. |
| Stripe | Processes payments for paid features. | Name, email, country and payment details (handled by Stripe directly). |
| Supabase (or equivalent hosted database) | Stores account, quiz pattern and saved cards. | Email, hashed password, pattern result, saved cards. |
| Replit / Cloudflare / Vercel | Hosts the site. | Standard technical logs. |
| Plausible (or similar) | Counts visits without cookies. | Anonymous, aggregated page views. |
We do not share what you type into the assistant with any of these services other than Anthropic. We do not share your quiz result with anyone other than ConvertKit (so we can match your weekly practice to your pattern).
If we ever change a service in this list, we will update this page.
We will only share your data outside this list if:
- you ask us to;
- we are required to by law;
- we need to protect someone’s safety;
- we sell or transfer the business, in which case we will tell you first and the new owner will be bound by this policy.
Where your data is stored
Most of the services above are based in the United States. Some store data in other regions. By using ADHD Reflect, you understand that your data may be processed in countries other than your own.
Where data leaves Australia, we rely on the relevant service’s contractual commitments to handle it consistently with the Australian Privacy Principles, UK and EU GDPR, and other applicable laws.
If you would prefer your data to stay in a particular country, email us and we will tell you what we can offer.
How long we keep it
| Data | How long we keep it |
|---|---|
| Newsletter email address | Until you unsubscribe, plus 30 days |
| Account data | Until you delete the account, plus 30 days |
| Quiz answers (no account) | A few hours, then discarded |
| Quiz pattern (with account) | Until you delete the account |
| Assistant matches (card IDs only) | Up to 12 months in aggregate form |
| Unmatched query text (with consent) | Up to 6 months, then deleted or fully anonymised |
| Payment records | 7 years, to meet Australian tax law |
| Support emails | Up to 3 years |
| Web logs | Up to 90 days |
When we delete data, we do so from active systems within 30 days. Backups may take longer to cycle out, up to 90 days.
Your rights
You have the following rights, no matter where you live:
- Know what we have about you.
- Access a copy of your data.
- Correct anything that is wrong.
- Delete your data.
- Opt out of marketing emails at any time, using the link at the bottom of every email.
- Complain to us first, and to a regulator if we cannot fix it.
To use any of these rights, email privacy@adhdreflect.com with a short description of what you want. We will respond within 30 days, usually faster. If we need more information to verify it is really you, we will ask.
If you are in Australia and you are not happy with how we have responded, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.
If you are in the United Kingdom, you can complain to the Information Commissioner’s Office at ico.org.uk.
If you are in the European Union, you can complain to your local data protection authority.
If you are in California, you have additional rights under the CCPA and CPRA, including the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law.
Children
ADHD Reflect is built for adults, especially parents. It is not designed for, marketed to or intended for children or teenagers.
We do not knowingly collect personal information from anyone under 18. If you are a parent or carer and you believe your child has used the site and given us information, email privacy@adhdreflect.com and we will delete it.
We also ask that you do not type information about your child that would identify them (name, school, photo, exact age, exact suburb) into the assistant or any form on the site. The site works with general descriptions of moments. It does not need identifying details about your child, and we do not want them.
Security
We use industry-standard protections, including encryption in transit, hashed passwords, role-based access inside our team and regular updates to our hosting and services.
No system is perfectly secure. If we ever have a data breach that is likely to cause you serious harm, we will tell you and the relevant regulator, as required under the Notifiable Data Breaches scheme in Australia.
Changes to this policy
If we change anything important on this page, we will update the date at the top and tell newsletter subscribers by email. Small clarifications or typo fixes may happen without a separate notice.
The current version of this policy always lives at this URL.
Contact us
Privacy questions or requests: privacy@adhdreflect.com General contact: hello@adhdreflect.com Postal: [Postal address, Brisbane QLD, Australia]
We aim to reply within five business days, and always within thirty.