Privacy Policy.

1. Plain-English summary

This is the short version. Read the full sections below for details.

• We collect only what we need to provide our services.
• We never sell your personal information.
• Messages are reviewed by facilities per their security rules — standard for inmate communications.
• Your identity is verified once, encrypted, and not shared with other users.
• You can access, correct, or delete your data at any time.

2. Information we collect

Information you provide directly

• Account info: name, email, password, display name (where applicable)
• Identity verification: government ID and a selfie check (encrypted)
• Loved one info (Journey 1): the incarcerated person's name, facility, ID
• Communications: the content of messages, photos, or media you send
• Payment info: handled by our PCI-compliant payment processor; we never store full card numbers

Information collected automatically

• Device information, browser type, approximate location
• Usage data: which pages you visit, when, for how long
• Cookies and similar technologies (see Section 8)

3. How we use information

We use the information we collect to:

• Provide and operate our services
• Verify identities and prevent fraud
• Process payments
• Communicate with you (account notifications, support replies)
• Improve and personalize the experience
• Meet legal obligations and respond to lawful requests

4. How we share information

We share information only in these specific situations:

• With facilities: only as required by their communication policies (e.g., message review)
• With service providers: payment processors, hosting, identity verification — all bound by contract
• For safety: if needed to protect users or comply with law
• With your consent: for anything else, only with your explicit permission

We never sell your personal information.

5. How long we keep it

We retain your data only as long as needed to provide services and meet legal obligations. When you delete your account, your personal data is permanently removed within 30 days, except where law requires longer retention.

6. Security

We use industry-standard security measures, including:

• Bank-level encryption (TLS in transit, AES-256 at rest)
• Multi-factor authentication options
• Regular security audits and penetration testing
• Strict access controls — only authorized staff can access user data

No system is 100% secure. If a breach affects you, we'll notify you promptly per applicable laws.

7. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Request a copy of your data in a portable format
• Correct inaccurate information
• Delete your account and personal data
• Object to or restrict certain processing
• Opt out of marketing communications (we send very few)

To exercise any of these rights, email us at privacy@myscplus.com.

8. Cookies & tracking

We use cookies for essential functions (login, session) and basic analytics. You can adjust cookie preferences in your browser. We do not use third-party advertising cookies.

9. Children's privacy

Stay Connected+ is intended for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have, please contact us so we can remove it.

10. Changes to this policy

We may update this policy from time to time. Major changes will be announced via email and on this page. The "Last updated" date at the top reflects the most recent revision.

11. Contact us

Questions about this policy or your data?

• Email: privacy@myscplus.com
• Support: Visit our Support page

Disclaimer: This is placeholder copy for review. Please replace with policy drafted/approved by your legal counsel before going live.