Privacy Policy

1. Information We Collect

Identity & Birth Data

To produce a Birth Codex, we collect information about the child being recorded. This includes, but is not limited to: full legal name, date of birth, time of birth, location of birth, birth weight and measurements, blood type, parental and lineage information, celestial and astronomical data derived from birth date and time, and numerological profile data. This is the foundational dataset of the record.

Account & Contact Information

We collect the name, email address, mailing address, and phone number of the ordering party — the parent, guardian, or authorized representative submitting the Provenance request. This information is used solely for order fulfillment, communication, and record authentication.

Payment Information

Payment is processed by PCI-compliant third-party processors. My Birth Codex™ does not store full card numbers, CVV codes, or banking credentials. We retain only the last four digits and billing address for verification and record purposes.

Institutional Data (Codex Core)

For hospital and health system integrations operating under Codex Core, we ingest data from electronic health record (EHR) systems in a read-only capacity. This data transfer is governed by a fully executed Business Associate Agreement (BAA) and is compliant with the Health Insurance Portability and Accountability Act (HIPAA). No clinical data is stored or retained beyond what is required to produce the Codex record.

Website Usage Data

We collect standard technical data when you interact with our website: IP address, browser type, device type, pages visited, session duration, and referral source. This data is used for site performance and security purposes only.

2. How We Use Information

We use the information collected for the following purposes only:

• To produce, authenticate, and deliver the Birth Codex record
• To operate and maintain the MYA digital registry for families who have purchased access
• To process payments and manage order fulfillment
• To communicate with you about your order, record status, or account
• To maintain the integrity of the Codex Archive and verify record authenticity
• To comply with applicable legal obligations

We do not use your data for advertising, behavioral profiling, or any purpose beyond producing and maintaining the record you commissioned.

3. HIPAA & Clinical Data

My Birth Codex™ operates in full compliance with the Health Insurance Portability and Accountability Act (HIPAA) where applicable. For all hospital and health system integrations operating under Codex Core, we execute a Business Associate Agreement (BAA) prior to any data transfer.

Clinical data ingested through Codex Core is handled as follows:

• Ingestion is read-only — no data is written back to the EHR system
• Data is encrypted in transit and at rest
• Access is limited strictly to the personnel required to produce the record
• Retention is limited to the minimum necessary to fulfill the Codex record

Families who order directly through our Provenance intake process provide data voluntarily and are not subject to HIPAA. Their data is protected under this Privacy Policy and applicable state privacy law.

4. MYA — The Living Record

MYA (Moment You Arrived) is the digital registry layer of the Codex system — a private, permanent, and expandable identity record for families who hold a Birth Codex. MYA is available only to families with an existing, verified Birth Codex record.

What MYA Stores

MYA stores the verified data from your Birth Codex and any family-contributed milestones, documents, or narrative additions you choose to add over time. This data is private to your family account and is not accessible by any third party without your explicit, written authorization.

AI Processing

MYA employs AI capabilities to organize, surface, and contextualize the data within your record. AI processing occurs on your existing record data only — it does not ingest external data sources or share your family's information with AI model training pipelines.

MYA Data Residency

MYA data is stored in encrypted, access-controlled infrastructure in the United States. It is not transferred to international servers for processing or storage.

5. Disclosure & Sharing

My Birth Codex™ does not sell, trade, rent, or license your personal information to any third party.

We may share information only in the following limited circumstances:

• Service providers: Vendors who assist in production, fulfillment, and secure storage — bound by confidentiality agreements and permitted to use data only for the services they provide to us
• Legal obligation: When required by a valid court order, subpoena, or applicable law — in which case we will notify you to the extent legally permitted
• Record authentication: With your explicit authorization, to verify the authenticity of a Codex record to a named third party

No data is shared with advertisers, data brokers, research organizations, or any entity not directly involved in producing or maintaining your record.

6. Data Retention

The Birth Codex is designed to last 500 years. The record data that produced it is retained accordingly — not deleted after fulfillment, but preserved as part of the Codex Archive. This is by design: the archive functions as the verification system for the physical record.

You may request deletion of your account information, contact records, and any data not intrinsic to the authenticated record itself. Because the Codex record is a permanent document issued at birth, the core identity data that constitutes the record cannot be deleted without invalidating the record's authenticity. This will be disclosed clearly at the time of any deletion request.

7. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we hold. These include:

• End-to-end encryption for all data in transit (TLS 1.2 or higher)
• Encryption at rest for all stored personal and birth identity data
• Role-based access controls limiting data access to authorized personnel only
• Regular security assessments and vulnerability reviews

No system is impenetrable. In the event of a breach that materially affects your data, we will notify you as required by applicable law and as quickly as the circumstances permit.

8. Children's Data

The Birth Codex records data about children — this is the purpose of the product. However, data is collected from and consented to by the parent, guardian, or legal representative submitting the Provenance request. We do not collect data directly from children, and we do not operate services directed at children.

All data collected about a child is held under the authority of the ordering parent or guardian until such time as the child reaches the age of majority and requests transfer of record authority. Contact us at hello@mybirthcodex.com to initiate a record authority transfer.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of personal information — subject to the retention limitations described in Section 6
• Portability: Request a machine-readable export of your data
• Opt-out of communications: Unsubscribe from non-transactional communications at any time

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is sold or disclosed and to whom. My Birth Codex™ does not sell personal information. To exercise any of these rights, contact us at hello@mybirthcodex.com.

10. Cookies & Tracking

Our website uses a minimal set of cookies necessary for site function: session management, security tokens, and form state. We do not use third-party advertising cookies or behavioral tracking technologies.

You may configure your browser to reject cookies. Doing so will not prevent you from accessing the site but may affect certain form functions.

11. Changes to This Policy

We may revise this Privacy Policy as our practices evolve or as required by law. Material changes will be communicated by posting the updated policy with a revised effective date and, where appropriate, by direct notification to active account holders. Continued use of the site or services after a revision constitutes acceptance of the updated terms.

12. Contact

All privacy inquiries, data requests, and concerns should be directed to: