Compliance & Legal

✅ SMS Consent (TCPA‑Compliant)

By subscribing, you agree to receive daily automated SMS prompts from Sidekick at the phone number you provided. Consent is not a condition of purchase. Message frequency is approximately one per day.

Standard message & data rates may apply.

To manage messaging, text one of the following keywords:

  • STOP: opt out of future prompts (you may still log in to website to resume later)
  • HELP: receive help and contact information

Sample Opt‑In Confirmation Message:

"Thanks for joining Sidekick! You'll now receive a daily journal prompt via text (~1/day). Msg & data rates may apply. Reply STOP to cancel or HELP for help. View our Terms & Privacy: https://www.heysidekick.co/policies"

This consent language is designed to comply with U.S. TCPA standards requiring clear and informed opt-in with details on frequency, automation, opt-out instructions, and message rates.

🔒 GDPR Compliance

Sidekick is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and United Kingdom.

Your GDPR Rights

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests

Data Protection Measures

  • • Encryption in transit and at rest
  • • Regular security audits
  • • Limited data retention periods
  • • Secure data processing agreements with third parties

📋 CCPA/CPRA Compliance

For California residents, Sidekick complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your CCPA Rights

  • Right to Know: Request information about data collection, use, and sharing
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information

Important: We do not "sell" personal data as defined under CCPA. We may share data with processors for service delivery but not for independent marketing purposes.

🛡️ Data Processing & Security

Third-Party Processors

OpenAI

Used for AI-powered prompt personalization. Data is encrypted and retained no longer than 30 days.

PostHog

Used for anonymized analytics. EEA/UK users can opt out of tracking.

Twilio

SMS delivery service. Message content is encrypted in transit.

Security Measures

  • End-to-end encryption for all data transmission
  • Database encryption at rest
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Secure API endpoints with rate limiting
  • Regular backups with encryption

📞 Contact & Support

For privacy inquiries, data requests, or compliance questions, please contact us:

Privacy & Data Requests

📧 privacy@sidekick.com

For GDPR, CCPA, and other privacy rights requests

General Support

📧 support@sidekick.com

For technical support and account questions

Company Information

JJR Technical Services LLC
16192 Coastal Highway
Lewes, DE 19958
United States