Skip to content

Legal

Privacy Policy

My Birth Codex™ is built on a singular promise: the data entrusted to us is yours. It is never sold, never repurposed, and protected to the same standard as the record it produces.

Effective Date: January 1, 2026  ·  Last Revised: April 2026

My Birth Codex™ does not sell, rent, license, or monetize personal data. Ever. The Birth Codex record is a document of identity — it is treated with the same standard of care as the archival system it belongs to.

1. Information We Collect

Identity & Birth Data

To produce a Birth Codex, we collect information about the child being recorded. This includes, but is not limited to: full legal name, date of birth, time of birth, location of birth, birth weight and measurements, blood type, parental and lineage information, celestial and astronomical data derived from birth date and time, and numerological profile data. This is the foundational dataset of the record.

Account & Contact Information

We collect the name, email address, mailing address, and phone number of the ordering party — the parent, guardian, or authorized representative submitting the Provenance request. This information is used solely for order fulfillment, communication, and record authentication.

Payment Information

Payment is processed by PCI-compliant third-party processors. My Birth Codex™ does not store full card numbers, CVV codes, or banking credentials. We retain only the last four digits and billing address for verification and record purposes.

Institutional Data (Codex Core)

For hospital and health system integrations operating under Codex Core, we ingest data from electronic health record (EHR) systems in a read-only capacity. This data transfer is governed by a fully executed Business Associate Agreement (BAA) and is compliant with the Health Insurance Portability and Accountability Act (HIPAA). No clinical data is stored or retained beyond what is required to produce the Codex record.

Website Usage Data

We collect standard technical data when you interact with our website: IP address, browser type, device type, pages visited, session duration, and referral source. This data is used for site performance and security purposes only.

2. How We Use Information

We use the information collected for the following purposes only:

  • To produce, authenticate, and deliver the Birth Codex record
  • To operate and maintain the MYA digital vault for families who have purchased access
  • To process payments and manage order fulfillment
  • To communicate with you about your order, record status, or account
  • To maintain the integrity of the Codex Archive and verify record authenticity
  • To comply with applicable legal obligations

We do not use your data for advertising, behavioral profiling, or any purpose beyond producing and maintaining the record you commissioned.

3. HIPAA & Clinical Data

My Birth Codex™ operates in full compliance with the Health Insurance Portability and Accountability Act (HIPAA) where applicable. For all hospital and health system integrations operating under Codex Core, we execute a Business Associate Agreement (BAA) prior to any data transfer.

Clinical data ingested through Codex Core is handled as follows:

  • Ingestion is read-only — no data is written back to the EHR system
  • Data is encrypted in transit and at rest
  • Access is limited strictly to the personnel required to produce the record
  • Retention is limited to the minimum necessary to fulfill the Codex record

Families who order directly through our Provenance intake process provide data voluntarily. While consumer-direct transactions are not governed by HIPAA, we apply HIPAA-equivalent safeguards to all birth identity data — including encryption at rest, encrypted transmission, access controls, and breach notification procedures — regardless of the data source.

For complete details, see our Notice of Privacy Practices.

4. MYA — The Living Record

MYA (Moment You Arrived) is the digital vault layer of the Codex system — a private, permanent, and expandable identity record for families who hold a Birth Codex. MYA is available only to families with an existing, verified Birth Codex record.

What MYA Stores

MYA stores the verified data from your Birth Codex and any family-contributed milestones, documents, or narrative additions you choose to add over time. This data is private to your family account and is not accessible by any third party without your explicit, written authorization.

AI Processing

MYA employs AI capabilities to organize, surface, and contextualize the data within your record. AI processing occurs on your existing record data only — it does not ingest external data sources or share your family's information with AI model training pipelines.

MYA Data Residency

MYA data is stored in encrypted, access-controlled infrastructure in the United States. It is not transferred to international servers for processing or storage.

5. Disclosure & Sharing

My Birth Codex™ does not sell, trade, rent, or license your personal information to any third party.

We may share information only in the following limited circumstances:

  • Service providers: Vendors who assist in production, fulfillment, and secure storage — bound by confidentiality agreements and permitted to use data only for the services they provide to us
  • Legal obligation: When required by a valid court order, subpoena, or applicable law — in which case we will notify you to the extent legally permitted
  • Record authentication: With your explicit authorization, to verify the authenticity of a Codex record to a named third party

No data is shared with advertisers, data brokers, research organizations, or any entity not directly involved in producing or maintaining your record.

6. Data Retention

The Birth Codex is designed to last 500 years. The record data that produced it is retained accordingly — not deleted after fulfillment, but preserved as part of the Codex Archive. This is by design: the archive functions as the verification system for the physical record.

You may request deletion of your account information, contact records, and any data not intrinsic to the authenticated record itself. Because the Codex record is a permanent document issued at birth, the core identity data that constitutes the record cannot be deleted without invalidating the record's authenticity. This will be disclosed clearly at the time of any deletion request.

7. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we hold. These include:

  • End-to-end encryption for all data in transit (TLS 1.2 or higher)
  • Encryption at rest for all stored personal and birth identity data
  • Role-based access controls limiting data access to authorized personnel only
  • Regular security assessments and vulnerability reviews

No system is impenetrable. In the event of a breach affecting your personal data, we will notify impacted individuals within 60 days of discovery via the email address associated with the record. The notification will include: a description of the incident, the types of data involved, steps you can take to protect yourself, and our remediation actions. For breaches affecting 500 or more individuals, we will also notify the U.S. Department of Health and Human Services as required under 45 CFR 164.408.

8. Children's Data

The Birth Codex records data about children — this is the purpose of the product. However, data is collected from and consented to by the parent, guardian, or legal representative submitting the Provenance request. We do not collect data directly from children, and we do not operate services directed at children.

All data collected about a child is held under the authority of the ordering parent or guardian until such time as the child reaches the age of majority and requests transfer of record authority. Contact us at hello@mybirthcodex.com to initiate a record authority transfer.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of personal information — subject to the retention limitations described in Section 6
  • Portability: Request a machine-readable export of your data
  • Opt-out of communications: Unsubscribe from non-transactional communications at any time

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is sold or disclosed and to whom. My Birth Codex™ does not sell personal information. To exercise any of these rights, contact us at hello@mybirthcodex.com.

10. Cookies & Tracking

Our website uses a minimal set of cookies necessary for site function: session management, security tokens, and form state. We do not use third-party advertising cookies or behavioral tracking technologies.

You may configure your browser to reject cookies. Doing so will not prevent you from accessing the site but may affect certain form functions.

11. Changes to This Policy

We may revise this Privacy Policy as our practices evolve or as required by law. Material changes will be communicated by posting the updated policy with a revised effective date and, where appropriate, by direct notification to active account holders. Continued use of the site or services after a revision constitutes acceptance of the updated terms.

12. Contact

All privacy inquiries, data requests, and concerns should be directed to:

My Birth Codex™

Attn: Privacy & Data Compliance

hello@mybirthcodex.com

833-81-CODEX

mybirthcodex.com