Privacy Policy
Cobblestone Digital LLC ("Cobblestone Digital," "we," "our," or "us") operates a portfolio of software platforms and services. This Privacy Policy describes how we collect, use, and protect information across our platforms, including AnchorPoint Service Connect (APSC), AnchorPoint Volunteer Connect (APVC), LEDES Billing, AuditShield, awaits.info, and associated mobile applications.
By using any of our platforms or services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.
1. Information We Collect
The information we collect depends on which platform you use and in what capacity. We may collect:
- Account Information: Name, email address, username, and password (stored as a secure hash). For mobile apps, court/organization code for tenant identification. Each participant is assigned an internal participant identifier (User ID) used to associate service records with the correct individual within their tenant’s program.
- Profile Information: For participants in community service programs: assigned service sites, court order details, check-in/check-out records, hours completed, and supervisor assignments.
- Location Information (Precise Location): When using the APSC mobile application, we collect your device’s precise GPS location at the time of check-in and check-out to verify presence at an authorized service site (geo-fencing). Precise location is collected only during active check-in actions — not continuously tracked in the background, and not retained as a continuous location history.
- Device Information: Device type, operating system, and app version for compatibility and troubleshooting purposes.
- Usage Data: Log data, session information, and activity within our platforms for security, audit, and operational purposes.
- Compliance and Audit Data: For AuditShield platform users: system configuration data collected from endpoints you authorize for scanning. This data is processed under your direction and remains within your account.
- Billing Information: For LEDES Billing: invoice data, timekeeper records, client/matter information, and carrier credentials (encrypted at rest using AES-256-GCM).
2. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve our platforms and services
- Authenticate users and manage sessions securely
- Verify service site attendance and generate compliance reports
- Send transactional and operational notifications (check-in confirmations, deadline reminders, etc.)
- Comply with legal obligations and respond to lawful requests from courts or supervisory authorities
- Detect and prevent fraud, abuse, and security incidents
- Maintain immutable audit logs for regulatory and legal accountability
We do not sell your personal information to third parties. We do not use your information for advertising purposes.
3. Court-Ordered Service Data (APSC)
AnchorPoint Service Connect (APSC) is a platform used by municipal courts, corrections departments, and authorized supervisory organizations to track court-ordered community service. If you are enrolled as a participant through a court order, your service records — including check-in times, locations, hours completed, and court order details — are managed by your supervising organization (the "tenant").
Cobblestone Digital acts as a data processor on behalf of the tenant organization. Your supervising organization is the data controller responsible for how your information is used within their program. Questions about your specific records should be directed to your supervising organization.
4. Precise Location Data
The APSC mobile application requests access to your device’s precise GPS location solely for geo-fence verification at the time of check-in or check-out. We do not track your location continuously, do not store your location history beyond what is required for service record verification, and do not share location data with third parties outside of your supervising organization's authorized personnel.
You may deny location permissions at the device level; however, this will prevent check-in and check-out functionality from operating correctly.
5. Camera Access and QR Code Scanning
The APSC mobile application uses your device’s camera for one purpose only: to scan QR codes physically posted at community service sites in order to identify the site at which you are checking in. The camera operates only on screens where you have intentionally opened the QR scanner. We decode the textual payload of the QR code in real time on your device — we do not save, transmit, or otherwise process the camera frames themselves. No photographs, video, or audio are captured, stored, or shared by APSC under any circumstances.
You may decline camera access at the device level; if you do, you may use the PIN-based check-in option provided as an alternative.
6. Data Sharing and Disclosure
We may share your information only in the following circumstances:
- With your supervising organization: Service records, check-in history, and compliance reports are shared with the tenant organization that manages your program.
- Legal requirements: We may disclose information when required by law, subpoena, court order, or to protect the rights, property, or safety of our users, our company, or the public.
- Service providers: We use limited third-party services for infrastructure (server hosting, email delivery). These providers are contractually bound to handle data securely and only as directed by us.
- Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction, subject to this policy.
7. Data Security
We take security seriously. Our platforms implement industry-standard protections including:
- Passwords stored as bcrypt hashes — never in plaintext
- Sensitive credentials (e.g., carrier credentials in LEDES Billing) encrypted at rest with AES-256-GCM
- HTTPS / TLS encryption for all data in transit
- Immutable audit logs to detect and investigate unauthorized access
- JWT-based mobile authentication with server-side revocation capability
- Session management with configurable timeouts
No system is perfectly secure. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. Service records for court-ordered programs are retained in accordance with the requirements of the supervising organization and applicable law. When a tenant account is canceled, a 90-day read-only access window is provided before data archival.
9. Your Rights
Depending on your jurisdiction, you may have rights including:
- Access to the personal information we hold about you
- Correction of inaccurate or incomplete information
- Deletion of your personal information (subject to legal retention obligations)
- Restriction of certain processing activities
- Data portability
To exercise these rights, contact us at trey@cobblestone-digital.com. We will respond within 30 days. Note that some rights may be limited where information is maintained pursuant to a court order or legal obligation.
10. Children's Privacy
Our platforms are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. Contact us at trey@cobblestone-digital.com if you believe a child's information has been submitted.
APSC may be used by minor participants (ages 13–17) who have been ordered by a court of competent jurisdiction to perform community service as part of a juvenile justice or diversion program. In such cases, the supervising court or agency authorizes the participation and serves as the data controller for that minor’s record. Cobblestone Digital relies on the supervising court’s legal authority to collect and process the minor’s information for the purposes described in this policy. Parents or guardians with questions about a minor’s APSC record should contact the supervising court directly in the first instance.
Some APVC deployments may involve minor participants (e.g., student ambassador programs). In these cases, data collection and consent practices are governed by the tenant organization in accordance with COPPA and applicable state law.
11. Cookies and Tracking
Our web platforms use session cookies to maintain authenticated sessions. We do not use third-party tracking cookies, advertising cookies, or persistent behavioral tracking. The cobblestone-digital.com marketing website does not use any analytics or tracking technologies.
12. Third-Party Links
Our platforms may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing any personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last Updated" date. Material changes will be communicated through the relevant platform or by email where feasible. Continued use of our services after an update constitutes acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Cobblestone Digital LLC
Talladega / Pell City, Alabama
Email: trey@cobblestone-digital.com