Privacy and Security Policy

Privacy & Data Security Policy

Effective Date: [Insert Date]

We value your trust and are committed to protecting the personal information of children, families, and educators who use our services. This Privacy & Data Security Policy outlines how we collect, use, store, and protect personal information through our web and mobile applications (the “App”).

1. Compliance with Privacy Laws

Our App is designed to align with the requirements of applicable privacy and data protection laws in the jurisdictions where our services are offered, including:

• HIPAA – Health Insurance Portability and Accountability Act (United States)
• PIPEDA – Personal Information Protection and Electronic Documents Act (Canada)
• FIPPA – Freedom of Information and Protection of Privacy Act (British Columbia)

We monitor changes to relevant laws and adjust our practices as needed to maintain alignment with current legal standards.

Note: While we strive for compliance with the above regulations, legal requirements vary by jurisdiction and context. Users are encouraged to consult their own legal advisors to determine how our services apply to their local obligations.

2. Data Collection and Use

We collect and process personal information to support early childhood education operations, including:

• Child and family contact information
• Medical and developmental information (e.g., allergies, diagnoses, progress notes)
• Attendance and enrollment records
• Staff profiles and internal notes
• Uploaded media (e.g., photos of children for documentation)

This information is used solely for the purpose of delivering our services and improving educational experiences. We do not sell or share your information with third-party marketers.

3. Data Security Measures

We employ industry-standard safeguards to protect personal data, including:

• Encrypted data transmission via HTTPS (TLS)
• AES-256 encryption of sensitive data at rest
• Role-based access control to restrict data visibility based on user roles (e.g., parents, staff, administrators)
• Strong password enforcement and multi-factor authentication (MFA) for administrators
• Auto-logout from sessions after periods of inactivity
• Access logging and audit trails for administrator actions

4. Data Retention and Deletion

We retain children's personal information for up to five (5) years following their last known enrollment, unless otherwise required by law or requested in writing by the child's parent or legal guardian. After this period, data is permanently deleted from our servers.

You may request earlier deletion of your or your child’s personal data by contacting us at [insert-email], subject to legal obligations.

5. Access and Control of Information

Parents and authorized guardians have the right to:

• Request access to the personal information we hold about their child
• Request correction of inaccurate or outdated information
• Request deletion or anonymization of personal data (subject to legal constraints)

To make such a request, please contact [insert-email].

6. Third-Party Services

Some features of the App may rely on trusted third-party service providers (e.g., cloud storage, secure authentication). We ensure that all such providers meet industry privacy and security standards through contractual obligations.

7. Contact & Questions

If you have questions or concerns regarding privacy or data handling, please contact us at: