Privacy Policy

KiddosDesk ("we", "our", or "the Service") is a business-to-business (B2B) Software-as-a-Service platform that helps licensed childcare centers manage daily operations — including child check-in/out, activity logs, incident reports, attendance, and staff-parent communication.

In this relationship the school (childcare center) is the data controller — they determine why and how personal data is collected. KiddosDesk acts as the data processor, operating the software on the school's behalf under their instructions.

If you are a parent or caregiver whose child attends a school that uses KiddosDesk, please contact that school directly for questions about how they handle your data. This policy governs how KiddosDesk handles data entrusted to it by schools.

We collect two categories of information:

Account information (administrators, teachers, and caregivers)

• Name and email address used to create an account
• Password (stored as a hashed value — never in plaintext)
• Role within the school (administrator, teacher, or caregiver)
• Profile photo (optional)

Children's data (collected on behalf of the school)

• Child's name, date of birth, and enrollment details
• Photos uploaded by school staff
• Daily activity logs (meals, nap times, learning activities)
• Incident and accident reports
• Attendance records (check-in and check-out times)
• Messages in child-specific chat rooms visible to authorized caregivers and staff

The Children's Online Privacy Protection Act (COPPA) applies to the online collection of personal information from children under 13. KiddosDesk does not directly collect personal information from children; all child data is entered by authorized school staff or caregivers acting on behalf of the school.

Schools that use KiddosDesk are responsible operators under COPPA. They are responsible for obtaining appropriate parental or guardian consent before enrolling a child, uploading photos, or sharing any child-related information through the platform.

Parental rights under COPPA

If your child's information is managed through a school that uses KiddosDesk, you have the following rights as a parent or legal guardian:

• Right to review — You may request to review the personal information collected about your child.
• Right to correct — You may request correction of inaccurate information about your child.
• Right to delete — You may request deletion of your child's personal information from the platform. Requests will be fulfilled within 30 days, subject to any legal record-keeping obligations held by the school.
• Right to refuse further collection — You may direct us to stop the further collection or use of your child's personal information.

To exercise any of these rights, first contact the school directly — as the data controller, the school manages your child's enrollment records. You may also reach us at hello@kiddosdesk.com and we will work with the relevant school to investigate and address your request.

Account users must be 18 or older. KiddosDesk's platform is intended solely for adults (school staff and caregivers). Children under 13 are not permitted to create accounts or use the service.

We use the information we collect solely to:

• Provide and operate the KiddosDesk platform on behalf of the school
• Authenticate users and enforce role-based access controls
• Send transactional emails (account invitations, password resets)
• Send push notifications related to platform activity (check-ins, messages, incidents)
• Monitor platform health and diagnose errors (via Sentry, without exposing personal data)

We do not sell personal data. We do not use personal data for advertising, behavioral profiling, or any purpose unrelated to operating the Service.

All data is stored on Supabase infrastructure, which provides encryption at rest and in transit (TLS). Role-based access controls ensure that users can only access data belonging to their school. Staff cannot access data from other schools.

Access to production databases is restricted to authorized KiddosDesk engineers and is protected by multi-factor authentication. We review access logs regularly.

Despite these measures, no system is completely secure. We encourage schools to use strong passwords and to promptly report any suspected unauthorized access.

Personal data is retained for as long as the school's subscription is active. When a school terminates its account, we will delete or anonymize all associated data within 30 days, unless a longer retention period is required by law.

Schools may request an export of their data at any time by contacting hello@kiddosdesk.com. Exported data is provided in a machine-readable format (CSV or JSON).

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your personal data (subject to legal retention obligations)
• Object to certain processing activities
• Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, please email hello@kiddosdesk.com. We will respond within 30 days.

KiddosDesk uses session cookies only. These cookies are set by Supabase to maintain your authenticated session and are strictly necessary for the Service to function. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

We use the following third-party services to operate the platform. Each receives only the minimum data necessary for its function; none receive children's personal data beyond operational necessity.

• Supabase — database, authentication, and file storage
• Resend — transactional email delivery (invitations, password resets)
• Sentry — error monitoring and crash reporting (no PII in error payloads)
• Expo / Apple / Google — mobile push notification delivery

We do not integrate with advertising networks, data brokers, or social media tracking platforms.

We may update this Privacy Policy from time to time. When we do, we will notify active users via an in-app notice and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

KiddosDesk
Email: hello@kiddosdesk.com