Privacy Policy

Childcarious ("we," "us," or "our") operates the Childcarious childcare management platform and website. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our Service.

By using Childcarious, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

We collect information in several categories depending on how you interact with the Service:

Account Information

• Name (first and last)
• Email address
• Facility name and business address
• Account password (stored in hashed form)

Facility Data

• Classroom names, capacities, and age groups
• Staff records (names, contact information, roles, schedules)
• Operating hours and facility settings

Child Records

• Child name, date of birth, and gender
• Medical information, allergies, and dietary restrictions
• Emergency contact information
• Enrollment and attendance records
• Photos (if uploaded by facility staff)

Parent and Guardian Data

• Name and relationship to child
• Email address and phone number
• Communication preferences

Billing Information

Payment information is processed securely by Stripe. Childcarious does not store full credit card numbers, CVVs, or other sensitive payment card data on our servers. We retain Stripe customer and subscription identifiers for billing management purposes.

Usage Data

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, screen resolution)
• Feature usage patterns (aggregated and anonymized)

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions through Stripe
• Send transactional emails (verification codes, receipts, notifications) through Mailgun
• Prevent fraud and abuse using Google reCAPTCHA Enterprise
• Provide customer support and respond to inquiries
• Monitor and analyze usage trends to improve the platform
• Comply with legal obligations and enforce our Terms of Service

Parents and guardians may be invited by a facility operator to access certain features of the Service, including viewing child records, attendance information, billing details, and communicating with facility staff. When parents and guardians use the Service, we collect:

• Login credentials and authentication data (including third-party sign-in via Google)
• Usage data (IP address, device information, access timestamps)
• Messages and communications sent through the platform

Parent and guardian accounts are created at the invitation of the facility operator. The facility operator controls what information is shared with parents and guardians through the Service.

Childcarious is designed for use by adults. We do not knowingly collect personal information directly from children under 13. Children do not access the Service directly.

Child records entered into the platform are provided by authorized facility personnel or through parent/guardian accounts — not by the children themselves. In this relationship:

• The facility operator acts as the data controller for children’s records
• Childcarious acts as a data processor, handling data on behalf of the facility
• Facility operators are responsible for obtaining necessary parental consents before entering children’s information
• Parents and guardians may request access to, correction of, or deletion of their child’s data by contacting the facility operator directly

If we learn that we have inadvertently collected personal information directly from a child under 13 without proper consent, we will take steps to delete that information promptly.

We do not sell your personal data to third parties. We share data only in the following circumstances:

Service Providers

• Stripe — payment processing and subscription billing
• Mailgun — transactional email delivery (verification codes, receipts, notifications)
• Google reCAPTCHA Enterprise — fraud prevention and bot detection during registration
• Microsoft Azure — cloud hosting, data storage, and infrastructure

These providers process data on our behalf and are contractually obligated to protect your information in accordance with their respective privacy policies.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

Your data is hosted on Microsoft Azure cloud infrastructure located in the United States. We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Azure Key Vault for secrets and credential management
• Logical tenant isolation — each facility’s data is separated from other facilities
• Regular automated backups
• Access controls and authentication for all administrative operations

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

• Active accounts — your data is retained for as long as your subscription is active
• After cancellation — your data is retained for a reasonable period to allow you to request a copy, after which it is permanently deleted
• Billing records — retained as required by applicable tax and accounting regulations
• Usage logs — retained in aggregated, anonymized form for analytics purposes

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request that we delete your personal data, subject to legal retention requirements
• Export — request a copy of your data
• Restriction — request that we limit the processing of your data in certain circumstances
• Objection — object to the processing of your data for specific purposes

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Childcarious processes and stores data in the United States using Microsoft Azure infrastructure. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States.

We take appropriate safeguards to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

We use cookies and similar technologies for the following purposes:

• Essential cookies — required for authentication, session management, and security
• Analytics cookies — help us understand how the Service is used (aggregated data only)
• Preference cookies — remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through a notice on the Service.

The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]