← Kids WiseApp

Privacy Policy

Last updated: 4 June 2026

Draft scaffold — this document is a working draft pending solicitor review. The final, legally binding version will be published before public launch. If you need specific clarifications in the meantime, contact support@kidswiseapp.com.

Kids WiseApp Ltd. ("we", "us") provides a multi-tenant childcare management platform used by nurseries, after-school clubs, holiday programs, and individual childminders. We take the privacy of children, parents, and staff extremely seriously and process personal data only in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable safeguarding guidance from the ICO.

Who is the data controller?

For the personal data of parents and staff who register with a childcare provider on our platform, that provider (your nursery / after-school club / childminder) is the data controller. Kids WiseApp acts as the dataprocessor under a written Data Processing Agreement (DPA). For platform-wide account data (billing, support emails, the website you're reading right now), Kids WiseApp Ltd. is the controller.

What we collect

  • Account data: name, email, phone, role, organisation, password hash.
  • Children's data: name, date of birth, allergies, dietary needs, medical conditions, emergency contacts, school, transport requirements.
  • Operational data: bookings, attendance, sign-in/sign-out times, incident reports (including photos uploaded by staff), learning moments, billing transactions.
  • Communications data: messages between parents and staff, push notification subscriptions, email logs.
  • Technical data: IP address, browser fingerprint, device type, session timestamps (used for security, rate limiting, and audit logs).

Lawful bases for processing

  • Contract: to deliver the childcare services parents have signed up for and that providers offer.
  • Legitimate interest: to run the platform, prevent abuse, and improve the service (e.g. error monitoring, security audits).
  • Legal obligation: safeguarding incident reporting, Ofsted record-keeping requirements, tax/accounting records.
  • Consent: optional features such as analytics cookies, marketing emails, or photo-sharing on the parent app.

Children's data — special protections

Because the platform processes data about children under 13, we apply the following extra safeguards: photos uploaded to ID cards must be approved by a manager before going live; incident report photos use cryptographically-unguessable URLs and are only shared via authenticated APIs; communications between staff and parents are logged and tenant-scoped; no children's data is sold, profiled for advertising, or shared with third parties without your provider's instruction.

How long we keep data

  • Active account data: while the account is active + 30 days after deactivation.
  • Safeguarding incident records: 21 years (in line with childcare safeguarding guidance).
  • Financial / billing records: 7 years (HMRC).
  • Audit logs of admin actions: 2 years.
  • Marketing email logs: 1 year after last contact.

Your rights

You can ask us to:

  • access the personal data we hold about you (Subject Access Request)
  • correct inaccurate data
  • delete your data ("right to be forgotten") subject to safeguarding / legal retention obligations
  • restrict or object to processing
  • receive your data in a portable format
  • withdraw any consent you previously gave

To exercise any of these rights, email privacy@kidswiseapp.com or use the in-app "Delete my account" function on your profile page. We respond within 30 days.

Sub-processors we use

  • MongoDB Atlas (UK / EU region) — primary database.
  • IONOS S3 — object storage for media uploads.
  • Stripe — subscription billing (no card data ever touches our servers).
  • one.com — transactional email (sign-up confirmations, password resets, incident notifications).
  • Emergent — application hosting and content delivery.

All sub-processors are bound by a written DPA and process data only on our instructions.

International transfers

Our primary infrastructure is hosted in the UK / EU. Where any sub-processor processes data outside the UK, we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with appropriate supplementary measures.

Contact

Questions or complaints can be sent to privacy@kidswiseapp.com. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk), though we'd appreciate the chance to address your concerns first.