Privacy Policy
Last updated: July 2, 2026 · KiddoDesk is owned and operated by Turn Byte LLC · Contact: info@kiddodesk.com
This Privacy Policy explains how Turn Byte LLC ("we", "us") collects, uses, and protects information when you use KiddoDesk — our childcare management platform for providers, staff, and parents.
1. Information we collect
- Account data: your name and email address (used for magic-link sign-in).
- Child & family data entered by the childcare provider: child names, birthdates, photos, allergies, medical notes, emergency contacts, authorized pickup persons, immunization records, and daily care activity (attendance times, meals, naps, diapering, medication, incidents, photos, notes).
- Billing data: invoices, payment records, and subscription status. Card details are processed by Stripe and never touch our servers.
- Optional biometric data: if a parent explicitly opts in to face check-in, a numeric face template is stored with the consent timestamp. It can be deleted at any time and is never shared or sold.
- Device signals you enable: push-notification subscriptions, and — only when a parent turns on presence features — approximate location relative to the venue at check-in time.
2. How we use it
- To operate the service: check-in/out, daily reports to parents, messaging, invoicing, payments, and schedule reminders.
- To send service emails (sign-in links, invoices, closure reminders) and push notifications you opted into.
- To sync invoices/payments to accounting systems (QuickBooks, Zoho Books) only when the provider connects them.
We do not sell personal information, and we do not use children's data for advertising or profiling. Ever.
3. Children's privacy
Children's records are created and controlled by the childcare provider (with parental involvement), not collected directly from children. Providers are responsible for having parental consent to record their child's information. Parents may review their child's records through the parent portal and may request correction or deletion via their provider or by emailing us.
4. Sharing
- Within your circle: a child's data is visible only to their childcare provider's staff and the linked parents.
- Processors: hosting (Vercel), database/storage (Supabase), payments (Stripe), email delivery (Resend), and push delivery services — each only as needed to run the service.
- Legal: if required by law or to protect the safety of a child.
5. Security & retention
Data is encrypted in transit, access is scoped per workspace, credentials are stored hashed, check-in tokens are single-use and short-lived, and every sensitive action is audit-logged. We retain data while the provider's account is active; providers can delete records at any time, and deleting a workspace removes its data.
6. Your rights
Depending on your region (e.g. GDPR, CCPA, BIPA), you may have rights to access, correct, export, or delete your data, and to withdraw biometric consent. Email info@kiddodesk.com and we'll respond within 30 days.
7. Changes
We'll post updates here and notify providers of material changes by email before they take effect.