Privacy Policy

Last updated: June 21, 2026

1. Introduction

DayCare Desk ("we," "our," "us") is committed to protecting the privacy and security of children, parents, and childcare staff who use our platform. This Privacy Policy explains how we collect, use, and safeguard your information.

2. COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent. All child data is provided by parents or authorized childcare providers.

3. FERPA Compliance

We comply with the Family Educational Rights and Privacy Act (FERPA). Educational records and child development data are only accessible to authorized staff at your daycare and parents/guardians of the child.

4. Information We Collect

Child Information: Name, date of birth, age group, allergies, special needs, medical notes, immunization records
Parent/Guardian Information: Name, email, phone number, emergency contacts
Staff Information: Name, role, certifications, training records
Operational Data: Attendance logs, meal plans, activity records, compliance checklists
AI-Generated Content: Briefings, meal plans, lesson plans, incident reports (generated from your data)

5. How We Use Your Information

Provide daycare management services (attendance, billing, communication)
Generate AI-powered briefings, meal plans, and curriculum suggestions
Track compliance with Tennessee childcare licensing requirements
Send important notifications (attendance alerts, compliance deadlines)
Improve our services through aggregated, anonymized analytics

6. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Hosted on Supabase with SOC 2 Type II compliance
Row-level security ensures each daycare only sees their own data
AI API calls (OpenRouter) do not retain your data for training
Regular security audits and penetration testing

7. Third-Party Services

Supabase: Database hosting and authentication
OpenRouter: AI model access (data not retained for training)
Netlify: Website hosting and CDN
Resend: Transactional email delivery

8. Your Rights

Access: Request a copy of all data we hold about you or your child
Correction: Update or correct inaccurate information
Deletion: Request deletion of your data (subject to legal retention requirements)
Export: Download your data in a portable format
Withdraw Consent: Revoke parental consent at any time

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove all personal data within 30 days, except where required by law (e.g., attendance records may be retained for licensing compliance).

10. Children's Safety

We take children's safety seriously:

No advertising or tracking of children
No selling of child data to third parties
Parental consent required before collecting child information
Staff access is role-based and auditable
Incident reporting system for health and safety events

11. Contact Us

Privacy Questions: privacy@daycaredesk.app

Security Issues: security@daycaredesk.app

General Inquiries: hello@daycaredesk.app

Data Requests: Submit via your dashboard settings or email privacy@daycaredesk.app

12. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

13. Governing Law

This policy is governed by the laws of the State of Tennessee, USA.