Legal

Privacy Policy

Last updated: May 16, 2026

At CentreCareOS, we understand that you are entrusting us with sensitive information about children, families, and your childcare business. This Privacy Policy explains how we collect, use, protect, and share your information when you use our childcare management platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Childcare center name and address
  • Contact information (name, email, phone number)
  • Billing information (processed securely through Stripe or Paystack, depending on region)
  • Business identification numbers (EIN, business registration)
  • Country of operation

1.2 Child and Family Information

To provide our services, childcare centers may enter:

  • Children's names, dates of birth, and photos
  • Parent/guardian names and contact information
  • Emergency contact information
  • Medical information, allergies, and special needs
  • Authorized pickup persons
  • Attendance records and daily activity logs
  • Incident reports, forms, signatures, admissions, waitlist, and tour information
  • Messages, attachments, voice notes, and other communications sent through the Service

1.3 Staff Information

Childcare centers may enter staff information including:

  • Employee names, contact information, and photos
  • Work schedules and time records
  • Qualifications and training records
  • Room/classroom assignments
  • Timecards, time-off requests, and calendar information

1.4 Usage Information

We automatically collect:

  • Device information (browser type, operating system)
  • IP address and general location
  • Pages visited and features used
  • Date and time of access
  • Authentication, session, audit log, API key, and security event information

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Enable attendance tracking, billing, communication, reporting, forms, media sharing, and all platform features
  • Process Payments: Facilitate subscription billing, parent payment processing, settlement, and payment account setup
  • Communicate: Send service updates, support responses, and important notifications
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with Laws: Meet legal obligations and respond to lawful requests

3. Information Sharing

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or the information of children in your care to third parties for marketing or advertising purposes.

3.2 Service Providers

We share information with trusted service providers who help us operate the Service:

  • Convex: Primary application backend, database, and real-time data services
  • Clerk: Authentication and identity management
  • Stripe: Payment processing, subscription billing, and connected account payments
  • Paystack: Payment processing and subaccount settlement for supported African markets
  • Vercel: Cloud hosting and infrastructure
  • Vercel Blob: File and media storage
  • Resend: Email delivery
  • Expo: Mobile push notification delivery
  • Pusher: Legacy and compatibility real-time event delivery for certain REST, admin, support, public chat, or typing indicator flows where still enabled
  • Vercel Analytics: Product and site analytics

These providers are contractually bound to protect your information and use it only to provide services to us.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of CentreCareOS, our users, or others.

3.4 With Your Consent

We may share information with your explicit consent, such as when childcare centers share daily reports or photos with parents through the platform.

4. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data is protected in transit and at rest using encryption provided by our application and infrastructure providers
  • Access Controls: Role-based permissions ensure users only access authorized data
  • Secure Infrastructure: Hosted on reputable cloud infrastructure with provider security controls
  • Credential Security: Authentication is handled through secure identity systems, and platform-managed credentials or PINs are stored using one-way hashing where applicable
  • Session Management: Secure, HTTP-only cookies with automatic expiration
  • Monitoring and Review: Security logging, operational review, and vulnerability remediation practices

5. Children's Privacy

CentreCareOS takes children's privacy extremely seriously. The Service is designed for use by adults and childcare organizations, and we support compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulations in other jurisdictions.

  • Children's information is collected and managed by childcare centers, not directly from children
  • Parents can view, update, or request deletion of their child's information through their childcare center
  • Children's photos, reports, messages, and information are only shared with authorized parents/guardians, staff, and school administrators
  • We do not use children's information for advertising or marketing purposes

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

  • Active Accounts: Data is retained while your subscription is active
  • After Cancellation: You generally have 30 days to export your data after account closure
  • Deletion: Data is deleted or de-identified after account closure unless retention is needed for legal, security, billing, audit, backup, or dispute purposes
  • Legal Requirements: Some data may be retained longer if required by law

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Export: Export your data in a portable format
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@centrecareos.com or use the available account export, profile, and settings features.

8. International Data Transfers

CentreCareOS is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics: Understand how users interact with the Service (Vercel Analytics)

We do not use advertising cookies or third-party tracking for marketing purposes.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Your continued use of the Service after such notice constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

CentreCareOS Privacy Team

Email: privacy@centrecareos.com

Support: support@centrecareos.com

13. Specific Regional Provisions

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale or sharing of personal information. As stated above, we do not sell personal information.

European Economic Area (GDPR)

If you are in the EEA, our legal basis for processing your information includes: performance of our contract with you, compliance with legal obligations, and our legitimate interests in operating and improving the Service. You have the right to lodge a complaint with your local supervisory authority.