Privacy Policy – Parent App

Last updated: September 2025

---

Parent ApS (“Parent”, “we”, “us”, and/or “our”) provides childcare management software and services to childcare centers, their staff, and families. This Privacy Policy explains how we collect, use, and protect personal data through our platform and associated services.

For any questions, contact us at privacy@parent.app or via our in-app live chat support.

 

---

1. Introduction

Parent App is a childcare management platform used by childcare providers (“Centers”) to manage records, communication, billing, and learning journeys for families and their children. This Privacy Policy outlines how we collect, use, store, and share personal data when we act as a Data Processor (on behalf of Centers) and as a Data Controller (for our own business purposes).

---

2. Who This Policy Applies To

• Parents and guardians using Parent App
• Children whose information is managed by the platform
• Staff employed by childcare centers
• Website visitors and marketing contacts
• Demo or webinar participants
  
  

  ---

3. Legal Basis for Processing

• Contractual necessity – e.g., managing accounts, communications, tuition payments
• Legitimate interests – e.g., analytics, product improvement, internal reporting
• Legal obligation – e.g., fraud prevention, tax compliance
• Consent – e.g., cookies, optional communication tools
  
  

  ---

4. Data We Collect

Category	Examples	Legal Basis
Parent data	Name, email, phone, profile image	Contract
Child data	Name, DOB, allergies, learning records	Contract / Legal Obligation
Staff data	Name, title, schedule, qualifications	Contract
Communication	Messages, uploaded media	Contract / Legitimate Interest
Billing	Invoices, payment method, transaction logs	Contract
Device & usage	IP address, browser, crash logs	Legitimate Interest
Cookies & analytics	Usage metrics, preferences	Consent
AI-generated content	Generated summaries using child name	Legitimate Interest

 

---

5. How We Use Personal Data

• To provide platform services and manage user accounts
• To communicate with staff and parents (via app, email, SMS, WhatsApp, etc.)
• To generate reports, logs, and documentation
• To handle billing and financial operations
• To improve app functionality (e.g., via crash logs, analytics)
• To send marketing emails and product updates (with opt-out)

---

6. Sub-Processors & Third-Party Tools

We work with trusted third-party service providers. Some tools are mandatory to platform functionality, while others are optional integrations enabled by the childcare center.

Tool	Purpose	Hosting/Legal Entity
Intercom	Customer support and in-app chat	Intercom R&D Unlimited Company, Ireland – EU-hosted
HubSpot	CRM and marketing platform	HubSpot Ireland Ltd., Dublin – EU-hosted
OpenAI	AI-generated content (ParentPilot)	US – DPF Certified
Instabug	Bug/crash reporting	US – SCCs used
Firebase	Push notifications	Google, global infrastructure with SCCs
Twilio	SMS delivery for registration/reset	US – DPF Certified
WhatsApp	Optional staff-parent communication	Configured by center – Meta Platforms
Gmail / Outlook	Optional email channel	Configured by center – Google / Microsoft
WebinarGeek	Marketing webinars	EU
Zoho Books / QuickBooks	Optional accounting integration used by centers to sync transactions	Center-controlled configuration – Zoho Corp / Intuit
Stripe	Payment processing and subscription billing services	Stripe, Inc., United States – DPF Certified & SCCs applied

 

 

---

7. International Transfers

Personal data may be transferred outside the EEA, depending on the location and configuration of third-party vendors. When this occurs, we rely on:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• U.S.-EU Data Privacy Framework (for certified U.S. vendors)

Some vendors, such as Intercom and HubSpot, operate with EU-hosted data centers, minimizing international transfers.

---

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including service delivery, operational needs, and legal compliance.

8.1 Module-Specific Retention Periods

Each module within the Parent platform has a defined default retention period. Centers may customize the duration per module, within permitted maximums. Once the retention period expires, data is either permanently deleted or anonymized, depending on the module and applicable legal requirements.

Centers can manage these retention periods through their Data Retention & Compliance Settings panel in the platform. Retention cannot exceed the stated maximums.

8.2 Withdrawn Children Data

For children marked as withdrawn from a center, personally identifiable information will be automatically anonymized based on the center’s configured retention period. This ensures compliance with data minimization and privacy-by-design principles. Non-identifying information used for reporting may be retained.

Centers that have already enabled anonymization settings for withdrawn children will be automatically enrolled in the broader module-level data retention system, with the ability to review and adjust their configuration.

8.3 Center Control and Rollout

Centers can fully manage their retention rules through platform settings.

No data will be deleted or anonymized until the defined retention period has expired, in accordance with each center’s settings.

8.4 Post-Termination Retention

If a center’s contract with Parent is terminated, all platform data (children, staff, parents) will be retained for 6 months unless local laws or retention settings require otherwise. After this period, data will be deleted or anonymized based on the applicable rules.

8.5 Billing and Financial Records

Billing and financial data are retained for the period required by local tax and accounting regulations. This may extend beyond platform data retention periods.

8.6 Crash Reports and Diagnostics

Technical logs and crash reports (e.g., via Instabug) are retained only as long as necessary for platform diagnostics and troubleshooting, following vendor policy.

8.7 Marketing and Communication Data

Marketing and CRM data (e.g., via HubSpot) are retained until a user opts out, becomes inactive, or unless otherwise required by law. Users may unsubscribe at any time through platform preferences or provided links.

---

9. Security Measures

We apply technical and organizational safeguards:

• TLS 1.3 encryption for data in transit
• Role-based access control (RBAC) for internal users
• Regular third-party security audits and penetration testing
• Secure authentication and backup procedures

---

10. Your Rights

You may:

• Access or correct your data
• Delete your account or data
• Object to certain uses
• Withdraw consent
• Request data portability

To exercise these rights, contact us at privacy@parent.app or via our in-app live chat support. We will respond within 30 days.

---

11. Children’s Data

We process data about children only as instructed by childcare centers. We rely on those centers to obtain verified parental consent, particularly when handling data of children under 13 (as required by COPPA).

---

12. Cookies

We use cookies to analyze traffic, personalize content, and improve functionality. A separate, detailed Cookies Policy is available at parent.app/cookies-policy-website, where users can manage their preferences via a consent manager.

 

---

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we’ll post the new version on our website with the “Last Updated” date and notify users via app banners, email, or center communication.

For questions or concerns, contact privacy@parent.app.