-
-
Billing, Invoicing Automation & Smart Finances
Automate payments, manage subsidies, and ensure financial accuracy with ease.
-
Communication & Engagement
Effortless communication between families and educators for instant updates, messages, collaboration, and conversations.
-
Child Development & Progress
Track, document, and celebrate every milestone in a child’s journey.
-
Waitlist, Forms & Attendance
Simplify enrolment, manage waitlists, and track attendance effortlessly.
-
Effortless Team Management
Streamline scheduling, performance tracking, and team communication.
-
Daily Updates That Matter
Keep families informed with real-time updates and daily reports.
-
-
-
Guides & Printables
Download ready-to-use templates and activity sheets for your childcare center.
-
Blogs
Stay updated with industry trends, expert advice, and childcare management tips.
-
Webinars
Join live sessions or watch on-demand webinars for in-depth guidance and tips.
-
Case Studies & Testimonials
See how childcare centers like yours achieved success with Parent.
-
FAQs
Find quick answers to the most common questions about Parent's features and services.
-
Help Center
Get step-by-step support with articles, guides, and troubleshooting resources.
-
Privacy Policy – Parent App
Last updated: September 2025
Parent app, Inc. (“Parent”, “we”, “us”, and/or “our”)
Parent helps childcare providers (the “Centers”) manage records, communication, billing and learning journeys for families and children. We are committed to protecting personal information and to transparency about how we collect, use, disclose, store and delete that information.
This Privacy Policy explains:
-
who we are and when we act as controller vs processor.
-
what personal information we collect and why.
-
how we share data and protect it.
-
your rights and how to exercise them.
If you have any questions, contact us at privacy@parent.app or via our in-app live chat support.
By using our website, applications, and services, you accept this Privacy Policy.
1. Who This Policy Applies To
This Policy applies to users in the European Economic Area (EEA), Canada, and other regions where Parent App operates. We comply with the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA).
It also applies to individuals whose data is processed by Parent App for its own business purposes, such as marketing, analytics, and support.
2. Controller / Processor roles
-
When a Center uses Parent App to manage families and children, the Center is the data controller for personal information it uploads or collects. Parent App acts as data processor.
-
When we process personal data for our own purposes (e.g., analytics, marketing), Parent App is the controller.
We document our role for each processing activity and reflect it in contracts with Centers and third parties. When acting as processor, we do not determine the purposes or means of processing — Centers are responsible for accuracy, lawfulness, and consent.
3. Legal Basis for Processing
We rely on one or more lawful grounds to process personal information:
-
Contractual necessity — to deliver platform services, manage accounts, communications, tuition payments.
-
Legitimate interests — product improvement, platform analytics, internal reporting.
-
Legal obligation — compliance with laws (e.g., tax, regulation).
-
Consent — for non-essential uses (cookies, optional marketing, some integrations).
Where consent is used it is freely given, specific, informed, and unambiguous; it can be withdrawn at any time. For PIPEDA we follow OPC guidance on meaningful consent.
4. What data we collect
We collect the minimum personal information necessary to provide services.
|
Category |
Examples |
Legal Basis |
|
Parent data |
Name, email, phone, profile photo |
Contract |
|
Child data |
Name, date of birth, allergies, learning records |
Contract / Legal Obligation |
|
Staff data |
Name, title, schedule, qualifications |
Contract |
|
Communication |
Messages, uploaded photos/videos |
Contract / Legitimate Interest |
|
Billing & payments |
Invoices, payment method, transaction logs (we do not store card PANs) |
Contract |
|
Device & usage |
IP address, browser, crash logs for diagnostics |
Legitimate Interest |
|
Cookies & analytics |
Usage metrics, preferences |
Consent |
|
AI-generated content |
Generated summaries using child name |
Legitimate Interest |
5. How we use personal data
We use personal data to:
-
Provide Parent platform services and manage user accounts
-
Communicate with families and staff (app notifications, SMS, email, WhatsApp if enabled by the Center)
-
Generate reports, logs, and documentation
-
Handle billing and financial operations
-
Improve app functionality (analytics, diagnostics).
-
Send marketing and product updates (with opt-out).
6. Sub-Processors & Third- Parties
We use third-party service providers (sub-processors) to run tools/features mandatory to platform functionality, while others are optional integrations enabled by the childcare center.
|
Tool |
Purpose |
Hosting / Legal Entity |
|
Intercom |
Customer support and in-app chat |
Intercom R&D Unlimited Company, Ireland – EU-hosted |
|
HubSpot |
CRM and marketing platform |
HubSpot Ireland Ltd., Dublin – EU-hosted |
|
OpenAI |
AI-generated content (ParentPilot) |
US – DPF Certified |
|
Instabug |
Bug/crash reporting |
US – SCCs used |
|
Firebase |
Push notifications |
Google, global infrastructure with SCCs |
|
Twilio |
SMS delivery for registration/reset |
US – DPF Certified |
|
|
Optional staff-parent communication |
Configured by center – Meta Platforms |
|
Gmail / Outlook |
Optional email channel |
Configured by center – Google / Microsoft |
|
WebinarGeek |
Marketing webinars |
EU |
|
Zoho Books / QuickBooks |
Optional accounting integration used by centers to sync transactions |
Center-controlled configuration – Zoho Corp / Intuit |
7. International Transfers
If data is transferred outside the EEA or Canada we rely on one or more of:
-
Adequacy decisions
-
Standard Contractual Clauses (SCCs) for transfers from the EEA
-
Data Privacy Framework (DPF) for certified U.S. vendors
We assess transfer risks, apply safeguards, and document assessments. For Canadian users, we disclose that data may be transferred to jurisdictions with different privacy protections, and we ensure appropriate contractual and technical safeguards.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including service delivery, operational needs, and legal compliance, in accordance with applicable privacy laws such as PIPEDA.
8.1 Module-Specific Retention Periods
Each module within the Parent platform has a defined default retention period. Centers may customize the retention period for each module within permitted maximums. Once the retention period expires, data is automatically deleted or anonymized, depending on the module and applicable legal requirements.
|
Module / Data Type |
Default Retention Period |
Maximum Period |
Action After Expiry |
|
Children – Status (e.g. sleep, toilet, trip) |
12 months |
12 months |
Deletion |
|
Children – Attendance |
60 months |
60 months |
Deletion |
|
Children – Schedules |
12 months |
12 months |
Deletion |
|
Children – Learning Items (observations, assessments) |
12 months |
12 months |
Deletion |
|
Staff – Status (bus, trip, meetings) |
12 months |
12 months |
Deletion |
|
Staff – Attendance |
60 months |
60 months |
Deletion |
|
Newsfeed Posts |
60 months |
60 months |
Deletion |
|
Notifications |
6 months |
6 months |
Deletion |
|
Holiday Feedback |
12 months |
12 months |
Deletion |
|
Surveys |
24 months |
24 months |
Deletion |
|
Calendar Events |
12 months |
12 months |
Deletion |
Centers can manage these retention periods through their Data Retention & Compliance Settings panel within the platform. Retention cannot exceed the stated maximums.
8.2 Withdrawn Children Data
For children who have been withdrawn from a Center, personally identifiable information will be anonymized automatically after the retention period configured by the Center. This helps ensure compliance with data minimization and privacy-by-design principles.
Centers that have previously enabled anonymization settings for withdrawn children will be automatically enrolled in the broader module-level retention system. They can review and adjust their configuration at any time.
8.3 Center Control and Rollout
Centers can configure their own retention periods for each module, within allowed limits.
No data will be deleted or anonymized until the defined retention period has expired, in accordance with each center’s settings.
8.4 Post-Termination Retention
If a Center’s agreement with Parent is terminated, platform data (e.g., children, staff, and parent users) will be retained for 6 months, unless longer retention is required by law or permitted by Center configuration. After that period, data will be deleted or anonymized.
8.5 Billing and Financial Records
Billing and financial data are retained for the period required by local tax and accounting regulations. This may extend beyond platform data retention periods.
8.6 Crash Reports and Diagnostics
Technical logs and crash reports (e.g., via Instabug) are retained only as long as necessary for platform diagnostics and troubleshooting, following vendor policy.
8.7 Marketing and Communication Data
Marketing and CRM data (e.g., via HubSpot) are retained until a user opts out, becomes inactive, or unless otherwise required by law. Users may unsubscribe at any time through platform preferences or provided links.
We regularly review retention schedules and delete or anonymize data when no longer needed.
9. Security Measures
We apply technical and organizational measures appropriate to the sensitivity of the data, including:
-
TLS 1.3 (or later) for data in transit
-
Role-based access control (RBAC) and least privilege for internal users
-
Multi-factor authentication (MFA) for admin access
-
Regular third-party security audits and penetration testing
-
Secure development practices and vulnerability management
-
Secure backup and recovery procedures.
We require sub-processors to meet minimum security standards and contractual obligations.
10. Data breaches & notifications
GDPR (EEA): We notify the supervisory authority within 72 hours if required, and affected individuals where applicable.
PIPEDA (Canada): If a breach poses a real risk of significant harm, we notify the Office of the Privacy Commissioner and affected individuals promptly
We document every breach (facts, effects, remedial action) and apply lessons learned to reduce recurrence.
11. Your Rights
You have rights under applicable law, subject to local exceptions:
-
Access — request a copy of your data.
-
Correction — fix inaccurate or incomplete data.
-
Deletion/erasure — request erasure where lawful.
-
Portability — receive data in machine-readable format.
-
Restriction / Object — limit or object to processing.
-
Withdraw consent — revoke consent at any time.
To exercise rights, contact privacy@parent.app or use in-app live chat. We will respond within 30 days.
12. Children’s Personal Information
We process children’s data only under Center instruction. Centers are responsible for obtaining parental consent and verifying it.
-
COPPA (US): Parental consent required for children under 13
-
GDPR (EEA): Consent required below age defined by Member State (usually 13–16)
Parent does not knowingly collect data directly from children.
13. Cookies and tracking
We use cookies and similar technologies for platform operation, analytics, and preferences. Users can manage preferences via our consent manager. See our parent.app/us/cookies-policy-website for details.
14. Changes to this Policy
We will publish updates on this page and revise the “Last updated” date. For material changes affecting Center data, we will notify Centers directly.
15. Privacy Officer (DPO)
Parent Childcare Management Solution Corp has appointed a Data Privacy Officer (DPO). The DPO is responsible for overseeing compliance with this Privacy Policy and all applicable data protection requirements, including those under PIPEDA in Canada. The DPO is available to address privacy-related concerns from individuals in Canada and other jurisdictions where Parent operates.
Contact Details:
Firas EL Bizri
For questions or concerns, contact privacy@parent.app