Privacy Policy

Effective date: June 13, 2026

Template — review before launch. This document is a good-faith starting point tailored to CapyKids, not legal advice. Have counsel review and finalize it (entity name, governing law, contact details) before relying on it in production.

Overview

CapyKids provides software that daycares use to manage attendance, messaging, billing, and family communication. This policy explains what information we collect, how we use it, and the choices available to you. For information that daycares submit about the children and families they serve, the daycare (the “Organization”) is the controller of that information and CapyKids acts as a service provider processing it on the Organization’s behalf.

Information we collect

  • Account information: name, email, role, and the organization you belong to.
  • Family and child information submitted by daycares or parents: child names, dates of birth, classroom assignment, emergency contacts, authorized pickups, allergies and medical notes, attendance records, and daily-note content.
  • Photos: only where photo consent has been recorded for the child; consent can be revoked at any time.
  • Messages and announcements exchanged within an organization.
  • Billing information: processed by Stripe. We store limited records such as the last four digits, card brand, subscription and invoice status — never full card or bank account numbers.
  • Device and usage information: push notification tokens, approximate location captured at check-in (when permitted), and diagnostic/error data.

How we use information

  • To provide, secure, and support the Service.
  • To enforce tenant isolation so each organization only sees its own data.
  • To process payments and manage subscriptions through Stripe.
  • To send transactional email (via Resend) and push notifications (via Expo) that you or your organization have enabled.
  • To monitor reliability and diagnose errors (via Sentry).
  • To comply with legal obligations and enforce our Terms.

We do not sell personal information, and we do not use children’s information for advertising or to build advertising profiles.

Children’s privacy

Children’s information is collected and used solely to deliver childcare-management functions for the Organization — for example, attendance, daily notes, and parent communication. Organizations are responsible for obtaining any parental consent required by law (including COPPA where applicable) before submitting a child’s information or capturing photos. Photo features will not function for a child unless consent has been recorded, and a parent or guardian may revoke consent at any time, after which new photos are blocked. Parents may request access to or deletion of their child’s information through their daycare.

Service providers (subprocessors)

We share information with vendors who process it on our behalf under contractual confidentiality and security obligations:

  • Supabase — application database, authentication, and file storage.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Expo — push notification delivery.
  • Sentry — error and performance monitoring.
  • Vercel — application hosting.

Data retention

We retain Customer Data for as long as the Organization’s account is active or as needed to provide the Service. Some records are removed sooner — for example, abandoned waitlist applications and the personal details of waitlist entries that are withdrawn, declined, or refunded are scrubbed. When an Organization terminates, we delete or de-identify Customer Data within a reasonable period unless retention is required by law.

Security

We use industry-standard safeguards, including encryption in transit, row-level security for tenant isolation, scoped access by role, signed time-limited URLs for sensitive files, and audit logging of sensitive actions. No method of transmission or storage is completely secure, but we work continuously to protect your information.

Your choices

  • Update your profile information from within the app.
  • Manage push and email notification preferences in your settings.
  • Parents can grant or revoke photo consent at any time.
  • Request access to or deletion of personal information by contacting your daycare or us.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by email and update the effective date above.

Contact

For privacy questions or requests, contact privacy@capykids.com.