Privacy Policy

1. Introduction

Welcome to Hilltop Daycare ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of the children in our care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our daycare management platform.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Parent/Guardian Information: Name, email address, phone number, home address, and emergency contact information
• Child Information: Name, date of birth, medical information, allergies, dietary requirements, and developmental notes
• Family Information: Family structure, household members, and authorized pickup persons
• Account Information: Username, password (encrypted), and account preferences
• Documents: Medical records, consent forms, emergency contact forms, and enrollment documents

2.2 Usage Information

We automatically collect certain information when you use our platform:

• Log data (IP address, browser type, access times)
• Device information (device type, operating system)
• Cookies and similar tracking technologies
• Audit logs of actions performed on the platform

3. How We Use Your Information

We use the collected information for the following purposes:

• Childcare Services: To provide and manage daycare services for enrolled children
• Communication: To communicate with parents/guardians about their children, schedules, and daycare operations
• Safety & Compliance: To ensure the safety and wellbeing of children and comply with applicable regulations
• Record Keeping: To maintain accurate records as required by law and best practices
• Platform Improvement: To improve our services, troubleshoot issues, and enhance user experience
• Security: To detect, prevent, and address technical issues and security threats
• Legal Obligations: To comply with legal requirements and respond to lawful requests

4. Data Protection & Security

We implement robust security measures to protect your personal information:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Role-based access controls ensure only authorized personnel can access sensitive data
• Authentication: Secure password requirements and authentication mechanisms
• Audit Logging: Comprehensive logging of all data access and modifications
• Regular Backups: Automated backups to prevent data loss
• Third-Party Security: We use industry-leading secure infrastructure (Supabase, Vercel)

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With trusted third-party service providers who assist in operating our platform (e.g., hosting, email services) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government request
• Child Safety: When necessary to protect the safety, rights, or property of children in our care
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notification to affected parties)

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can request access to your personal information
• Correction: You can request corrections to inaccurate or incomplete data
• Deletion: You can request deletion of your data (Right to Erasure under GDPR)
• Data Portability: You can request a copy of your data in a portable format
• Objection: You can object to certain data processing activities
• Restrict Processing: You can request restriction of data processing in certain circumstances
• Withdraw Consent: You can withdraw consent for data processing at any time

To exercise these rights, please contact us using the contact information provided below. We will respond to your request within 30 days.

7. Children's Privacy (COPPA Compliance)

Our services are designed for use by parents/guardians, not children. We comply with the Children's Online Privacy Protection Act (COPPA):

• We collect children's information only from parents/guardians who have enrolled their children
• Parents/guardians provide verifiable consent before any child information is collected
• We collect only the minimum necessary information required for childcare services
• Parents/guardians can review, modify, or delete their children's information at any time
• Children do not have direct access to the platform

8. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Active account data is retained while your account is active
• After account deletion, most personal data is immediately removed from our systems
• Certain records may be retained for legal compliance (e.g., 7 years for tax/financial records)
• Anonymized data may be retained for statistical and analytical purposes
• Audit logs may be retained for security and compliance purposes

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze platform usage and improve our services
• Enhance security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

10. Third-Party Services

Our platform uses the following third-party services:

• Supabase: Database and authentication services
• Vercel: Hosting and deployment
• Resend: Email delivery services
• UploadThing: File storage and CDN services

These services have their own privacy policies and we encourage you to review them. We select service providers that meet high standards for data protection and security.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: