Privacy Policy

KinderSurf Inc. ("KinderSurf", "we", "us", or "our") is committed to protecting the personal information of the individuals who use our platform. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

By using KinderSurf, you consent to the collection and use of your information as described in this Policy.

1. Information we collect

We collect information in the following ways:

Information you provide directly

• Account registration details: name, email address, password, and role (parent or daycare owner)
• Child profiles: name, date of birth, age group, special needs information, and preferred start date
• Daycare listings: business name, address, licence number, operating hours, photos, and services
• Payment information: processed and stored securely by Stripe — we do not store card numbers on our servers
• Communications: messages sent through the platform, support requests, and review content

Information collected automatically

• Usage data: pages visited, search queries, waitlists viewed, and features used
• Device information: browser type, operating system, and IP address
• Cookies and similar technologies: session cookies required for authentication, and functional cookies to remember your preferences

2. How we use your information

We use the information we collect to:

• Create and manage your account
• Enable waitlist management, spot offers, tour scheduling, and parent-owner communication
• Process payments and send receipts
• Send transactional notifications such as position updates, spot offers, and tour confirmations
• Verify daycare licences and maintain the integrity of listings
• Detect and prevent fraud, abuse, and security incidents
• Improve the platform through aggregated, anonymised analytics
• Comply with legal obligations

We do not use your personal information for advertising or sell your data to third parties. If you opt in to marketing communications during registration, you may receive product updates and announcements from us. You can unsubscribe at any time.

3. Children's information

KinderSurf is used by parents and guardians to manage childcare applications on behalf of their children. We collect information about children only as provided by their parent or guardian. We do not knowingly collect personal information directly from children. All child profile information is treated with additional care and is not shared with any party other than the daycare the family has applied to.

4. How we share your information

We share personal information only in the following limited circumstances:

• With daycare owners: When a parent joins a daycare's waitlist, the daycare owner can see the parent's name, contact information, and child details relevant to the application.
• With parents: When a daycare owner offers a spot or sends a message, the parent receives the relevant information.
• Service providers: We use trusted third-party providers including Stripe (payments), Supabase (database hosting), and Resend (email delivery). These providers process data on our behalf under strict data processing agreements.
• Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of KinderSurf, our users, or the public.

5. Data storage and security

Your data is stored on servers located in Canada (Supabase, AWS Canada Central region). We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and access controls to protect your personal information.

No method of transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If we become aware of a data breach that poses a significant risk of harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by law.

6. Cookies

We use cookies to keep you signed in and remember your preferences. We do not use advertising or tracking cookies. The types of cookies we use are:

• Essential cookies: Required for authentication and basic platform functionality. Cannot be disabled without affecting your ability to use the platform.
• Functional cookies: Used to remember your preferences such as cookie consent. You can decline these through the cookie banner without losing core functionality.

You can manage cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

7. Data retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 90 days, except where we are required to retain it for legal, financial, or dispute resolution purposes. Waitlist payment records are retained for 7 years for tax and audit compliance.

8. Your rights

Under PIPEDA and applicable provincial law, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Withdraw consent to non-essential uses of your information (noting that some withdrawals may affect platform functionality)
• Request deletion of your account and personal information, subject to our retention obligations
• Lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

To exercise any of these rights, contact us at privacy@kindersurf.ca. We will respond within 30 days.

9. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify registered users by email. Your continued use of KinderSurf after any change constitutes acceptance of the updated Policy.

10. Contact our Privacy Officer

For any privacy-related questions or concerns, please contact our Privacy Officer at privacy@kindersurf.ca or through our contact page.