• Identity and contact data: Parent/guardian name, mobile number, email address, address, emergency contacts, and child identity details required for admission and pickup authorization.
• Childcare and safety data: Attendance, allergy and medical alerts, vaccination declarations provided by parents, authorized pickup records, and incident logs.
• Financial and transaction data: Fee plans, invoices, payment references, and reconciliation metadata (we do not store raw card credentials on school systems).
• Portal and device data: Authentication logs, security events, device/browser metadata, and limited diagnostics to keep parent/admin access secure.
• Premises security data: CCTV footage in controlled zones for child safety and facility security, retained for a limited period unless required for an active investigation.

• Service delivery: To process admission requests, run classes, communicate schedules, and operate the parent portal.
• Child protection and health: To manage emergency contacts, medical alerts, pickup controls, and campus safety.
• Contract and billing: To issue invoices, confirm payments, and manage account status.
• Regulatory obligations: To maintain records required by competent education, health, taxation, or law-enforcement authorities.
• Security and abuse prevention: To detect unauthorized access, fraud, and operational misuse.

• Access control: Role-based access with least-privilege enforcement for teaching, admin, and operations functions.
• Encryption: Sensitive records are encrypted in transit and at rest. Confidential child/parent fields are protected with additional application-level controls.
• Authentication safeguards: Admin and parent flows use hardened session controls, cookie protections, OTP/passkey flows where enabled, and audit logging.
• Vendor controls: Service providers are bound by contractual data-protection obligations and are reviewed for security posture.
• Incident response: Security events are triaged with documented escalation, containment, and remediation procedures.

• Never sold: We do not sell or broker personal information, including children's data.
• Operational processors: We share limited data with vetted processors (for example, infrastructure, communications, and payment operations) strictly on documented instructions.
• Legal and safety disclosures: We may disclose data when required by law, court order, or urgent child-safety necessity.
• Business transfers: If institutional restructuring occurs, data transfer is subject to confidentiality and lawful-purpose continuity requirements.

• Enrollment lifecycle: Core student records are retained through active enrollment and for post-exit periods required by law or dispute-management needs.
• Security logs and CCTV: Retained for defined windows unless a legal hold or incident investigation requires longer preservation.
• Deletion standard: Once retention obligations expire, records are securely deleted, anonymized, or irreversibly de-identified.

• Parent authority model: We process child-related data based on parent/guardian authority and school safety obligations.
• Sensitive handling: Child identifiers, health notes, and pickup controls are handled with heightened access restrictions.
• Media controls: Photo/video processing for non-essential uses is governed by school consent settings and can be revised by parents where policy permits.
• No behavioral advertising: We do not run child-targeted ad profiling or cross-context behavioral advertising.

• Primary operational posture: Data is managed in controlled environments with access and processing governance defined by the school.
• Processor infrastructure: Some technology providers may process or store data in multiple jurisdictions under contractual safeguards.
• Transfer controls: Where cross-border handling is relevant, we apply contractual and technical controls aligned with applicable legal requirements.
• Lawful requests: Government or authority disclosures are limited to valid legal process and documented necessity.

• Purpose-specific notices: We provide clear notices at collection points for admissions, portal access, payments, and support channels.
• Consent discipline: Consent is requested where required and can be withdrawn for non-essential processing without affecting core safety operations.
• Contract and legal basis: Core childcare, billing, and compliance activities are processed on lawful grounds tied to service delivery and statutory obligations.
• Change management: If processing purpose materially changes, we update notice content, consent controls (where relevant), and effective-date versioning.

Cookies are small text files that are placed on your device (computer, mobile, or tablet) when you visit a website. They help the website remember your actions and preferences over time. Cookies may be set by us (first-party cookies) or by third-party services (third-party cookies). Similar technologies such as pixels, local storage, and tracking scripts may also be used for similar purposes.

• Keep the website functional
• Remember your preferences (like language or login)
• Improve performance and content
• Analyze usage and engagement
• Support educational tools and integrations
• Provide relevant content or limited advertising (if applicable)

• Essential / Functional Cookies: These cookies are necessary for the website to function properly. They enable core features such as user login and authentication, saving your preferences (language, settings), access to secure areas (e.g., student dashboards), and session management. These cookies cannot be disabled because the website depends on them to operate.
• Analytical Cookies: These cookies help us understand how visitors use our website so we can improve it. They collect information such as pages visited, time spent on the site, errors encountered, and general location (non-precise). Analytics tools may use cookies to distinguish users and measure engagement without directly identifying individuals.
• Performance Cookies: These cookies help improve how the website works by measuring load times, identifying technical issues, and optimizing content delivery.
• Advertising and Marketing Cookies: If applicable, these cookies are used to show relevant ads, limit how often you see the same advertisement, and measure the effectiveness of campaigns. They may also help prevent fraud and ensure fair ad reporting. Even if personalized ads are disabled, you may still see general ads based on factors like location or device type.
• Personalization Cookies: These cookies allow the website to provide customized educational content, recommend relevant courses or materials, and remember your preferences and past activity.

We may use third-party services (such as analytics providers, embedded tools, or educational platforms) that place cookies on your device. These third parties may collect device information, browser type, and interaction data. Each third party is responsible for its own privacy practices.

• Session cookies: Deleted when you close your browser
• Persistent cookies: Remain on your device for a set period or until deleted

• Change your browser settings to block or delete cookies
• Use cookie consent banners (if available on our site)
• Disable certain categories of cookies (except essential ones)
• View, delete, or block cookies from specific sites in your browser
• Manage advertising cookies through industry tools where available

• Access your data
• Request correction or deletion
• Withdraw consent for non-essential cookies
• Object to certain types of processing

We may update this Cookie Policy from time to time to reflect changes in legal requirements, updates to our services, or changes in how cookies are used. We encourage you to review this page periodically.

If you have any questions about our use of cookies or this policy, you can contact us at: compliance@ststephensdaycare.com

• Cookies help our educational website work properly
• Some cookies are essential, others help us improve or personalize content
• You can control most cookies through your browser
• We aim to use cookies responsibly and transparently