Privacy Policy
Last updated July 3, 2026
KinderFill provides enrollment marketing and tour-booking software and services to childcare centers. This policy explains what data we collect, how we use it, who we share it with, and the choices available to you — whether you are a childcare center using KinderFill or a parent whose information a center collected through us.
The two kinds of people this policy covers
Childcare centers (our customers). We collect your account information — name, email, phone, business name and address, and billing details — to operate your account and bill you.
Families (our customers' leads). When a parent submits an inquiry form, books a tour, or exchanges messages with a center through KinderFill, we store that information — name, phone, email, the child's age group, desired start date, and any notes the parent includes — on behalf of the center. The center controls this data; we process it under their instructions. Children's names and ages may appear when parents include them, and we treat all of it as sensitive.
How we use the data
We use it to operate the service: capture and route inquiries, schedule tours, deliver messages the center approves, compute the metrics on the center's dashboard, and produce reports. Our AI features (lead prioritization, drafted replies, summaries) process inquiry content to do their job; AI-drafted messages to families are reviewed by a human at the center before they are sent. We do not sell personal data, we do not share one customer's data with another, and we do not use family data to train AI models.
SMS & email consent
We record explicit consent — including the exact consent language shown and a timestamp — before any automated SMS or email is sent to a family, consistent with TCPA (US) and CASL (Canada) obligations. Every SMS supports STOP to opt out and every email includes an unsubscribe link. Opt-outs take effect immediately and are logged. Centers can review every consent record in their account.
Sharing & subprocessors
We share data only with the service providers required to run KinderFill: Vercel (hosting), Neon (database), Clerk (authentication), Stripe (payments), Resend (email delivery), Twilio (SMS delivery), and Anthropic (AI model inference). Each processes data only to provide their service to us and is bound by their own privacy and security commitments. We may also disclose data if required by law, in which case we will notify the affected customer unless legally prohibited.
Security & retention
Data is encrypted in transit (TLS) and at rest. Access inside KinderFill is least-privilege and tenant-isolated: no center can read another center's data, and administrative access to customer records is logged. We retain data for as long as the center's account is active; after account closure we delete it within 90 days, except minimal records we must keep for legal, billing, or security purposes.
Export & deletion
Centers can export everything in their account at any time and can request full deletion of their account and data. Parents can ask us — or the center — to delete their family's information; we honor those requests and instruct the center accordingly. To make either request, email support@kinderfill.com. We respond within 30 days.
Children's privacy
KinderFill is a business tool for childcare centers and is not directed at children. We do not knowingly collect information from children. Information about a child (age group, name in a note) is provided by their parent or guardian as part of an enrollment inquiry and is handled with the safeguards described above.
Changes & contact
If we make material changes to this policy we will notify customers by email and update the date above. Questions: support@kinderfill.com.