Privacy Policy

Effective 2026-01-01

1. Information We Collect

Account info (name, email, role), center operational data (attendance, billing, messages, photos), and usage telemetry. We collect child information only on behalf of an authorized center.

2. How We Use Information

To provide and improve the Service, process payments, communicate with you, and comply with legal obligations. We do not sell personal data.

3. Children's Privacy (COPPA)

CIRCLETIME does not knowingly collect personal information directly from children under 13. Centers obtain verifiable parental consent and act as the data controller for all child records.

4. Sharing

We share data with subprocessors (hosting, payments, email, SMS) under contract, and with law enforcement only when legally required. A current list of subprocessors is available on request.

5. Security

Data is encrypted in transit (TLS 1.2+) and at rest. We enforce Row-Level Security, MFA for admins, and audit logging on sensitive operations.

6. Your Rights

You may request access, correction, export, or deletion of your personal data at any time by emailing privacy@educircletime.com. California (CCPA) and EU/UK (GDPR) residents have additional rights described in our DPA.

7. Retention

We retain center and child records for as long as your center is active, plus a regulatory grace period (typically 7 years for billing/compliance records).

8. International Transfers

Data is processed in the United States. EU/UK transfers rely on Standard Contractual Clauses.

9. Changes

We will notify you of material changes by email or in-app at least 30 days before they take effect.

10. Contact

CIRCLETIME Privacy Team — privacy@educircletime.com.

See also our Terms of Service and Data Processing Addendum.