Privacy Policy

Last updated: April 2026 · Version 1.0

1. Introduction

This Privacy Policy explains how Koios Innovations Ltd (company number 17186461), trading as nursery.click ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use the nursery.click platform, including our website at nursery.click and our mobile applications ("nursery.click Parents" and "nursery.click").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

For personal data processed through the platform, the nursery or childcare provider ("Customer") is the data controller. Koios Innovations Ltd (company number 17186461), trading as nursery.click, acts as a data processor on behalf of the Customer. Our registered office is at 82a James Carter Road, Mildenhall, United Kingdom, IP28 7DE. For data relating to account management and billing, nursery.click is the data controller.

3. What Data We Collect

We collect and process the following categories of personal data:

  • Account information: name, email address, and role (staff or parent) provided during registration.
  • Child information: name, date of birth, age group, and attendance records entered by nursery staff.
  • Family information: parent/guardian names, contact details, and family relationships entered by nursery staff.
  • Booking and session data: session bookings, schedules, and attendance history.
  • Financial data: invoice records, payment history, and funding entitlement information. Payment card details are processed by Stripe and never stored on our servers.
  • Messages: communications between parents and nursery staff sent through the platform.
  • Device information: device type, operating system, and push notification tokens when using our mobile apps.
  • Usage data: login timestamps and feature usage for service improvement.

4. How We Use Your Data

We process personal data for the following purposes:

  • Providing and operating the nursery management platform
  • Enabling communication between parents and nursery staff
  • Processing bookings, attendance, and invoicing
  • Sending push notifications for attendance updates, messages, and booking confirmations
  • Managing user accounts and authentication
  • Providing customer support
  • Improving the platform based on usage patterns

5. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract: processing necessary to provide the platform services under our terms of service.
  • Legitimate interests: improving the platform, preventing fraud, and ensuring security.
  • Consent: sending push notifications (you can opt out at any time via app settings or notification preferences).
  • Legal obligation: retaining financial records as required by law.

6. Push Notifications

Our mobile apps may send push notifications for attendance updates, new messages, booking confirmations, and other nursery-related events. Push notification payloads contain only notification type and reference identifiers — never personal information, message content, or sensitive data.

You can manage notification preferences within the app settings or disable notifications entirely through your device settings.

7. Biometric Data

Our mobile apps support biometric authentication (Face ID, Touch ID, fingerprint). Biometric data is processed entirely on your device by the operating system and is never transmitted to or stored on our servers. We only receive a confirmation that authentication succeeded.

8. Data Sharing

We do not sell your personal data. We share data only with:

  • Amazon Web Services (AWS): our hosting and infrastructure provider, processing data under a data processing agreement.
  • Stripe: for payment processing. Stripe processes payment card details directly and is PCI DSS compliant.
  • Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM): for delivering push notifications to your device. Only device tokens and notification metadata are shared.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest (AES-256)
  • Access controls and role-based permissions
  • Multi-tenancy isolation ensuring nurseries cannot access each other's data
  • Regular security reviews
  • Secure credential storage using platform-native keystores on mobile devices

10. Data Retention

We retain personal data for as long as the nursery's account is active. Upon account deletion, all personal data (children, families, staff, attendance records) is permanently deleted within 30 days. Financial records and invoices are retained as required by law.

11. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact your nursery (as data controller) or email us at support@nursery.click.

12. Children's Privacy

The platform stores information about children as entered by nursery staff and parents. This data is managed by the nursery (data controller) in accordance with their safeguarding and data protection obligations. The apps are not intended for use by children.

13. International Transfers

Your data is processed and stored within the United Kingdom and European Economic Area. We do not transfer personal data outside these regions unless required by our infrastructure providers, in which case appropriate safeguards (such as Standard Contractual Clauses) are in place.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact

For questions about this Privacy Policy or our data practices, please contact us at support@nursery.click.