Privacy Policy

Effective Date: 10/21/2024

CareDay Solutions ("we," "us," "our", or “CareDay”) is committed to protecting the privacy and security of your personal information. This privacy policy (the “Privacy Policy”) constitutes an agreement between you and CareDay Solutions. This policy covers our treatment of personal information defined under applicable privacy laws (“Personal Information”) that we process when you are accessing or using CareDay’s websites, apps, platforms, or other online or offline offerings (the “Services”). 

1. Information We Collect

1.1 Account & Organization Information

We may collect information such as:

  • Organization name and program details

  • Authorized user names, email addresses, and login credentials (or authentication tokens)

  • Administrative contact information

  • Billing, subscription, and plan information

1.2 Child & Family Information (Customer Data)

Organizations may upload or store information in the Services (“Customer Data”), which may include:

  • Child and family demographic information

  • Parent/guardian and emergency contact information

  • Enrollment details, schedules, attendance, and check-in/out records

  • Health-related notes (e.g., allergies, dietary restrictions) as entered by the Organization

  • Photos, activity logs, developmental notes, and communications

  • Incident/accident reports and other records created by the Organization

Customer Data is controlled by the Organization. CareDay processes Customer Data only as described in this Privacy Policy and our agreements with the Organization.

1.3 System & Usage Data

When you access the Services, we may collect:

  • IP address and approximate location derived from IP

  • Device identifiers and browser type

  • Operating system and app version

  • Log data (e.g., access times, pages viewed, feature usage)

  • Performance and diagnostic information

1.4 Payment Information

Payment card and bank details are processed by third-party payment processors. CareDay does not store full payment card numbers. We may receive limited payment-related information (e.g., billing status, transaction identifiers) from our processors.

1.5 Communications

We collect information you provide when you contact us (e.g., support tickets, emails) or use messaging features within the Services.

2. How We Use Information

We use information to:

  • Provide, operate, maintain, and improve the Services

  • Create and manage accounts, roles, and permissions

  • Provide customer support and respond to requests

  • Process subscriptions, invoices, and payments

  • Send service-related communications (e.g., onboarding, product updates, security notices, billing notices)

  • Monitor and protect the security, integrity, and availability of the Services

  • Troubleshoot issues, perform analytics, and improve performance

  • Comply with legal obligations and enforce our agreements

We do not sell personal information.

3. Legal Bases for Processing (Where Required)

Where applicable, CareDay processes information under one or more of the following legal bases:

  • Performance of a contract

  • Legitimate interests (such as operating, securing, and improving the Services)

  • Compliance with legal obligations

  • Consent, where required by law

4. Customer Data Ownership and Roles

  • The Organization owns and controls its Customer Data.

  • CareDay acts as a service provider/processor to the Organization with respect to Customer Data.

  • CareDay does not use Customer Data for advertising or marketing.

  • CareDay does not determine the Organization’s purposes for collecting Customer Data.

  • CareDay discloses Customer Data only as needed to provide the Services, as directed by the Organization, or as required by law.

5. How We Share Information

5.1 Service Providers (Subprocessors)

We use trusted third-party vendors (“Service Providers”) to support the Services (for example, hosting, payment processing, analytics, communications, and customer support tools). Service Providers may process personal information only under our instructions and for the purpose of providing services to CareDay.

5.2 Legal, Safety, and Security

We may disclose information if we reasonably believe disclosure is necessary to:

  • Comply with law, regulation, or legal process

  • Protect the rights, safety, and security of CareDay, our users, or others

  • Prevent fraud, security incidents, or misuse of the Services

5.3 Business Transfers

If CareDay is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

6. Data Privacy, Security & Compliance

We maintain administrative, technical, and physical safeguards designed to protect information and Customer Data. These safeguards include, where applicable:

  • Encryption in transit

  • Secure storage practices

  • Role-based access controls

  • Audit logging

  • Regular security testing

  • Backups and disaster recovery measures

No system can be guaranteed 100% secure. Users are responsible for maintaining the confidentiality of their login credentials and for activity conducted through their accounts.

6.2 FERPA (Where Applicable)

CareDay is designed to support organizations in managing records in a way that may help them meet applicable privacy requirements, including FERPA where it applies. CareDay does not represent or warrant that use of the Services alone will ensure compliance.

CareDay will not disclose personally identifiable information (“PII”) from education records to third parties except as:

  • authorized in writing by the Organization,

  • necessary to provide the Services (including through approved Service Providers), or

  • otherwise permitted or required by applicable law.

6.3 Data Residency and Sovereignty

Customer Data is hosted in the United States. CareDay configures its hosting environment and Service Providers to store and process Customer Data in U.S.-based data centers.

CareDay does not intentionally transfer Customer Data outside the United States except:

  • as directed or authorized by the Organization, or

  • as required by applicable law.

7. Data Retention

We retain personal information and Customer Data only as long as necessary to:

  • provide and maintain the Services,

  • meet contractual obligations,

  • comply with legal requirements, and

  • resolve disputes and enforce agreements.

The Organization controls its Customer Data within the Services. Upon termination, Customer Data may be available to the Organization for export for a limited period, after which it may be deleted or de-identified in accordance with our retention practices, unless a longer retention period is required by law or agreed in writing.

8. Children’s Privacy

The Services are intended for use by licensed childcare organizations and their authorized staff. CareDay does not provide accounts directly to children.

CareDay processes child-related information only on behalf of Organizations and only to provide and support the Services. Organizations are responsible for obtaining any required parental/guardian permissions for collecting, using, and storing child information in the Services.

9. Your Privacy Rights

Depending on your location and applicable law, you or your Organization may have rights to:

  • access, correct, or update personal information,

  • request deletion,

  • export data,

  • restrict or object to processing, and/or

  • withdraw consent (where processing is based on consent).

Because CareDay generally processes Customer Data on behalf of Organizations, requests relating to Customer Data should be directed to the Organization administering the data. CareDay will assist Organizations with responding to requests as required by applicable law and our agreements.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • enable secure login and session management,

  • maintain user preferences,

  • monitor performance and reliability, and

  • understand usage patterns to improve the Services.

You can control cookies through your browser settings. Some features of the Services may not function properly if cookies are disabled.

11. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their policies before providing information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services or by other appropriate means. The “Effective Date” above indicates when this Privacy Policy was last updated.