Privacy Policy

Last updated: 27 May 2026. ChildLogs is registered with the Information Commissioner's Office (ICO).

1. Who we are and our role

ChildLogs is operated by Kieran Oldfield as a sole trader. For account administration, billing, website operation, security, support, and our own business records, ChildLogs is normally the data controller.

For childcare records entered by providers, including child profiles, daily logs, attendance, incidents, documents, visitor records, and parent access, the provider is normally the data controller and ChildLogs acts as a processor. Providers decide what data to enter, why it is processed, who should access it, and how long they need to keep it.

2. What data we collect

We may collect provider account details, setting details, staff access records, parent contact details, child profile information, emergency contact details, attendance logs, care logs, food and temperature records, nappy records, sleep records, medication records, observations, incident and injury records, daily summaries, comments, uploaded photos and files, document assignments, agreement completion records, drawn signatures, visitor log records, invoices, billing records, and technical usage data required to operate and secure the service.

Some records may include sensitive information, including health-related information such as allergies, medication, incidents, injuries, toileting, sleep, wellbeing, and medical notes. Under UK GDPR, health data can be special category data and needs extra care.

3. Why we process data

We process data to provide the service, authenticate users, store and display childcare records, support parent access, send account and record notifications, process document acknowledgements, maintain visitor logs, manage billing and invoice payments, secure accounts, troubleshoot issues, prevent misuse, support providers, improve reliability, and meet legal or regulatory obligations where applicable.

4. Legal bases

Depending on the context, processing may be carried out because it is necessary for contract performance, compliance with legal obligations, legitimate interests in running and securing the service, or consent where consent is specifically required.

Where providers use ChildLogs to process child records, parent records, staff records, visitor records, or special category data, providers are responsible for identifying their own lawful basis and any additional UK GDPR condition that applies to that processing.

5. Child data and parent access

Providers are responsible for ensuring they have a lawful basis and appropriate authority to upload, store, and share child-related data through the service. We do not independently verify that every provider has obtained all required notices, permissions, or consents.

Parent access is created and managed by provider users. If a parent believes they have been given incorrect or inappropriate access, they should contact the provider directly and notify us as soon as possible.

6. Documents, signatures, and visitor logs

Agreement and policy features may store uploaded PDF documents, document version history, assignment records, declaration text, typed names, drawn signature image data, signing timestamps, IP addresses, and user-agent details. These details are kept to help providers evidence document access and completion.

Visitor log features may store visitor names, organisations, visit purposes, host names, contact details, vehicle registrations, typed names, drawn signature image data, declaration text, IP addresses, user-agent details, arrival and sign-out times, approval details, and provider notes.

7. Storage, hosting, and uploaded files

ChildLogs uses third-party hosting, database, email, payment, and storage providers to operate the service. Uploaded files such as child photos, setting photos, parent or emergency contact photos, daily summary attachments, and document PDFs may be stored using configured file storage, including S3-compatible object storage. Drawn signatures are stored with the relevant agreement or visitor record as signature image data rather than being treated as separate public image files.

Access to uploaded files is intended to be limited to authorised users and service processes. Some document files may be served through short-lived signed storage URLs so authorised users can view or download them.

In practice, this may include infrastructure controlled by ChildLogs, S3-compatible object storage such as Hetzner object storage where configured, SMTP or email-delivery infrastructure used to send account messages and notifications, browser or vendor push infrastructure used to deliver web push notifications, and Stripe for subscription billing and invoice-payment related records.

8. Who we share data with

We may share data with service providers who help us operate the platform, such as hosting, database hosting, object storage, email delivery, web push delivery, payment processing, security, and infrastructure providers. We do not sell personal data.

Payment and invoicing features may involve Stripe, including Stripe Checkout, billing portals, connected account onboarding, hosted invoice pages, payment status updates, customer records, invoices, payment links, and related webhooks.

9. Security

We use technical and organisational measures intended to protect data, but no online service can be guaranteed to be completely secure. Users are responsible for maintaining password security and limiting access to authorised staff and family members only.

10. Retention

We retain data for as long as reasonably necessary to operate the service, meet contractual and legal obligations, resolve disputes, enforce terms, and maintain system integrity. Providers remain responsible for any statutory retention obligations that apply to their childcare records.

Some audit-style records, such as document completions, visitor sign-ins, invoice events, voided care records, and record history, may be retained to preserve record integrity, evidence actions, and support safeguarding, billing, or dispute handling.

11. International transfers

Depending on the infrastructure used to operate the service, data may be processed or stored outside your home jurisdiction. Where required, we aim to use appropriate contractual or technical safeguards for those transfers.

This may be relevant in particular where services such as Stripe process data internationally. Where a restricted transfer is not covered by adequacy regulations, we aim to rely on an appropriate safeguard such as the UK International Data Transfer Agreement, the UK Addendum, or another lawful transfer mechanism. If you need more detail about the safeguards relevant to a particular service relationship, contact info@childlogs.com.

12. Your rights

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent where consent is the legal basis. Some rights may be limited where data must be retained for legal, safeguarding, billing, or record integrity reasons.

If your request relates to records held by a childcare provider, we may need to refer the request to that provider because they normally control those records. You also have the right to complain to the ICO if you are unhappy with how your personal data is handled. ICO information is available at ico.org.uk.

13. Cookies, notifications, and technical logs

We use essential cookies and technical logs necessary for login, account security, navigation, push notification subscriptions, install preferences, and service reliability. These may include session cookies, authentication cookies, device/browser details, IP addresses, and related technical records required for the core operation of the service.

ChildLogs does not currently use optional third-party marketing or measurement cookies. If that changes in future, we may update this policy and any related cookie notices accordingly.

14. No solely automated decisions about children

ChildLogs is not intended to make solely automated decisions about children that have legal or similarly significant effects. Providers remain responsible for human review, judgement, and action when using records in the service.

15. Changes to this policy

We may update this policy from time to time. Continued use of the service after changes take effect means the updated policy will apply from that point onward.

16. Contact

If you need help with privacy questions, account issues, or access concerns, email info@childlogs.com.

ChildLogs was built by KOWD. You can also contact KOWD on WhatsApp.