LinkidsLinkids

Privacy Policy

Last updated: 25 June 2026

1. Who we are and our role

Linkids ("we", "our", "us") is a kindergarten communication and management platform available at linkids.co and app.linkids.co.

For the children's and families' personal data held in the platform, the kindergarten that uses Linkids is the data controller — it decides what data is entered and how it is used. Linkids acts as a data processor, processing that data only on the kindergarten's documented instructions. If you are a parent or guardian, your kindergarten is your first point of contact for any question about your data or to exercise your rights (see section 7).

Linkids is the controller only for the limited data needed to run the platform itself — the account you log in with, billing details, and security logs.

Platform contact: privacy@linkids.co

2. What data we collect

We collect only the data necessary to operate the platform:

  • Account data: name, email address, role (admin, teacher, parent).
  • Child data: first name, last name, date of birth, class, emergency contact, dietary notes, GDPR media consent flag. Entered by authorised kindergarten staff.
  • Daily log data: sleep times, meal portions, toilet events, activity records. Entered by teachers.
  • Usage data: anonymised access logs for security and performance monitoring.
  • Media (when enabled): photos and videos uploaded by staff, subject to individual child consent flags.

3. Legal basis for processing

We process personal data under the following GDPR lawful bases:

  • Contract: to provide the service to kindergartens and their staff.
  • Legitimate interests: security, fraud prevention, service improvement.
  • Consent: media sharing of children's images (opt-in per child).

4. How we use your data

  • Providing and maintaining the Linkids platform.
  • Sending transactional emails (invitations, notifications) via Amazon SES.
  • Error tracking and performance monitoring via Sentry.
  • Parsing free-text food menus into structured menus via Google Gemini, when staff use that optional feature.
  • We do not sell, rent, or share your data with third parties for marketing.

5. Data storage and transfers

Application data is stored in the European Union (Frankfurt, Germany) using Supabase (PostgreSQL). We use the following sub-processors: Supabase (hosting/database, EU), Vercel (application hosting), Amazon SES (transactional email, EU / Frankfurt), Upstash (Redis cache for rate-limiting and abuse prevention, EU / Frankfurt; stores request identifiers such as IP address), Sentry (error monitoring, EU region), and Polar (subscription billing — processes the kindergarten's billing details, not children's data). Where you enable push notifications, they are delivered through your browser or device vendor's push service (Mozilla, Google or Apple); only the notification content and an anonymous device endpoint are sent. The optional facial-recognition feature downloads its detection model from the jsDelivr open-source CDN, which receives your browser's IP address and user-agent when the model loads (no child data is sent). We also use Google services that operate in the United States: Gemini (the optional AI feature that parses free-text food menus) and reCAPTCHA (spam prevention on our public marketing pages); both are subject to Google's privacy policy. Where a sub-processor operates outside the EEA — including Google, and jsDelivr where it is not EU-resident — transfers rely on standard contractual clauses or equivalent Article 46 safeguards.

6. Data retention

Account and child data is retained for the duration of the kindergarten's active subscription plus 30 days after cancellation. After that period, data is permanently deleted. You may request earlier deletion at any time.

7. Your rights

Under GDPR you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent (for media sharing).

Because your kindergarten is the data controller, please send requests about children's and family data — access, correction, deletion, restriction, portability, or withdrawing consent — to your kindergarten directly. They fulfil these using Linkids' tools and we assist them as processor. For data Linkids controls as the platform operator (your login account, billing, security logs), you can contact privacy@linkids.co. Requests are answered within one month (30 days).

8. Cookies

We use only essential session cookies required for authentication. We do not use advertising or analytics cookies.

9. Google Sign-In

We offer "Sign in with Google" as an authentication option. When you use this, Google shares your name and email address with us. We do not request access to any other Google account data. Google's privacy policy applies to their services: policies.google.com/privacy.

10. Changes to this policy

We may update this policy to reflect changes in the service or legal requirements. We will notify administrators by email of material changes. Continued use of the platform after changes constitutes acceptance.

11. Complaints

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (dataprotection.gov.cy) or your local EU supervisory authority.