Effective Date: January 15, 2025 | Last Updated: January 15, 2025
The data controller for personal data processed through the KumbukTree platform is:
3847 Peachtree Road NE, Suite 210
Atlanta, GA 30319
United States
Privacy Officer: Sarah Whitfield
Email: privacy@kumbuktree.com
Phone: +1 (470) 389-2174
When childcare centers use our platform, KumbukTree acts as a data processor on behalf of the childcare center (the data controller) for the personal data of enrolled children, guardians, and staff. For KumbukTree's own account holders and website visitors, we act as the data controller.
We collect the following categories of personal data in connection with the Service:
Information provided during registration and account setup:
Data entered by childcare centers during normal use of the platform:
Data collected automatically when you interact with our platform:
We process personal data for the following purposes:
| Purpose | Examples |
|---|---|
| Service Delivery | Processing attendance records, generating daily reports, managing child profiles |
| Transactional Notifications | Sending check-in confirmations, activity reports, incident alerts, invoices, receipts, and system notices via email |
| Billing & Payments | Generating invoices, processing subscription payments, issuing receipts |
| Security & Fraud Prevention | Monitoring for unauthorized access, detecting anomalous activity, maintaining audit logs |
| Product Improvement | Analyzing aggregated, anonymized usage patterns to improve platform features |
| Legal Compliance | Meeting regulatory obligations related to childcare licensing, tax reporting, and data protection laws |
| Customer Support | Responding to inquiries, troubleshooting issues, managing account changes |
For individuals in the European Economic Area (EEA) and United Kingdom, we process personal data based on the following legal grounds:
KumbukTree does not sell, rent, lease, or trade personal data to any third party for marketing, advertising, or any other commercial purpose.
We do not share personal data with data brokers, ad networks, or social media platforms. We do not participate in data marketplaces. This commitment applies to all categories of personal data we process, including data about children.
We use the following third-party service providers (sub-processors) to deliver the Service. Each sub-processor is contractually obligated to protect personal data in accordance with applicable law:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure hosting (compute, storage, database) | US (us-east-1) |
| Mailgun (Sinch) | Transactional email delivery (SMTP relay) | US / EU |
| Stripe | Payment processing and subscription billing | US |
We maintain a current list of sub-processors and will notify affected clients at least 30 days before engaging any new sub-processor that handles personal data.
Our primary infrastructure is located in the United States. If you are located outside the US, your data may be transferred to and processed in the US. We protect international data transfers through:
We retain personal data only as long as necessary for the purposes described in this Policy:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of subscription + 30 days for export, then deleted |
| Child & guardian records | Duration of enrollment + 90 days, then deleted |
| Staff records | Duration of employment at center + 90 days, then deleted |
| Attendance & activity logs | 3 years (state licensing requirements) |
| Billing & payment records | 7 years (tax and accounting obligations) |
| Email delivery logs | 90 days |
| System access logs | 12 months |
| Technical/analytics data | 12 months (aggregated and anonymized) |
When data reaches the end of its retention period, it is securely deleted or irreversibly anonymized.
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under GDPR:
To exercise any of these rights, contact us at privacy@kumbuktree.com. We will respond within 30 days of receiving your request. We may request identity verification before processing your request.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights:
To submit a request, email privacy@kumbuktree.com or call +1 (470) 389-2174. We will verify your identity and respond within 45 days.
The KumbukTree platform and website use strictly necessary cookies only:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Maintains your authenticated session | Expires when browser closes or after 8 hours of inactivity |
| CSRF token | Prevents cross-site request forgery attacks | Session duration |
| Cookie consent | Remembers your cookie banner preference | 12 months |
We do not use advertising cookies, tracking pixels, social media widgets, or any third-party analytics cookies. No personal data is shared with advertisers or ad networks through cookies.
We implement robust technical and organizational measures to protect personal data:
For more details, visit our Trust Center.
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. When we make material changes:
We encourage you to review this page periodically.
Privacy Officer: Sarah Whitfield
Email: privacy@kumbuktree.com
Phone: +1 (470) 389-2174
KumbukTree, Inc.
3847 Peachtree Road NE, Suite 210
Atlanta, GA 30319
United States