Your data, protected. Your payments, secured.

Q: Is MyKidReports secure for daycares and preschools?

Yes. MyKidReports is built on Amazon Web Services (AWS) — the same infrastructure used by banks and hospitals. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Payments are processed by Stripe and Deluxe, both PCI-DSS compliant. Access is role-based: directors set what teachers, admins, and parents can see. Passwords are hashed before reaching the database. We do not sell your data, share it with advertisers, or run ads inside the product or parent app.

Q: Is MyKidReports COPPA compliant for collecting child information?

Yes. MyKidReports is aligned with COPPA (Children's Online Privacy Protection Act) requirements. We do not knowingly collect personal information directly from children under 13. All child data in MyKidReports is collected and managed by parents, guardians, and the daycare or preschool — the school acts as the verifiable consent point under COPPA. Data is used only to operate the service the school has signed up for; we do not sell or share child data with advertisers. Schools and parents can request data export or deletion at any time.

Q: What about FERPA, HIPAA, and other student-privacy laws?

FERPA applies primarily to schools that receive federal funding from the U.S. Department of Education and is most relevant to K-12 and higher education; most private daycares and preschools fall under state-level privacy regulations rather than FERPA. MyKidReports' data handling — encryption, access controls, no third-party data sale, school-controlled access — is built to support the privacy expectations of any state's licensing requirements. HIPAA does not apply to typical daycare records, but wellness check data is encrypted and access-controlled the same way as all other data.

Q: Where is my daycare's data stored?

On Amazon Web Services (AWS) — the same enterprise cloud infrastructure used by banks, hospitals, and a large share of the modern internet. Data is encrypted in transit and at rest.

Q: How are payments handled?

Payments are processed by Stripe and Deluxe — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and never stored on MyKidReports servers.

Q: Who can see what inside MyKidReports?

Each account uses role-based permissions. Directors and admins set what each role can see and do. Teachers see their classroom. Parents see only their own children. You can scope access as tightly as you need.

Q: Do you sell or share my data?

No. We don't sell your data, we don't share it with advertisers, and we don't run ads inside the product or the parent app.

Q: How do I report a security issue?

Reach our team through the in-product chat or the contact form on our Contact Us page. Reports are routed to the engineering team and acknowledged in writing.

Childcare software security done right: AWS-hosted infrastructure, PCI-DSS payment partners (Stripe and Deluxe), encryption in transit and at rest, role-based access controls, and COPPA-aligned data privacy. Your records, your families’ records, and your money stay where they belong.

Start Free → Book a Demo

Three pillars

Trust isn't a checkbox. It's how we build.

Three things every center director should know about how MyKidReports handles your data, your money, and your team's access.

Encrypted, end-to-end

Everything moving between you and us travels over TLS. Everything at rest sits encrypted on AWS. No exceptions, no shortcuts.

Payments by certified partners

Stripe and Deluxe handle card and ACH transactions. Your families' card and bank details never sit on our servers.

Permissions you control

Set what each role can see and do — directors, admins, teachers, parents. Tight by default, flexible when you need it.

Hosted on AWS

Where the internet runs.

Your data lives on Amazon Web Services — the same cloud platform behind banks, hospitals, and a large share of the modern internet. Encrypted in transit, encrypted at rest, with the same physical and network security AWS provides every customer.

AWS data centers with industry-standard physical and network security
TLS encryption for every connection between you and MyKidReports
Encryption at rest — every database, every backup, every file
Regular backups so a bad day for one server isn't a bad day for your records

Infrastructure

All systems healthy

AWS

TLS 1.2+ in transit

AES-256 at rest

Backups with point-in-time restore

Payments, never on us

Card numbers we never see.

Tuition payments are processed by Stripe and Deluxe — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and bypass MyKidReports entirely. We never see them, never store them, never have them.

Stripe handles credit and debit card processing
Deluxe handles ACH and bank transfers
Card and bank data tokenized — full numbers never reach our servers
Payment partner certifications carry the PCI compliance burden

Payment flow

Card details bypass MyKidReports

Parent's card

Tuition paid

Stripe / Deluxe

PCI-DSS partners

Stripe

Card processing

Deluxe

ACH / bank

Card details never sit on MyKidReports — even if we wanted them, we don't have them.

Permissions that match your org

Who sees what.

Set what each role can see and do — directors, admins, teachers, parents, and assistants. A teacher sees their classroom, not the billing system. A parent sees their own children, not someone else's. You decide who gets access to what.

Distinct roles for directors, admins, teachers, assistants, and parents
Permissions tuned per role — no all-or-nothing access
Parents see only their own children — never someone else's
Tighten or loosen access any time — directors stay in charge

Permissions matrix

Configurable per account

RBAC

Action

Director

Admin

Teacher

Parent

View child records

Edit billing

Take attendance

Generate reports

Message parents

Allowed ~ Scoped Off

Built for childcare

Their photos. Their data. Their privacy.

Photos and information about a child are visible only to the child's parent and authorized staff at your center — and even then, only what their role needs them to see. Never on a public feed, never to outside families, never sold to advertisers. Their data isn't a product, and it never will be.

Visible only to the child's parent and authorized staff — role-based, not blanket access
No public feeds, no shareable child profiles
No advertising — not now, not ever
Never sold or shared with third parties

Who can see your child's info

Locked by default

The child's parent Yes
Authorized staff role-based Yes
Other staff without permission No
Other parents No
The public / internet No
Advertisers No
Third-party data buyers No

Staff access is role-based — each person sees only what their job needs.

Always saved

Saved the moment you tap.

Every entry, every photo, every check-in is saved to our servers the moment it happens. No "save" buttons to forget. No spreadsheets on a teacher's laptop that nobody syncs. Your data stays current on every device — and you don't lose what you've already done.

Auto-saved in real time — every entry, every photo, every check-in
Synced across every device your team uses — phones, tablets, desktops
Regular backups so a bad day for one server isn't a bad day for you
Always available, even if a teacher's tablet breaks tomorrow

Auto-saved

Real-time to our servers

All changes saved

Last sync · just now

Recent activity

Attendance check-in just now
Photo uploaded 4s ago
Invoice generated 14s ago
Activity posted 28s ago

Synced across phone, tablet, and desktop — automatically.

AWS

Cloud infrastructure

Stripe

PCI-DSS card processor

Deluxe

PCI-DSS ACH processor

TLS + AES-256

Encryption everywhere

Director's questions

What every director asks about safety.

Bring us the rest. We'll answer plainly.

Is MyKidReports secure for daycares and preschools?

Yes. MyKidReports is built on Amazon Web Services (AWS) — the same infrastructure used by banks and hospitals. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Payments are processed by Stripe and Deluxe, both PCI-DSS compliant. Access is role-based: directors set what teachers, admins, and parents can see. Passwords are hashed before reaching the database. We do not sell your data, share it with advertisers, or run ads inside the product or parent app.

Is MyKidReports COPPA compliant for collecting child information?

Yes. MyKidReports is aligned with COPPA (Children’s Online Privacy Protection Act). We do not knowingly collect personal information directly from children under 13. All child data in MyKidReports is collected and managed by parents, guardians, and the daycare or preschool — the school acts as the verifiable consent point under COPPA. Data is used only to operate the service the school has signed up for; we do not sell or share child data with advertisers. Schools and parents can request data export or deletion at any time.

What about FERPA, HIPAA, and other student-privacy laws?

FERPA applies primarily to schools that receive federal funding from the U.S. Department of Education and is most relevant to K–12 and higher education; most private daycares and preschools fall under state-level privacy regulations rather than FERPA. MyKidReports’ data handling — encryption, access controls, no third-party data sale, school-controlled access — is built to support the privacy expectations of any state’s licensing requirements. HIPAA does not apply to typical daycare records, but wellness check data is encrypted and access-controlled the same way as all other data.

Is messaging between parents and teachers secure?

Yes. All messages between parents, teachers, and admins flow through encrypted channels (TLS 1.2+) and are stored encrypted at rest. Messaging is scoped — parents only see messages about their own children, teachers see their classroom, admins see what your director has authorized. There’s no public message wall and no cross-family visibility. We never use message content for advertising.

Where is my data stored?

On Amazon Web Services (AWS) — the same enterprise cloud infrastructure used by banks, hospitals, and a large share of the modern internet. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

How are payments handled?

Payments go through Stripe (cards) and Deluxe (ACH/bank) — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and bypass MyKidReports entirely. We never see, store, or have access to full card numbers.

Who can see what inside MyKidReports?

Each account uses role-based permissions. Directors and admins set what each role can see and do. Teachers see their classroom. Parents see only their own children. You can scope access as tightly as you need.

Do you sell or share my data?

No. We don't sell your data, share it with advertisers, or run ads inside the product or the parent app. Your data is used to run your account — that's it.

What happens if I cancel?

Your data stays safe on our servers as long as your account is active. If you decide to cancel, our team will work with you to make sure you have what you need before your account is deactivated. No drama, no hostage-holding.

How do I report a security issue?

Reach our team through the in-product chat widget or the contact form on our Contact Us page. Reports are routed to engineering and acknowledged in writing.

Are passwords encrypted?

Yes. Passwords are hashed before they ever reach our database — even our own engineers can't read them. If you forget a password, we send you a reset link rather than mailing the original (because we don't have it).

What if a parent loses their phone?

Logged-in sessions are tied to the device. A director can revoke access for any user from the admin panel. The parent re-authenticates on a new device — no one else gets in just because the old phone is found.

Contact

Get in touch.

Email

info@MyKidReports.com →

Trust isn't a feature. It's how we build.

Your data, your families' records, and your money — kept where they belong. Bring us the questions you'd want answered before you sign anything.

Get a free demo → See pricing

AWS · Stripe · Deluxe · TLS · AES-256 · Role-based access