Trust & Safety — Your Data, Your Payments, Protected

Q: Where is my data stored?

On Amazon Web Services (AWS) — the same enterprise cloud infrastructure used by banks, hospitals, and a large share of the modern internet. Data is encrypted in transit and at rest.

Q: How are payments handled?

Payments are processed by Stripe and Deluxe — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and never stored on MyKidReports servers.

Q: Who can see what inside MyKidReports?

Each account uses role-based permissions. Directors and admins set what each role can see and do. Teachers see their classroom. Parents see only their own children. You can scope access as tightly as you need.

Q: Do you sell or share my data?

No. We don't sell your data, we don't share it with advertisers, and we don't run ads inside the product or the parent app.

Q: How do I report a security issue?

Email security@MyKidReports.com or use the in-product chat. Reports are routed to the engineering team and acknowledged in writing.

Q: Are passwords encrypted?

Yes. Passwords are hashed before they ever reach our database — even our own engineers can't read them. If you forget a password, we send you a reset link rather than mailing the original (because we don't have it).

Q: What if a parent loses their phone?

Logged-in sessions are tied to the device. A director can revoke access for any user from the admin panel. The parent re-authenticates on a new device — no one else gets in just because the old phone is found.

Three pillars

Trust isn't a checkbox. It's how we build.

Three things every center director should know about how MyKidReports handles your data, your money, and your team's access.

Encrypted, end-to-end

Everything moving between you and us travels over TLS. Everything at rest sits encrypted on AWS. No exceptions, no shortcuts.

Payments by certified partners

Stripe and Deluxe handle card and ACH transactions. Your families' card and bank details never sit on our servers.

Permissions you control

Set what each role can see and do — directors, admins, teachers, parents. Tight by default, flexible when you need it.

Hosted on AWS

Where the internet runs.

Your data lives on Amazon Web Services — the same cloud platform behind banks, hospitals, and a large share of the modern internet. Encrypted in transit, encrypted at rest, with the same physical and network security AWS provides every customer.

AWS data centers with industry-standard physical and network security
TLS encryption for every connection between you and MyKidReports
Encryption at rest — every database, every backup, every file
Regular backups so a bad day for one server isn't a bad day for your records

Infrastructure

All systems healthy

AWS

TLS 1.2+ in transit

AES-256 at rest

Backups with point-in-time restore

Payments, never on us

Card numbers we never see.

Tuition payments are processed by Stripe and Deluxe — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and bypass MyKidReports entirely. We never see them, never store them, never have them.

Stripe handles credit and debit card processing
Deluxe handles ACH and bank transfers
Card and bank data tokenized — full numbers never reach our servers
Payment partner certifications carry the PCI compliance burden

Payment flow

Card details bypass MyKidReports

Parent's card

Tuition paid

Stripe / Deluxe

PCI-DSS partners

Stripe

Card processing

Deluxe

ACH / bank

Card details never sit on MyKidReports — even if we wanted them, we don't have them.

Permissions that match your org

Who sees what.

Set what each role can see and do — directors, admins, teachers, parents, and assistants. A teacher sees their classroom, not the billing system. A parent sees their own children, not someone else's. You decide who gets access to what.

Distinct roles for directors, admins, teachers, assistants, and parents
Permissions tuned per role — no all-or-nothing access
Parents see only their own children — never someone else's
Tighten or loosen access any time — directors stay in charge

Permissions matrix

Configurable per account

RBAC

Action

Director

Admin

Teacher

Parent

View child records

Edit billing

Take attendance

Generate reports

Message parents

Allowed ~ Scoped Off

Built for childcare

Their photos. Their data. Their privacy.

Photos and information about a child are visible only to the child's parent and authorized staff at your center — and even then, only what their role needs them to see. Never on a public feed, never to outside families, never sold to advertisers. Their data isn't a product, and it never will be.

Visible only to the child's parent and authorized staff — role-based, not blanket access
No public feeds, no shareable child profiles
No advertising — not now, not ever
Never sold or shared with third parties

Who can see your child's info

Locked by default

The child's parent Yes
Authorized staff role-based Yes
Other staff without permission No
Other parents No
The public / internet No
Advertisers No
Third-party data buyers No

Staff access is role-based — each person sees only what their job needs.

Always saved

Saved the moment you tap.

Every entry, every photo, every check-in is saved to our servers the moment it happens. No "save" buttons to forget. No spreadsheets on a teacher's laptop that nobody syncs. Your data stays current on every device — and you don't lose what you've already done.

Auto-saved in real time — every entry, every photo, every check-in
Synced across every device your team uses — phones, tablets, desktops
Regular backups so a bad day for one server isn't a bad day for you
Always available, even if a teacher's tablet breaks tomorrow

Auto-saved

Real-time to our servers

All changes saved

Last sync · just now

Recent activity

Attendance check-in just now
Photo uploaded 4s ago
Invoice generated 14s ago
Activity posted 28s ago

Synced across phone, tablet, and desktop — automatically.

Director's questions

What every director asks about safety.

Bring us the rest. We'll answer plainly.

Where is my data stored?

On Amazon Web Services (AWS) — the same enterprise cloud infrastructure used by banks, hospitals, and a large share of the modern internet. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256), with regular backups and point-in-time recovery.

How are payments handled?

Payments go through Stripe (cards) and Deluxe (ACH/bank) — both PCI-DSS compliant payment partners. Card and bank details are tokenized at the moment they're entered and bypass MyKidReports entirely. We never see, store, or have access to full card numbers.

Who can see what inside MyKidReports?

Each account uses role-based permissions. Directors and admins set what each role can see and do. Teachers see their classroom. Parents see only their own children. You can scope access as tightly as you need.

Do you sell or share my data?

No. We don't sell your data, share it with advertisers, or run ads inside the product or the parent app. Your data is used to run your account — that's it.

What happens if I cancel?

Your data stays safe on our servers as long as your account is active. If you decide to cancel, our team will work with you to make sure you have what you need before your account is deactivated. No drama, no hostage-holding.

How do I report a security issue?

Email security@MyKidReports.com or use the in-product chat widget. Reports are routed to engineering and acknowledged in writing.

Are passwords encrypted?

Yes. Passwords are hashed before they ever reach our database — even our own engineers can't read them. If you forget a password, we send you a reset link rather than mailing the original (because we don't have it).

What if a parent loses their phone?

Logged-in sessions are tied to the device. A director can revoke access for any user from the admin panel. The parent re-authenticates on a new device — no one else gets in just because the old phone is found.

Your data, protected. Your payments, secured.