daycair

Privacy policy

Last updated: July 18, 2026

daycair is a Canadian not-for-profit that helps people open and run licensed child care, and gives the families they serve a portal into their child’s day. Because our users trust us with sensitive information — including information about children — we hold ourselves to Canada’s federal privacy law (PIPEDA) and to the plain-language promise behind it: collect only what’s needed, say clearly what we do with it, protect it seriously, and never sell it.

daycair’s Privacy Officer is accountable for this policy and our compliance with privacy law (in Quebec, the person in charge of the protection of personal information). Questions or requests about your information: hello@daycair.ca, attention: Privacy Officer.

1. Two kinds of records — and who controls them

Your account and business records(a provider’s profile, credentials, documents, bookkeeping; a family’s account and payment history) are collected and managed by daycair to run the service for you.

Family and child records(children’s enrollment, health records, attendance, daily reports, photos, incident reports) are created and controlled by the child care provider, who is required by provincial regulation to keep them. daycair stores and processes those records on the provider’s behalf. Questions about a specific child’s records are best directed to the provider first; we’ll help either of you.

2. What we collect

From providers:

  • Account basics: email address, password (held and hashed by our authentication service — we never see it), language preference.
  • Business profile: legal and display name, city and province, care setting (home or centre), residence type, business structure, intended licence category and capacity, ECE status.
  • Credentials: ECE registration, first aid/CPR, and criminal-check details (issuer, certificate number, dates) — plus the documents you upload to your vault, including your police or CRRP-issued Vulnerable Sector Check result. We track that check; we never order it, pay for it, or send it anywhere.
  • Social Insurance Number — only if you choose to put it on year-end parent tax receipts, and only with your recorded consent. See section 5.
  • Business records: invoices, payments received, expenses and receipt images, business-use-of-home inputs, operating hours.

About children and families (mostly entered by the provider):

  • Child basics: name, date of birth, enrollment dates and status, authorized pickup list, government-funded status.
  • Health and compliance records: immunizations, medical conditions, allergies, medications, action plans, emergency contacts, and consent preferences (for example photo and field-trip consent).
  • Daily life: attendance times, daily reports (meals, naps, activities) and their photos, incident reports and guardian acknowledgments, messages between provider and guardians.
  • Guardian details: name, email, phone, relationship to the child, and — for online payments — payment history created when a guardian pays through Stripe (never card or bank numbers; see section 4); providers record offline payments themselves.

Automatically: server logs and page-view analytics (cookieless — see section 7), and an immutable audit log of sensitive actions (who did what, when).

3. What we use it for — and what we never do

  • Run the service: licensing journeys, eligibility results, funding matching, rosters, attendance, billing, parent communication, compliance records.
  • Keep regulated records the provider must hold, with the history and audit trail inspections expect.
  • Send account emails (verification, password reset, sign-in links). Reminders appear in the app, and family-portal invites are links your provider shares with you.
  • Measure the service in aggregate (for example, how long licensing takes) to improve it and to report our not-for-profit mission's outcomes — never in a form that identifies a child.

We never sell or rent personal information, never use it for advertising, and place no third-party ad trackers. Within the platform, access follows role and purpose:

  • If an employer sponsors a child's care, that employer sees the sponsorship, contribution, and utilization information needed to administer it — the child's first name, the provider's name, and usage and spend. Never health records, daily reports, or photos.
  • If a provider operates under a licensed home child care agency, the agency sees that provider's roster, compliance, and funding information within its oversight mandate.
  • Government partners see the providers and aggregate outcomes for the cohort they fund — never children's records.

We may disclose personal information where required or authorized by law — for example under a court order, warrant, or a lawful demand from a regulator or licensing authority — and we disclose no more than the law requires. Where the law allows, we will tell the affected person.

4. Payments

Online payments run on Stripe. Card and bank details are entered on Stripe’s own secure pages and go directly to Stripe — they never touch daycair’s servers, and we store only opaque references (like a payment ID). Providers’ payout banking details are likewise collected by Stripe during its own onboarding. Stripe processes payment data on its global (primarily U.S.) infrastructure under its own privacy policy.

5. Extra-sensitive data, extra care

  • SIN: encrypted by our application (AES-256-GCM) before it ever reaches the database; shown only masked; decrypted at exactly one point — rendering a tax receipt you consented to — and every access is written to the immutable audit log.
  • Criminal-check results: stored as private documents, accessible only to you, daycair staff assisting you, and — if you operate under a licensed agency — that agency’s administrators; every on-behalf action is audit-logged to both identities, and files are served via links that expire in minutes.
  • Children's photos: stored privately, never public, served only through short-lived links, and visible only to the families of the children they were published to — a photo shared in a group report is seen by each family in that group. Providers record each family's photo consent and are responsible for honouring it when they publish reports.
  • Children's health records: restricted by deny-by-default database rules; each guardian can see only their own child; employers and government partners can never see them.

6. Where your data lives

Application data — including all children’s records, documents, and the encrypted SIN — is stored in Canada (database and file storage in the AWS Canadian region; application compute in Montréal). Being honest, some information does transit or reside outside Canada with service providers we rely on:

  • Stripe (payments) processes payment data on U.S./global infrastructure.
  • Account emails (verification, password reset, sign-in links) are delivered through Resend, a U.S. email service — the email address and message content transit the U.S.
  • Email you send to @daycair.ca is routed via Cloudflare's global network to our mailbox.
  • Web requests pass through our host's global edge network before reaching Canadian compute, and cookieless analytics events are processed by Vercel (U.S.); all pages load fonts from Google Fonts, and public marketing pages load photos from Unsplash — both see standard request data like IP address.

These providers are bound by their own strong security practices, but information outside Canada is subject to the laws of those jurisdictions.

7. Cookies and local storage

  • Sign-in cookie (essential): keeps you signed in. Cleared on sign-out.
  • Acting-on-behalf cookie (essential, staff and agency roles only): scopes concierge assistance, with every action audit-logged to both identities.
  • Language cookie (preference): remembers your EN/FR choice for one year — set only when you use the switcher.
  • On your device only: in-progress onboarding answers and the offline attendance queue are kept in your browser's local storage so you can resume or work without connectivity; they sync and clear as designed.
  • No analytics or advertising cookies. Our page-view analytics are cookieless and anonymized.

8. How we protect it

  • Encryption in transit (TLS) and at rest; application-layer encryption on top for the SIN.
  • Deny-by-default database access rules; every portal is scoped to its role, and each guardian is isolated to their own child.
  • Private file storage with short-lived, ownership-checked links — no public buckets.
  • An append-only audit log (it cannot be edited or deleted, even by us) covering sensitive actions: SIN access, document changes, payments, incident reports, and every action staff take on a provider's behalf.
  • Payment credentials never on our systems (section 4); invite links stored only as one-way hashes with 7-day expiry.

No system is perfect. If a breach ever creates a real risk of significant harm, we will notify affected people, the Privacy Commissioner of Canada, and any applicable provincial regulator (for Quebec residents, the Commission d’accès à l’information) as the law requires.

9. Retention and deletion

Child care records are regulated records: providers are required to keep children’s records for periods set by their province, even after a child withdraws — so those records are retained, not auto-deleted. Financial records and the audit log are kept immutable (corrections are made by new, audited entries — history is never silently rewritten). Superseded documents keep their version history.

To close your account or request deletion of information, email hello@daycair.ca. We’ll delete what we lawfully can and tell you plainly what must be retained (for example, regulated child care records, tax and payment records, and audit history) and for how long. Deletion is handled by our team on request — there is currently no self-serve delete button.

10. Your rights

  • Access: ask what personal information we hold about you and get a copy.
  • Correction: profile and most records are editable in the app; anything else, ask us.
  • Withdraw consent where consent is the basis (for example, remove your SIN and its receipt consent) — subject to legal retention duties.
  • Portability: Quebec residents may ask for their computerized personal information in a structured, commonly used technological format; we extend this to all users where practical.
  • Complain: start with us at hello@daycair.ca. If we don't resolve it, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy authority.

11. Changes to this policy

If we change this policy, we’ll update the date at the top and flag the change in the app. If a change materially expands how we collect, use, or share personal information, we will notify you and ask for your consent before the new practice applies to information about you.

See also our Terms of Service.