Privacy Policy
Last updated: February 18, 2026
M2atech Solutions Inc. ("we", "us", "our", "M2atech"), operating as KidSecure, is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information through our platform at kidsecure.ca, our mobile applications, and related services (collectively, the "Platform"). KidSecure is a childcare management platform designed for licensed early learning and childcare facilities in Canada. We understand the sensitivity of the information we handle, particularly information relating to children, and we take our responsibilities seriously.
1. Scope and Application
This Privacy Policy applies to: • Facility Operators (owners, directors) who register their childcare facility on KidSecure • Staff Members (educators, administrators) who are invited to use the Platform • Parents and Guardians who access the Platform to view information about their children • Children whose information is entered into the Platform by Facility Operators or Staff This policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
2. Information We Collect
Information Provided by Facility Operators and Staff: • Facility name, address, phone number, email, license number • Owner/director name, contact information • Staff names, email addresses, phone numbers, roles • Banking and payment information (processed securely by Stripe) • Facility logo and branding Information About Children (entered by Facility Operators and Staff, not collected directly from children): • Child's full name, date of birth, gender • Room/classroom assignment • Attendance records (check-in/check-out times) • Medical information (allergies, medications, special needs) as provided by parents • Emergency contact information • Photos (if uploaded by staff or parents) • Daily activity reports, meal/nutrition records • Incident reports • Developmental assessments and milestone tracking records Information About Parents and Guardians: • Full name, email address, phone number • Home address • Payment information (credit card, bank account for pre-authorized debit — processed securely by Stripe, not stored on our servers) • Communication preferences and language preference Information Collected Automatically: • IP address • Browser type and version • Device type and operating system • Pages viewed and features used • Date and time of access • Referring URL
3. How We Use Your Information
We use the collected information to: • Provide our services: Manage attendance, billing, communication, and reporting for childcare facilities • Process payments: Generate invoices, process online payments, and manage billing through Stripe • Communicate with you: Send transactional emails and push notifications (invoices, reminders, attendance check-in/check-out alerts, security codes, emergency notifications), respond to support requests • Ensure security: Protect accounts, detect fraud, and maintain the integrity of the Platform • Improve our services: Analyze usage patterns to improve features and user experience (using aggregated, anonymized data only) • Comply with legal obligations: Meet regulatory requirements, respond to legal requests We do NOT use children's personal information for marketing, advertising, profiling, or any purpose other than providing the childcare management services requested by the Facility Operator.
4. Consent
How We Obtain Consent: • Facility Operators: By registering on KidSecure, Facility Operators consent to this Privacy Policy and confirm they have the authority to enter children's and parents' information into the Platform • Staff Members: By accepting an invitation to use the Platform, Staff Members consent to this Privacy Policy • Parents and Guardians: Facility Operators are responsible for informing parents that KidSecure is used to manage their child's information and for obtaining any necessary consent. Parents consent to this Privacy Policy when they create their account or accept an invitation Withdrawing Consent: You may withdraw your consent at any time by contacting us at support@kidsecure.ca. Please note that withdrawing consent may affect our ability to provide services to you or your childcare facility. Facility Operators may request deletion of their facility's data, which will include all associated children's and parents' data.
5. Information Sharing and Disclosure
We never sell your personal information to third parties. We may share your information only in the following circumstances: Service Providers — We use trusted third-party service providers to operate our Platform: • Stripe — Payment processing (Canada/US) • Brevo (Sendinblue) — Transactional emails (EU, France) • Google Cloud Platform — Cloud hosting and infrastructure (Canada, Montréal) • Google Cloud Storage — Photo and document storage (Canada, Montréal) • Google Firebase — Push notifications (US) • Stripe Connect — Parent-to-facility payment processing (Canada/US) All service providers are bound by data processing agreements and are required to protect your information in accordance with PIPEDA. Within a Facility: • Staff members can view information about children and parents associated with their facility • Parents can view information about their own children only • Facility Operators can view all information within their facility Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, including to comply with child protection laws. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
6. Data Security
We implement the following security measures: • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+ • Encryption at rest: All data stored on our servers is encrypted using AES-256 (provided by Google Cloud Platform) • Access controls: Role-based access ensures users can only access information relevant to their role • Authentication: Password hashing (bcrypt), email verification, and session management • Payment security: Credit card and banking information is processed by Stripe (PCI DSS Level 1 certified) and is never stored on our servers • Signed URLs: Photos and documents are accessible only through time-limited signed URLs • Regular backups: Automated daily backups with encryption • Monitoring: Continuous monitoring for unauthorized access attempts
7. Data Storage and Location
All primary data is stored in Canada, on Google Cloud Platform servers located in Montréal, Québec. Some data may be processed by our service providers in the EU (Brevo) and the US (Stripe) as described in Section 5. In all cases, appropriate safeguards are in place to protect your information.
8. Data Retention
• Active accounts: We retain your data for as long as your account is active and as needed to provide our services • Account deletion: When a Facility Operator deletes their account, we delete all associated data (facility, children, parents, staff, invoices, attendance records) within 30 days • Financial records: Invoices, payment records, and tax receipts are retained for 7 years after the last transaction, as required by Canadian tax law (Income Tax Act) • Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently removed • Anonymized data: We may retain anonymized, aggregated data indefinitely for analytics purposes. This data cannot be used to identify any individual
9. Your Rights Under PIPEDA
You have the right to: • Access: Request a copy of the personal information we hold about you • Correction: Request correction of inaccurate or incomplete information • Deletion: Request deletion of your personal information, subject to legal retention requirements • Withdraw consent: Withdraw your consent to the collection, use, or disclosure of your information • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) if you believe your privacy rights have been violated To exercise any of these rights, contact us at support@kidsecure.ca. We will respond to your request within 30 days.
10. Children's Privacy
We take the protection of children's information very seriously. • We do not collect information directly from children. All information about children is entered by Facility Operators, Staff, or Parents. • We do not use children's information for marketing, advertising, or profiling. • Children's photos are stored securely with encryption at rest and are accessible only through time-limited signed URLs to authorized users (facility staff and the child's parents/guardians). • Access to children's information is strictly limited to the facility's authorized staff and the child's parents/guardians. • Facility Operators are responsible for ensuring they have appropriate consent from parents/guardians to enter and manage children's information on the Platform. • Photos of children are only uploaded after the parent/guardian has signed a photo consent form through the Platform. If consent is declined, photos of that child are not displayed.
11. Cookies and Tracking
Cookies We Use: • Essential cookies: Required for the Platform to function (authentication, session management, language preference). These cannot be disabled. • Analytics cookies: Used to understand how the Platform is used, in aggregated form only. No personal information is collected through analytics. What We Do NOT Use: • We do NOT use advertising or marketing cookies • We do NOT use third-party tracking pixels • We do NOT share browsing data with advertisers • We do NOT use cookies to profile children or parents You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Platform.
12. Third-Party Links
The Platform may contain links to third-party websites or services (e.g., Stripe payment pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes: • We will notify Facility Operators by email • We will display a notice on the Platform • We will update the "Last updated" date at the top of this policy Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us: M2atech Solutions Inc. Operating as KidSecure Moncton, New Brunswick, Canada Email: support@kidsecure.ca Website: https://kidsecure.ca Privacy Officer: Abdoulaye Mohamed Ahmed Email: support@kidsecure.ca For complaints that are not resolved to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada: • Website: www.priv.gc.ca • Phone: 1-800-282-1376
15. Governing Law
This Privacy Policy is governed by the laws of the Province of New Brunswick and the federal laws of Canada applicable therein, including PIPEDA.
