Privacy Policy

1. Introduction

Peblio ("we", "our", or "us") is committed to protecting your privacy and the privacy of children in our care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our communication platform designed for childcare providers, parents, and families.

We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is [To be updated with actual business address].

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address, phone number)
• Child information (name, date of birth, medical information, emergency contacts)
• Staff information (qualifications, DBS check details, role information)
• Messages, announcements, and communications
• Photos and videos of children (with explicit consent)
• Event attendance and calendar information
• Payment and billing information

2.2 Information We Collect Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Log data (access times, error logs, security events)
• Location data (if enabled and with consent)

3. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our communication platform
• To facilitate secure communication between childcare providers and parents
• To share updates, announcements, and important information about children
• To manage events, calendars, and attendance records
• To ensure safeguarding compliance and child protection
• To process payments and manage subscriptions
• To provide customer support and respond to inquiries
• To improve our services and develop new features
• To comply with legal obligations and regulatory requirements

4. Legal Basis for Processing

Under UK GDPR, we process personal data on the following legal bases:

• Consent: For photos, videos, and marketing communications
• Contract: To provide our services as agreed in our terms
• Legal obligation: For safeguarding compliance and regulatory requirements
• Legitimate interests: For security, fraud prevention, and service improvement
• Vital interests: For emergency situations involving child safety

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

• With other users within your childcare setting (staff, parents, authorized family members)
• With service providers who assist us in operating our platform (hosting, analytics, payment processing)
• When required by law or to protect the rights, property, or safety of children
• In case of emergency situations involving child welfare
• With regulatory authorities for safeguarding compliance
• In connection with a business transfer or merger

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

• End-to-end encryption for sensitive communications
• Secure data storage with encryption at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication measures
• Staff training on data protection and safeguarding
• Incident response procedures for data breaches

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Child records: 7 years after the child leaves the setting (safeguarding requirement)
• Staff records: 6 years after employment ends
• Communication logs: 3 years for audit purposes
• Financial records: 7 years for tax and accounting purposes
• Marketing data: Until consent is withdrawn

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request copies of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interests
• Rights related to automated decision-making: Human review of automated decisions

To exercise these rights, please contact us at privacy@peblio.co.uk. We will respond within one month.

9. Children's Privacy

We take special care to protect children's privacy and comply with applicable child protection laws. We only collect information about children with explicit parental consent and for legitimate educational and safeguarding purposes.

Parents have the right to access, correct, or delete their child's information at any time. We will not knowingly collect personal information from children under 13 without parental consent.

10. International Transfers

Some of our service providers may be located outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions by the UK government.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: