Privacy Policy

1. Who We Are

SANLABZ (PRIVATE) LIMITED
Contact Email: support@classveew.com

2. Your Relationship with the Childcare Center/School

In most cases, the childcare center, preschool, or school ("Center") that you or your child attends is the primary data controller regarding your and your child's data processed through our App. We operate as a data processor on behalf of these Centers, following their instructions and their own privacy policies. This Privacy Policy describes our practices as the App provider. Please also consult the Center's privacy policy for full details on their data handling practices.

3. Information We Collect

We collect various types of information from and about users of our App, including sensitive personal data, to provide our services. We adhere to the principle of data minimization, collecting only the information necessary for the stated purposes.

A. Information You Provide Directly to Us (or to the Center, which then shares it with us):

• Account & Profile Information:
  • For Parents/Guardians: Your name, email address, phone number, password, and relationship to the child.
  • For Staff (Teachers, Administrators): Your name, email address, phone number, password, role, and employment/qualification details.
  • National ID card Information is only collected where required by law or regulations and is protected with heightened security control.
• Child's Personal Data:
  • Full name, date of birth, gender, allergies, dietary restrictions, medications, health conditions, emergency contact information.
  • Photos and videos uploaded by parents or staff for educational/reporting purposes.
  • Attendance records (check-in/out times, absences).
  • Daily activity reports (naps, meals, diaper changes, bathroom visits).
  • Learning progress, assessments, and developmental observations.
  • Incident reports.
  • National Identity Card Number, if required.
• Communications: Messages, notes, feedback, and other communications between parents/guardians and staff within the App.
• Billing & Payment Information: If integrated, parents may provide billing details, payment methods, and transaction history. We typically use third-party payment processors and do not store full payment card details on our servers.
• Documents: Any documents uploaded by parents or staff (e.g., immunization records, admission forms).
• Support Information: When you contact us for support, information related to your inquiry.

B. Information Collected Automatically (Usage Data):

When you access and use the App, we may automatically collect certain information about your device and your usage patterns, including:

• Device Information: Your device's IP address, unique device identifiers, operating system, browser type, mobile network information, and other diagnostic data.
• Usage Details: Information about how you interact with the App, such as features you use, screens you view, the time and date of your visits, time spent on certain sections, and crash reports.
• Location Information: We do not collect precise geolocation data from your device for general operation.

C. Information from Other Sources:

• We may receive information from the childcare Center you or your child attends, typically to set up your account and initial child profiles.

4. How We Use Your Information

We use the information we collect primarily to provide our services to the childcare Centers and their authorized users (parents/guardians and staff). Our uses include:

• To Provide and Maintain the App: To operate, deliver, and ensure the functionality of the App, including managing attendance, facilitating communication, sharing daily reports, managing billing, and enabling learning activities.
• To Facilitate Communication: To allow parents/guardians and staff to send messages, share photos/videos, and update each other on a child's activities and progress.
• For Child Development & Reporting: To record, track, and report on a child's learning journey, developmental milestones, health, and well-being.
• For Administrative Purposes: To manage enrollments, billing, staff records, and overall Center operations.
• To Improve and Personalize the App: To understand how the App is used, analyze trends, and develop new features, functionality, and content to enhance the childcare management and communication experience.
• To Communicate with You: To send you important updates, notifications, announcements, technical notices, security alerts, and support messages related to your use of the App.
• For Customer Support: To respond to your inquiries, provide technical assistance, and resolve issues you may encounter.
• For Security and Fraud Prevention: To detect, prevent, and address technical issues, security incidents, fraudulent activities, and to protect the rights, property, or safety of Sanlabz, our users, or the public.
• To Enforce Our Terms and Policies: To ensure compliance with our Terms of Service and other policies.
• For Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

We do not use children's personal data for targeted advertising or to build profiles for commercial purposes.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

• With the Childcare Center/School: All data you and your child provide or that is generated through the App is accessible to and shared with the relevant childcare Center and its authorized staff (e.g., teachers, administrators) for their operational and educational purposes. The Center is the primary data controller for this information.
• With Other Users within the App (as authorized by the Center/Parent):
  • Parents/Guardians: Your child's daily reports, photos, videos, and communication may be shared with authorized parents/guardians associated with that child's profile.
  • Staff: Relevant child and parent information is shared among authorized staff members (e.g., teachers within a specific classroom, administrators overseeing the entire Center).
• With Service Providers: We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf and require access to such information to do so. These services may include:
  • Cloud Hosting: (e.g., Google Cloud Platform, AWS) for data storage and infrastructure.
  • Payment Processors: For handling billing and online payments (we do not store full payment card details).
  • Communication Services: For sending notifications (e.g., SMS providers, email service providers).
  • Customer Support Platforms: For managing support inquiries.
  • Analytics Services: (e.g., Google Analytics) to help us understand app usage, but this is typically aggregated and anonymized data that does not personally identify you or your child. These service providers are obligated to protect your information and are prohibited from using it for any purpose other than providing the services we have contracted them for. We ensure that any third-party partners who process your data adhere to privacy standards at least as stringent as our own.
• For Legal Reasons or to Prevent Harm: We may disclose your information if we believe it's necessary to:
  • Comply with any valid legal process, governmental request, or applicable law, rule, or regulation (e.g., Personal Data Protection Act, No. 9 of 2022 of Sri Lanka).
  • Investigate, prevent, or take action regarding potential violations of our Terms of Service or other policies.
  • Protect the rights, property, or safety of Sanlabz, our users, or the public.
• In Connection with Business Transfers: If Sanlabz is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our App if such a transaction occurs and your information becomes subject to a different privacy policy.

6. Camera and Photo/Video Usage

Our App requests access to your device's camera to enable the following features:

• Profile Photos: Parents and staff can take or upload profile photos for accounts and child profiles.
• Capturing Daily Moments: Staff can take photos and videos of children during activities, meals, play time, and learning sessions to share with parents/guardians as part of daily reports.
• Documenting Learning Progress: Teachers can photograph children's artwork, projects, and developmental milestones to track and share educational progress.
• Incident Documentation: When necessary, staff can capture visual documentation of incidents or observations for safety and reporting purposes.

Permission Required: The App will request camera permission before first use. You can revoke this permission at any time through your device settings.

7. Data Security

We implement robust technical and organizational measures designed to protect your and your child's personal information from unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption: Data is encrypted both in transit (using SSL/TLS) and at rest (using industry-standard encryption for our databases and cloud storage providers like AWS/Google Cloud Platform).
• Access Controls: Strict access controls and authentication mechanisms are in place to limit access to personal data only to authorized personnel who need it to perform their job functions.
• Regular Security Audits: We perform regular security assessments, vulnerability scans, and updates to our systems.
• Data Minimization: We only collect personal data that is necessary for the purposes for which it is processed.
• Other Measures: We enforce strong password requirements and offer multi-factor authentication for user accounts.

However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This typically aligns with the retention policies of the childcare Centers using our App.

• Account Data: We retain your account information for as long as your account is active within a Center's subscription to our service.
• Child Data: Child-related data is retained in accordance with the Center's instructions and applicable laws (e.g., Sri Lanka's data retention guidelines under the PDPA). For users under 13 in the U.S., we retain data only as long as necessary to fulfill its original purpose, and then delete it securely. If a child leaves a Center, their data may be archived or deleted as per the Center's policy and legal requirements.

When we no longer need to retain your personal information, we will securely delete or anonymize it.

9. Your Data Protection Rights

Depending on your location and the applicable data protection laws (e.g., GDPR for EU residents, COPPA for the online collection of personal information from children under 13 in the US, and local laws like the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka), you may have the following rights regarding your personal data and your child's personal data:

• Right to Access: You have the right to request copies of your personal data and your child's personal data that we hold.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data or your child's personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data or your child's personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data or your child's personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Note that withdrawing consent may affect access to services only where data is processed solely on the basis of consent, and may impact the availability of certain features or services that rely exclusively on consent.

To exercise any of these rights regarding data processed by the Center through our App, you should generally contact the childcare Center/school/institution directly. They are the primary data controller and responsible for handling your requests. If you contact us directly, we may need to forward your request to the relevant Center.

To request the deletion of your data or your child's data, please contact your childcare Center/school/institution directly or email us at support@classveew.com. We will process your request in accordance with applicable laws and the Center's instructions.

10. Children's Privacy (COPPA, GDPR, and PDPA Compliance)

Our App is specifically designed for use in education settings and involves the processing of personal information of children. We are committed to complying with all applicable children's privacy laws, including:

• Children's Online Privacy Protection Act (COPPA) (United States): We do not knowingly collect personal information directly from children under 13 without verifiable parental consent obtained by the Center or where the Center acts as the parent's agent (e.g., school official consent). COPPA specifically applies to the online collection of personal information from children under 13, not to all personal data or adults.
• General Data Protection Regulation (GDPR) (European Union): We comply with GDPR requirements regarding the processing of children's data.
• Personal Data Protection Act, No. 9 of 2022 (Sri Lanka): We adhere to the principles outlined in this law regarding the protection of personal data, including that of minors. Note: The implementation timeline for Sri Lanka’s Personal Data Protection Act may affect when and how certain rights are enforceable.

Our practices for children's data include:

• We primarily collect children's personal data from parents/guardians or authorized Center staff.
• We only collect personal information from children that is reasonably necessary for the educational purpose of the App (e.g., attendance, daily reports, learning progress).
• We do not use children's personal data for targeted advertising, marketing, or to create commercial profiles.
• Parents/guardians have the right to review their child's personal information, direct us to delete it, and refuse further collection or use of their child's information.
• If we learn that we have collected personal information from a child under the age of 13 without proper consent, we will take steps to delete that information promptly.

If you believe we may have inadvertently collected personal information from a child under the age of 13 without proper consent, please contact us immediately at support@classveew.com.

11. App Privacy Disclosures and Marketplace Requirements

When submitting our App to various app distribution platforms, and within the App itself, we are committed to providing transparent and comprehensive privacy information. This includes:

• Prominent In-App Disclosures: For any collection of personal or sensitive user data that users might not reasonably expect, we will provide a clear and prominent in-app disclosure. This disclosure will be displayed within the app during normal usage (not hidden in menus or settings), will describe the data being accessed or collected, explain how it will be used and/or shared, and will not be solely part of the privacy policy. It will immediately precede any request for user consent and runtime permissions, ensuring consent is obtained through affirmative user action (e.g., tapping to accept, ticking a checkbox) and not through implied actions.
• App Marketplace Privacy Information: We will accurately complete any required privacy information sections on app distribution platforms (e.g., data safety sections, privacy nutrition labels). This includes providing clear and comprehensive details about:
  • What data we collect from users (including data collected by third-party SDKs).
  • How that data is used.
  • Whether the data is linked to the user's identity.
  • Whether the data is used for tracking purposes.This information will be publicly visible on our App's listing page on such platforms to help users understand our privacy practices before they download the App.

12. Links to Other Websites

Our App may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. We may also notify you through other means, such as email or a prominent notice within the App, prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or our practices, please contact us:

By email: support@classveew.com