Data Processing Addendum
This Data Processing Addendum (DPA) explains how KidPro processes personal data on behalf of the childcare organizations that use our platform.
Last Updated: July 7, 2026
1. Purpose
The purpose of this DPA is to define the responsibilities of KidPro when processing Personal Data on behalf of Customer and to establish appropriate safeguards for the protection of such data.
KidPro processes Personal Data only to provide the Services described in the applicable subscription agreement, Terms of Service, or other written agreement with the Customer.
2. Definitions
For purposes of this DPA:
- Controller means the entity that determines the purposes and means of processing Personal Data.
- Processor means the entity that processes Personal Data on behalf of the Controller.
- Personal Data means any information relating to an identified or identifiable natural person.
- Processing means any operation performed on Personal Data, including collection, storage, use, transmission, disclosure, deletion, or destruction.
- Subprocessor means a third party engaged by KidPro to assist in providing the Services.
3. Scope of Processing
KidPro processes Personal Data solely to provide the childcare management services requested by the Customer. Processing activities may include:
- Hosting Customer Data
- User authentication
- Data storage
- Attendance tracking
- Parent communications
- Billing support
- Incident reporting
- Reporting and analytics
- Customer support
- Software maintenance
- Security monitoring
- Backup and disaster recovery
KidPro will not process Personal Data for unrelated purposes or sell Customer Data.
4. Categories of Personal Data
Depending on the Customer's use of the Services, Personal Data processed may include:
Child Information
- Name
- Date of birth
- Attendance records
- Classroom assignments
- Learning progress
- Daily activities
- Meal records
- Nap schedules
- Health information entered by the Customer
- Allergies
- Medication administration records
- Photos
- Incident reports
Parent and Guardian Information
- Names
- Email addresses
- Phone numbers
- Mailing addresses
- Emergency contacts
- Authorized pickup information
- Billing information
Staff Information
- Names
- Contact information
- User roles
- Attendance records
- Employment-related information entered by the Customer
System Information
- IP addresses
- Login history
- Device identifiers
- Audit logs
- Application usage information
5. Customer Responsibilities
The Customer represents and warrants that it:
- Has all necessary legal authority to collect and provide Personal Data to KidPro.
- Has obtained any required parental, guardian, employee, or user consents.
- Will comply with applicable privacy and data protection laws.
- Will provide accurate instructions regarding the processing of Personal Data.
- Will respond to requests from data subjects where required by law.
The Customer remains the Controller of all Customer Data.
6. KidPro Responsibilities
KidPro agrees to:
- Process Personal Data only on documented instructions from the Customer, unless required by law.
- Maintain appropriate technical and organizational security measures.
- Restrict access to authorized personnel.
- Ensure personnel are subject to confidentiality obligations.
- Assist the Customer with reasonable requests relating to Personal Data.
- Notify the Customer of confirmed security incidents involving Personal Data as required by applicable law.
- Delete or return Customer Data upon termination of the Services, subject to legal retention obligations.
7. Security Measures
KidPro maintains reasonable administrative, technical, and physical safeguards designed to protect Personal Data. Security measures include, where applicable:
- Encryption of data in transit using TLS.
- Encryption of sensitive data at rest.
- Role-based access controls.
- Strong authentication practices.
- Audit logging.
- Security monitoring.
- Backup and disaster recovery procedures.
- Employee confidentiality agreements.
- Secure software development practices.
- Access reviews and least-privilege principles.
KidPro may update these measures from time to time provided that overall security is not materially reduced.
8. Confidentiality
KidPro shall ensure that all personnel authorized to process Personal Data:
- Are informed of the confidential nature of the data.
- Are subject to confidentiality obligations.
- Receive appropriate security and privacy awareness training.
- Access Personal Data only when necessary to perform assigned responsibilities.
9. Subprocessors
Customer authorizes KidPro to engage trusted subprocessors to support the Services. Subprocessors may provide services including:
- Cloud infrastructure
- Payment processing
- Email delivery
- SMS messaging
- Authentication
- Monitoring
- Customer support
- Backup services
- Analytics
KidPro remains responsible for ensuring that subprocessors are contractually obligated to protect Personal Data in a manner consistent with this DPA.
A current list of subprocessors will be made available to Customers upon reasonable request or published on the KidPro website.
10. International Data Processing
KidPro is headquartered in Ohio, United States. To provide the Services, authorized personnel located in the United States and India may access and process Personal Data for:
- Technical support
- Software development
- System maintenance
- Product improvements
- Security monitoring
- Customer support
- Troubleshooting
KidPro implements reasonable contractual, administrative, and technical safeguards to protect Personal Data processed by authorized personnel regardless of their geographic location.
Where required by applicable law, KidPro will implement appropriate safeguards for international data transfers.
11. Security Incident Notification
If KidPro becomes aware of a confirmed security incident affecting Personal Data processed on behalf of the Customer, KidPro will:
- Investigate the incident promptly.
- Take reasonable steps to contain and remediate the incident.
- Notify the Customer without undue delay where required by law or contractual obligation.
- Cooperate with the Customer in responding to the incident.
Notification does not constitute an admission of fault or liability.
12. Assistance with Data Subject Requests
Where legally required and reasonably feasible, KidPro will assist the Customer in responding to requests relating to:
- Access
- Correction
- Deletion
- Restriction of processing
- Data portability
- Objections to processing
Because the Customer acts as the Controller, requests from parents, guardians, employees, or other individuals should generally be directed to the Customer.
13. Data Retention and Deletion
KidPro retains Personal Data only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.
Upon termination of the Services and subject to applicable law:
- Customer may request export of Customer Data within the retention period established by KidPro.
- KidPro will securely delete or anonymize Personal Data after the applicable retention period unless continued retention is required by law.
14. Audit and Information Requests
Upon reasonable written request, KidPro will make available information reasonably necessary to demonstrate compliance with this DPA. Where appropriate, KidPro may satisfy audit requests through:
- Security documentation.
- Independent assessments.
- Compliance reports.
- Written responses to security questionnaires.
Any Customer audit must be reasonable in scope, scheduled in advance, and conducted in a manner that does not compromise the security, confidentiality, or operations of KidPro or other customers.
15. Limitation of Liability
The liability of each party under this DPA shall be subject to the limitations of liability set forth in the applicable Terms of Service unless otherwise agreed in writing.
16. Changes to this DPA
KidPro may update this DPA to reflect changes in applicable laws, regulations, security practices, or the Services.
Material changes will be communicated to Customers through the website, customer portal, or other reasonable means.
17. Governing Law
This DPA shall be governed by the laws of the State of Ohio, without regard to its conflict of law principles, unless otherwise required by applicable law or a separately negotiated agreement.
18. Contact Information
Questions regarding this Data Processing Addendum may be directed to:
- Honeycomb Technologies Ltd
- Doing Business As: KidPro
- Privacy Team: privacy@kidprosolutions.com
- Security Team: security@kidprosolutions.com
- General Support: admin@kidprosolutions.com
- Website: https://www.kidprosolutions.com
Contact Us
Questions About This DPA?
Questions regarding this Data Processing Addendum may be directed to our team.
Privacy Team
privacy@kidprosolutions.comSecurity Team
security@kidprosolutions.comCommitted to responsible data processing.
KidPro processes data solely to support the childcare organizations we serve, under the safeguards described in this Addendum.
