Privacy Policy
Last updated: 8 January 2026
Little Starlings ("we", "us", "our") is committed to protecting your privacy and the privacy of the children in your care. This Privacy Policy explains how we collect, use, and protect personal data when you use our platform.
Summary: We only collect data necessary to provide our services. We never sell your data. Children's data receives the highest level of protection. You can request deletion of your data at any time.
1. Who We Are
Little Starlings provides a cloud-based booking and management platform for nurseries and preschools. For the purposes of UK GDPR:
- Data Controller: Your nursery/organisation controls the personal data uploaded to the platform
- Data Processor: Little Starlings processes data on behalf of your organisation
Contact: privacy@littlestarlings.com
2. Data We Collect
2.1 Account Data (Nursery Customers)
When you sign up, we collect:
- Organisation name and address
- Contact name, email address, and phone number
- Billing information (processed securely by Stripe)
- Account preferences and settings
2.2 Staff Data
When staff accounts are created:
- Name and email address
- Role and permissions within the system
- Login activity and usage data
2.3 Parent/Guardian Data
When parents are added to the system:
- Name, email address, phone number
- Relationship to child(ren)
- Communication preferences
- Billing and payment history
2.4 Children's Data
The following data about children may be stored:
- Name and date of birth
- Funded hours entitlement and funding codes
- Session bookings and attendance records
- Any notes added by staff (medical, dietary, developmental)
Special Category Data: We may process special category data (such as health information) where necessary for the child's care. This is processed under the "vital interests" or "explicit consent" lawful bases.
2.5 Technical Data
We automatically collect:
- IP address and browser type
- Device information
- Pages visited and features used
- Error logs and performance data
3. How We Use Your Data
| Purpose | Lawful Basis |
|---|---|
| Providing our booking and management services | Contract performance |
| Processing payments and invoices | Contract performance |
| Sending service-related emails (bookings, invoices) | Contract performance |
| Customer support | Contract performance / Legitimate interests |
| Improving our platform | Legitimate interests |
| Security and fraud prevention | Legitimate interests / Legal obligation |
| Marketing communications (with consent) | Consent |
4. Children's Privacy
We take the protection of children's data extremely seriously:
- Data Minimisation: We only collect data necessary for childcare operations
- Access Control: Only authorised staff within your organisation can access children's records
- Encryption: All children's data is encrypted at rest and in transit
- No Marketing: We never use children's data for marketing purposes
- No Third-Party Sharing: We never share children's data with third parties except as required by law
5. Data Sharing
5.1 We Share Data With:
- Stripe: For payment processing (PCI-DSS compliant)
- Email providers: For sending transactional emails
- Hosting providers: Our servers are hosted on secure, UK/EU-based infrastructure
5.2 We Never:
- Sell your data to third parties
- Use your data for advertising
- Share children's data with third parties for their own purposes
5.3 Legal Requirements
We may disclose data if required by law, court order, or to protect our legal rights.
6. Data Security
We implement robust security measures including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Two-factor authentication available for all accounts
- Automatic session timeouts
- Regular staff security training
- Incident response procedures
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of subscription + 90 days |
| Children's records | As directed by customer (typically until child leaves + 3 years) |
| Financial records | 7 years (legal requirement) |
| Server logs | 90 days |
| Deleted account data | Permanently deleted within 90 days of request |
8. Your Rights (UK GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a portable format
- Object: Object to certain processing activities
- Withdraw Consent: Where processing is based on consent
To exercise these rights, contact: privacy@littlestarlings.com
We will respond within 30 days.
9. Cookies
9.1 Essential Cookies
We use essential cookies for:
- Keeping you logged in
- Security (CSRF protection)
- Session management
These cookies are necessary for the platform to function and cannot be disabled.
9.2 Analytics Cookies
With your consent, we may use analytics cookies to understand how the platform is used and improve our services. You can opt out at any time.
10. International Transfers
Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Other approved transfer mechanisms
11. Data Breaches
In the event of a personal data breach:
- We will notify the ICO within 72 hours where required
- We will notify affected customers without undue delay
- We will provide guidance on protective measures
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification at least 30 days before they take effect.
13. Complaints
If you're unhappy with how we handle your data, please contact us first at privacy@littlestarlings.com.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
14. Contact Us
For any privacy-related questions:
- Email: privacy@littlestarlings.com
- General enquiries: hello@littlestarlings.com