Last updated June 3, 2026

Privacy Policy

Effective date: June 3, 2026

This Privacy Policy explains what KidsBooked, LLC (“KidsBooked”, “we”, “us”, or “our”) does with information about you when you use kidsbooked.com, our apps, and related services (together, the “Service”). It covers parents and account holders, camp and program providers (“Providers”), and visitors to our website.

If a term is capitalized but not defined here, it has the meaning given in our Terms of Use.

At a glance

We’re a family-focused service. Children cannot create accounts. Parents can add limited information about their children to help search and book programs.
We collect the minimum we reasonably need to run the Service: account info, search and booking activity, and what you upload.
About kids, we collect less than you might expect. A first name, a birth month and year (not a full date of birth), and broad filtering categories like “needs 1-on-1 attention.” Not medical records.
When you book a camp, we share the booking with the Provider so they can welcome your child. That’s the whole point.
We do not sell your personal information. We use Google Analytics, which some state laws may treat as “sharing” for analytics purposes. You can opt out below.
We use a small set of well-known service providers (Google/Firebase, Stripe, AWS, Mailchimp, Sentry, Google Maps) to run the Service. We name them in this policy.
You have rights to access, correct, delete, and export your data — and to opt out of certain uses. Email [email protected] to exercise them.

1. Who we are

KidsBooked, LLC is a North Carolina limited liability company.

Mail: 104 Purple Leaf Pl., Suite 100, Carrboro, NC 27510
Email: [email protected]

KidsBooked is operated for users in the United States.

2. Information we collect

2.1 Information you give us

If you’re a parent or account holder, we collect:

Account info: name, email address, password (hashed — we never see it in the clear), and optional phone number.
Profile and preferences: your home address or general location (used for search), interests, and notification preferences.
About your children (added by you): first name, birth month and year (we do not collect day of birth), and broad filtering categories you select to help us surface fitting programs. Filtering categories are deliberately broad (for example, “needs 1-on-1 attention”) and are not medical records or diagnoses.
Bookings and search activity: programs you save, search for, and book.
Uploads: any photos, files, or other content you upload to the Service (“Your Content”, as defined in the Terms of Use).
Payments: when you pay for a subscription or booking, our payment processor (Stripe) collects your payment method details directly. We receive a token and limited transaction data — we do not store full card numbers on our servers.
Communications: the contents of any messages you send us (support requests, feedback, etc.).

If you’re a camp or program Provider, we collect:

Business contact info: organization name, business address, contact email and phone, EIN or tax information where needed for billing or compliance. Much of this is publicly available business information.
Listing content: descriptions, photos, staff or instructor names and photos you choose to publish on your listings, scheduling and pricing information.
Billing details for any paid plan, processed through Stripe as above.

If you’re a website visitor (not signed in):

Anything you submit through a contact, newsletter, or inquiry form (typically name and email).

2.2 Information we collect automatically

When you use the Service, we (and our service providers) automatically collect:

Device and connection data: IP address, browser type and version, operating system, device identifiers, language, and time zone.
Usage data: pages you visit, links and buttons you click, search terms, referring URL, time stamps, and similar interactions. We capture some of this as first-party events in our own database.
Cookies and similar technologies: see Section 7.

We do not record video of your session, mouse movements, or keystrokes.

2.3 Information from third parties

Sign-in providers: if you sign in with Google (or another supported provider), we receive basic profile information from that provider (name, email, and a unique identifier).
Public sources: for Providers, we may verify or supplement business information (e.g., EIN) using publicly available records.

3. How we use information

We use information to:

Provide and run the Service — create your account, authenticate you, run searches, save your data, process bookings, and send transactional messages (booking confirmations, password resets, account alerts).
Match parents with programs and Providers — for example, surfacing camps that fit a child’s age and the filtering categories you’ve selected.
Process payments — for subscriptions and bookings, through Stripe.
Secure the Service — detect, prevent, and respond to fraud, abuse, security incidents, and Terms violations.
Communicate with you — respond to support requests, send Service announcements, and (with your opt-in) send our newsletter or marketing content.
Improve the Service — understand which features are used and how, debug issues, and design new features. We use aggregated and de-identified data wherever possible.
Comply with the law — respond to lawful requests, enforce our Terms, and protect rights, property, and safety.

We do not use children’s information for advertising or to build advertising profiles.

We share information only as described below.

4.1 With Providers when you book

When you book a program through KidsBooked, we share the booking details with that Provider so they can prepare for and welcome your child. This typically includes the parent’s name and contact info, the child’s first name, age (derived from the birth month and year you provided), and the filtering categories you selected that are relevant to that program (e.g., “needs 1-on-1 attention”). Once the Provider receives this information, the Provider becomes a separate data controller for that data and its own privacy practices apply to its handling of it.

4.2 With service providers (subprocessors)

We use a small number of trusted vendors to run the Service. They access information only to perform services for us, and they are contractually required to protect it and not use it for their own purposes. As of the effective date above, these include:

Vendor	Used for	Type of data
Google	Authentication, database, file storage, serverless functions, abuse prevention (App Check / reCAPTCHA Enterprise), address autocomplete and map display, aggregate usage measurement, and loading of measurement scripts	All Service data; addresses and approximate location; cookies, IP address, device, and page-view events
Stripe	Payment processing (subscriptions and bookings)	Name, email, billing address, payment method (tokenized)
Amazon Web Services (SES)	Transactional email delivery (booking confirmations, account messages)	Name, email, message contents
Mailchimp	Newsletter and marketing email (only if you opt in)	Name, email, engagement data
Sentry	Error monitoring and debugging	Error stack traces, page URL, signed-in user ID, browser/device info

We may use third-party AI tools internally (for engineering and operations) without sending your personal information to them. If we ever change that — for example, by using an AI service to process Your Content as part of a Service feature — we will update this Policy, configure the provider not to retain or train on Your Content, and disclose the provider here.

If we update this list, the change will be reflected in this Policy.

4.3 For legal and safety reasons

We may disclose information if we believe in good faith that doing so is necessary to:

comply with a law, regulation, court order, subpoena, or other lawful request;
enforce our Terms of Use or other agreements;
detect, prevent, or address fraud, abuse, security issues, or technical problems;
protect the rights, property, or safety of KidsBooked, our users (especially children), or the public.

4.4 In a business transfer

If KidsBooked is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will require any successor to honor this Policy or to notify you and provide a reasonable choice if material practices change.

4.5 What we do not do

We do not sell your personal information for money.
We do not share children’s information for advertising or to build advertising profiles.
We do not rent or trade contact lists.

5. Children’s privacy (COPPA)

KidsBooked is designed to help parents find and book programs for their children. No child may create an account. Only a parent or legal guardian over the age of 18 may create a KidsBooked account, and only that adult may add information about a child.

When you sign up, you must affirm that you are the parent or legal guardian of any child you add to your account and that you consent on that child’s behalf to our collection of the limited information described below. This consent is collected as part of account creation, and you may withdraw it at any time by deleting the child’s profile or by contacting us at [email protected].

5.2 What we collect about children, and from whom

We collect information about children only from the parent or legal guardian who added them to a KidsBooked account. We do not solicit information directly from children.

What we collect about a child:

First name
Birth month and year (we deliberately do not collect day of birth)
Filtering categories the parent selects — broad, non-clinical descriptors used to match programs (for example, “needs 1-on-1 attention”)

We do not collect:

Full date of birth
Last name
Address, phone, or email of the child
Photos of the child (unless the parent chooses to upload one)
Medical records, diagnoses, prescriptions, or other clinical information
School name, location data about the child, or contact details for the child’s teachers
Government identifiers

5.3 How we use it, and who sees it

We use information about a child only to:

show that child’s profile within the parent’s account,
help match the family with suitable programs, and
share booking details with the Provider when the parent books a program (see Section 4.1).

We do not use children’s information for advertising, advertising profiling, behavioral targeting, or to build profiles for any non-Service purpose.

5.4 Parental rights

As the parent or guardian, you may at any time:

review the information we hold about your child,
update or correct it directly in your account, or by emailing us,
delete a child’s profile (which removes the information from active systems within 5 business days and from backups within 90 days, except where we must retain it for legal reasons), and
withdraw your consent and refuse further collection.

Contact [email protected] to exercise any of these rights.

6. Communications

Transactional messages (booking confirmations, password resets, security alerts, important Service notices) are part of the Service and you cannot opt out of these while you have an active account.
Newsletter and marketing emails are opt-in. You can unsubscribe at any time using the “Unsubscribe” link in any marketing email, or by emailing [email protected].
SMS: We do not currently send marketing SMS. If you provide a phone number for two-factor authentication or phone sign-in, we will use it only for that purpose. If we add SMS messaging in the future, we will obtain your opt-in consent at the point of collection and you will be able to reply STOP to opt out. Message and data rates may apply; consent is never a condition of purchase.

7. Cookies and similar technologies

We and our service providers use cookies, local storage, and similar technologies to:

keep you signed in,
remember preferences,
support feature flags and A/B experiments (for example, a kb_uid cookie identifies your visit so a homepage variant displays consistently),
measure how the Service is used in aggregate (Google Analytics, Google Tag Manager),
prevent abuse (Google’s App Check / reCAPTCHA Enterprise).

You can configure your browser to refuse cookies or to alert you when cookies are sent. If you refuse cookies, parts of the Service may not function correctly (for example, sign-in).

7.1 Global Privacy Control (GPC) and “Do Not Track”

If your browser sends a recognized Global Privacy Control (GPC) signal, we treat it as a request to opt out of any “sharing” of your personal information for cross-context behavioral advertising and analytics purposes covered by California and other state privacy laws. We do not currently respond to “Do Not Track” browser signals, because there is no consistent industry standard for how to do so.

7.2 Opting out of Google Analytics

You can install Google’s browser opt-out add-on at tools.google.com/dlpage/gaoptout. Sending a GPC signal also instructs us to opt you out of GA-based “sharing.”

8. Your privacy rights

Regardless of where you live in the United States, you can:

Access the personal information we hold about you.
Correct information that is inaccurate or out of date — most of this you can do directly in your account.
Delete your account and personal information (with limited exceptions where law requires us to keep records, e.g., transaction history for tax compliance).
Export a copy of your data in a portable format.
Opt out of marketing emails.
Withdraw consent for any processing that depends on your consent.

To exercise any of these rights, email [email protected] from the email address on your account, or use the in-product controls where available. We will verify your identity before acting on a request. We will respond within the time required by applicable law (typically 45 days; we may extend by another 45 days where reasonably necessary, and will tell you if we do).

We will not discriminate against you for exercising any of these rights.

8.1 California residents (CCPA / CPRA)

If you are a California resident, you have, in addition to the rights above:

The right to know what categories of personal information we have collected about you in the prior 12 months, the categories of sources, the business purposes for collection, and the categories of third parties to whom we have disclosed it. See Sections 2 and 4 for the standing disclosure; you may also request a specific report.
The right to delete personal information we have collected from you, subject to legal exceptions (e.g., to complete a transaction, comply with law, or detect security incidents).
The right to correct inaccurate personal information.
The right to opt out of “sale” or “sharing” of your personal information. We do not sell personal information for money. We do use analytics services (Google Analytics, Google Tag Manager) that under California law may be considered “sharing” for cross-context behavioral advertising or analytics purposes. You may opt out by (a) sending a Global Privacy Control signal from your browser, (b) using Google’s opt-out tool linked in Section 7.2, or (c) emailing [email protected].
The right to limit use of sensitive personal information. The information we collect that may be considered “sensitive” under California law is limited (e.g., account credentials and limited family information). We do not use sensitive personal information to infer characteristics about you for purposes other than providing the Service.
The right to non-discrimination for exercising your rights.

You may use an authorized agent to make a request on your behalf; we will require proof of authorization and may verify directly with you.

We do not knowingly sell or share for cross-context behavioral advertising the personal information of any consumer under 16 years of age.

8.2 Residents of other states with comprehensive privacy laws

If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Indiana, Kentucky, or Tennessee, you have rights similar to those described above — including the right to access, correct, delete, port your data, and opt out of targeted advertising and the “sale” of your personal information (as those terms are defined in your state’s law). You can exercise these rights by emailing [email protected]. If we deny your request, you can appeal by replying to our response.

9. How long we keep your data

Active account data: for as long as you have an account with us.
After paid-plan cancellation: if you cancel a paid subscription, we will delete your data above the free tier within 60 days, unless you reactivate.
After account closure: within 5 business days from active systems, and within 90 days from system backups.
Children’s data: we delete a child’s information from active systems within 5 business days of you deleting the profile, and from backups within 90 days, except where we must retain it for legal reasons.
Legal and safety records: we may keep limited records (e.g., transaction history for tax compliance, abuse records to prevent re-abuse) for longer where required by law.

To request an export of your data before deletion, email [email protected].

10. How we protect your data

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information. These include encryption in transit, encryption at rest for sensitive fields, access controls limiting employee access to a need-to-know basis, abuse and bot prevention (App Check, reCAPTCHA Enterprise), and error monitoring.

No system is perfectly secure, and we cannot guarantee absolute security. If we ever experience a security incident that affects your personal information, we will notify you and applicable authorities as required by law.

11. Children’s accounts (the rules)

To repeat what’s set out in our Terms of Use:

KidsBooked is for adults age 18 and older.
Children cannot create their own accounts.
Parents and legal guardians create accounts and add limited information about their children.

If we learn that a child has somehow created an account without parental involvement, we will delete it. If you believe this has happened, please email [email protected] and we will act promptly.

12. Changes to this Privacy Policy

We may update this Policy from time to time. If we make a material change, we will notify you by email or through the Service at least 30 days before the change takes effect, and update the “Effective date” above. If you continue to use the Service after the effective date, you accept the updated Policy. If you do not agree, you may close your account.

13. Contact us

If you have any questions about this Privacy Policy or want to exercise any of your rights, contact us:

Email: [email protected]
Mail: KidsBooked, LLC, 104 Purple Leaf Pl., Suite 100, Carrboro, NC 27510

Privacy Policy

Privacy Policy

At a glance

1. Who we are

2. Information we collect

2.1 Information you give us

2.2 Information we collect automatically

2.3 Information from third parties

3. How we use information

4. Who we share it with

4.1 With Providers when you book

4.2 With service providers (subprocessors)

4.3 For legal and safety reasons

4.4 In a business transfer

4.5 What we do not do

5. Children’s privacy (COPPA)

5.1 Parental consent

5.2 What we collect about children, and from whom

5.3 How we use it, and who sees it

5.4 Parental rights

6. Communications

7. Cookies and similar technologies

7.1 Global Privacy Control (GPC) and “Do Not Track”

7.2 Opting out of Google Analytics

8. Your privacy rights

8.1 California residents (CCPA / CPRA)

8.2 Residents of other states with comprehensive privacy laws

9. How long we keep your data

10. How we protect your data

11. Children’s accounts (the rules)

12. Changes to this Privacy Policy

13. Contact us