DocPassengerDocPassenger

Privacy Policy

Effective: May 20, 2026 · Version 2.0

Plain-language summary

DocPassenger is a daycare-enrollment platform built for U.S. daycare and early-childhood-education providers. Daycares use us to manage parent and child records, automatically fill state enrollment forms, and capture electronic signatures.

  • The daycare you enroll with owns the parent and child information you enter; we host and process it on the daycare's behalf.
  • We do not sell your information, do not show advertising, and do not use third-party trackers.
  • We do not use your information to train any artificial-intelligence model.
  • Children do not interact with the platform directly. All children's information is entered by a parent, a guardian, or an authorized daycare administrator.
  • Our Service is intended for use in the United States.

The sections below explain the details. If you have questions, contact privacy@docpassenger.com.

1. Who we are and our role

DocPassengeris operated by DocPassenger LLC, a California limited liability company (formation pending), headquartered in California (“DocPassenger”, “we”, “us”, or “our”). Our registered mailing address will be published here once formation is complete. For privacy questions, contact privacy@docpassenger.com.

Controller vs. processor

For information you submit through a daycare's account (your name, your child's information, emergency contacts, uploaded documents, signed forms): the daycare is the controller of that information, and DocPassenger is a service provider/processoracting on the daycare's behalf. The daycare decides why and how that information is used. We process it under our Data Processing Agreement with the daycare.

For visitor information on this website (such as a demo-interest submission) and for account and billing information (when applicable): DocPassenger is the controller.

2. Information we collect

Account information

  • Name, email address, and password (stored in hashed form by our authentication provider)
  • Phone number (optional)
  • Role (parent, daycare administrator, daycare staff, super administrator)

Family and parent/guardian information

  • Parent and guardian names, preferred language
  • Mailing address, email, phone number
  • Insurance provider, policy number, and group number (if provided on a form)
  • Uploaded identification documents (such as a driver's license image) where a state enrollment form requires one

Children's information

We collect children's information only as part of a daycare's enrollment process, only when a parent or authorized daycare administrator submits it, and only as necessary for that enrollment. See Section 8 (Children's privacy) for the full COPPA disclosure.

  • Name, date of birth, gender
  • School or childcare status
  • Allergies, medical conditions, medications, and immunization records
  • Doctor name and phone number
  • Other state-specific medical, dietary, or behavioral fields that your daycare's licensing forms require

Emergency contact information

  • Name, phone, email, relationship to the child, priority order, and any notes you add

Daycare staff information

  • Staff name, work email, phone, hire date
  • Driver's license number and expiration date
  • Certification expiration dates (such as CPR)

Electronic signature and audit information

  • An image of your drawn signature, or a typed-name signature image, captured through our in-house signing flow
  • Signer name, signer email, the document hash, the consent template version, the signing method (drawn or typed), and the signing timestamp
  • The IP address and (truncated) browser user-agent of the device used to sign, captured server-side as part of the signature audit record

Documents and enrollment data

  • Completed government enrollment forms, the field mappings used to fill them, and the data values entered into each field
  • Documents you upload to support an enrollment (such as ID images or doctor notes)

Usage and device information

  • Pages visited within the Service, features used, and approximate session timing
  • Device type, browser, and IP address of requests to our servers

Organization information

  • Daycare name, slug, uploaded logo, uploaded form templates, and the daycare administrator's contact information

Public-website submissions

  • If you submit our demo-interest form, your name, email, and daycare name

3. Sensitive personal information

Some of the information described in Section 2 is treated as “sensitive” under California and other U.S. state privacy laws. The categories of sensitive personal information we may process include:

  • Health and medical information, including allergies, medical conditions, medications, and immunization records
  • Biometric information used for identification — specifically, the image of your electronic signature, which our audit trail relies on to identify the signer
  • Government-issued identifiers, including a daycare staff member's driver's license number, and any uploaded identification documents (such as a driver's license image) that a parent attaches to an enrollment
  • Account log-in credentials, in the sense of authenticated session tokens

We use this sensitive information only to provide the Service to your daycare and to support enrollment, signing, and compliance with applicable child-care licensing laws. We do not use it for marketing, profiling for advertising, or inferring characteristics about you. California residents have a right to limit our use of sensitive personal information — see Section 10.

4. Sources of information

  • Directly from you when you create an account, complete enrollment, upload documents, or sign forms
  • From your daycare when a daycare administrator creates a record about your family or child, sends you an invitation, or uploads forms on your behalf
  • From third parties you tell us about — for example, an emergency contact whose name and phone number you enter
  • Automatically from your device, such as IP address and browser user-agent recorded by our servers and by our hosting provider

5. How we use information

We use the information described in Section 2 for the following purposes:

  • To operate the Service: account creation and authentication, multi-tenant isolation between daycares, and routing parents to the right enrollment
  • To auto-fill state enrollment forms using the family data you provide
  • To capture and store electronic signatures and to produce a tamper-evident audit trail for each signed document
  • To send service-related emails such as enrollment-status updates, review requests, completion notifications, and security notices
  • To protect the Service: rate-limit abusive traffic, detect and prevent fraud, investigate suspected security incidents, and enforce our Terms of Service
  • To comply with our legal obligations, including responses to lawful process
  • To improve the Service, in the form of aggregated and de-identified usage information that cannot reasonably be linked to you

We do not use your information for advertising, advertising-profile building, or cross-context behavioral advertising of any kind.

6. Automated processing and artificial intelligence

The Service uses limited automated processing to help daycare administrators map fields between uploaded form templates and the canonical data model. Where a high-confidence mapping cannot be determined from local heuristics, we send only the form-template structural metadata (widget type, section labels, candidate label text, and nearby text on the blank form) to an artificial-intelligence service provider for classification. We do not send the data values entered by parents or children to any artificial-intelligence service provider.

The artificial-intelligence service provider we currently use is OpenAI, L.L.C.; under our agreement with OpenAI, OpenAI is contractually prohibited from training its models on data sent through our application-programming-interface account. More generally, DocPassenger does not use your information to train any artificial-intelligence or machine-learning model.

The Service does not make decisions based solely on automated processing that produce legal or similarly significant effects on you. Auto-filled fields and field-mapping suggestions are recommendations subject to human review before they take effect.

7. How we disclose information

We do not sell your information and we do not share it with third parties for cross-context behavioral advertising. We disclose information only as follows:

To your daycare

  • The daycare you enroll with has access to the records you and your family submit, as needed to complete enrollment, review forms, and maintain the daycare's licensing records.

To service providers we engage to operate the Service (sub-processors)

Each sub-processor is bound by a written agreement that restricts the sub-processor to acting on our documented instructions, prohibits its use of your information for its own marketing or model-training purposes, and imposes security obligations consistent with this Privacy Policy and our Data Processing Agreement. The current sub-processors are:

  • Supabase, Inc. (United States) — managed database, authentication, and object storage for the Service.
  • OpenAI, L.L.C. (United States) — field-classification of blank form templates as described in Section 6. No enrollment-data values are sent.
  • Resend, Inc. (United States) — transactional email delivery (enrollment notifications, review requests, password resets).
  • Railway Corp. (United States) — compute hosting and managed background queues.

To comply with law or protect rights

  • To respond to subpoenas, court orders, or other lawful requests
  • To protect the rights, property, or safety of DocPassenger, our customers, or others, including to investigate suspected fraud or security incidents

In a business transaction

  • If we are acquired, merge with another company, or transfer assets, your information may be transferred as part of that transaction. We will give notice if the transferee's practices materially differ from this Privacy Policy.

We do not share your information with third parties for those third parties' own direct marketing purposes (see Section 12, California Shine the Light).

8. Children's privacy (COPPA)

DocPassenger's Service is offered to U.S. daycares and other early-childhood-education providers. We collect personal information about children under age 13 only as part of a daycare's enrollment process and only through parents, legal guardians, or the daycare's authorized administrators. The Service is not directed to children and children do not interact directly with the Service.

Our role under COPPA

Under the U.S. Children's Online Privacy Protection Act (“COPPA”) and the Federal Trade Commission's COPPA Rule (16 CFR Part 312), DocPassenger acts as the “operator” that collects children's personal information on a school-authorized basis at the direction of the daycare. The daycare authorizes our collection of children's information for the daycare's educational and care services in our Data Processing Agreement, consistent with the FTC's guidance on school-authorized consent. We do not use children's information for any commercial purpose other than providing the Service to the daycare.

What we collect about children

  • Name, date of birth, gender, school or childcare status
  • Allergies, medical conditions, medications, immunization records
  • Doctor name and phone number
  • Emergency-contact information that identifies the child's relationship to those contacts
  • Other fields required by the specific state enrollment forms the daycare uses (which can include behavioral notes, dietary restrictions, or photo-release indicators)

How we use children's information

  • To populate state enrollment forms on behalf of the daycare
  • To produce tamper-evident records of signed enrollment forms
  • To make children's information available to the daycare's authorized personnel for the purposes of enrollment, review, and licensing compliance

We do notuse children's information for advertising, marketing, profiling, or to train artificial-intelligence models.

Parental rights

Parents and legal guardians may, at any time:

  • Review the personal information we have collected about their child
  • Refuse to permit further collection or use of their child's information
  • Request deletion of their child's personal information

Because the daycare is the controller of the child's information, the most efficient way to exercise these rights is to contact the daycare directly. You may also contact us at privacy@docpassenger.com and we will route your request to the daycare and assist in the response. Some records may be retained as required by the daycare's state child-care licensing rules, by tax law, or as part of our tamper-evident signature audit trail (in which case identifying fields are replaced with one-way hashes as described in Section 11).

Disclosures of children's information

We disclose children's information only as described in Section 7. We do not disclose children's information to third parties for those third parties' own purposes, and we do not condition a child's participation in any activity on the disclosure of more children's information than is reasonably necessary.

9. Your rights — United States residents

Depending on the U.S. state where you reside, you may have some or all of the following rights with respect to the personal information that DocPassenger holds about you as a controller (visitor and account data). For information the daycare holds about you and your child as the controller, your daycare will fulfill the request and DocPassenger will assist them.

  • Right to know / access: request the categories of personal information collected, the sources, the purposes of processing, the categories of third parties to whom it is disclosed, and the specific pieces of personal information.
  • Right to correct: request that we correct inaccurate personal information.
  • Right to delete: request that we delete personal information we have collected from you, subject to permitted exceptions (such as records required for legal compliance, fraud prevention, security, or our tamper-evident signature audit trail).
  • Right to data portability: request a portable copy of the personal information you have provided to us.
  • Right to opt out of the sale or sharing of personal information: we do not sell or share your personal information for cross-context behavioral advertising, but you may submit an opt-out request and we will honor it.
  • Right to limit the use of sensitive personal information: California residents may direct us to limit our use of sensitive personal information to purposes specified by Cal. Civ. Code §1798.121.
  • Right to opt out of automated decisions / profiling with significant effects: we do not engage in this kind of automated decision-making (see Section 6).
  • Right to non-discrimination: we will not deny you the Service, charge you a different price, or provide you a different level or quality of service because you exercised a privacy right.
  • Right to appeal: if we deny your request, you may appeal by replying to our denial email or writing to privacy@docpassenger.com. We will respond to your appeal within the time required by your state's privacy law.

State-specific rights as of the effective date of this Policy include rights under the California Consumer Privacy Act / California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Tennessee Information Protection Act, the Delaware Personal Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Nebraska Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Maryland Online Data Privacy Act, the Iowa Consumer Data Protection Act, the Indiana Consumer Data Protection Act, the Kentucky Consumer Data Protection Act, the Rhode Island Data Transparency and Privacy Protection Act, and the Florida Digital Bill of Rights (where you meet the FDBR's thresholds). Some of these laws give rights only to residents who meet thresholds in the law itself.

How to exercise these rights

You can submit a request by writing to privacy@docpassenger.com or by using the in-product tools (Account Settings → Privacy) to download or delete your data. We may take reasonable steps to verify your identity before acting on a request. An authorized agent may submit a request on your behalf with your written permission and proof of identity.

Response timing

We acknowledge requests within 10 business days and respond to verifiable requests within 45 days, with one 45-day extension where reasonably necessary. We will tell you the reason for any extension.

10. Universal opt-out signals (GPC)

We honor the Global Privacy Control browser signal (Sec-GPC: 1) and other recognized universal opt-out preference signals to the extent required by U.S. state privacy laws. When your browser sends Global Privacy Control on a visit to our site, we treat it as a request to opt out of the sale or sharing of your personal information and, where applicable, to limit our use of your sensitive personal information.

You may also submit an opt-out preference at any time using the “Do Not Sell or Share My Personal Information” link in our website footer.

11. Data retention and deletion

We retain your information for as long as we need it to provide the Service to your daycare and to meet legal and licensing record-retention requirements.

  • Account records: retained while your account is active; deleted or pseudonymized within 30 days after you ask us to close your account, subject to the exceptions below.
  • Family, child, emergency-contact, and enrollment records: retained by the daycare for as long as the daycare requires under applicable state child-care licensing rules (typically 3 to 7 years after the child's last enrollment activity). When the daycare instructs us to delete a record, we delete it from the live Service within 30 days, subject to backup rotation and the audit-trail exception below.
  • Signature records and audit trail: our electronic-signature audit trail is by design tamper-evident and cannot be unilaterally deleted, because deletion would compromise the legal effect of the signed documents under the E-SIGN Act and the Uniform Electronic Transactions Act. When you ask for deletion, we replace identifying fields in the audit trail with one-way hashes so that the chain of evidence is preserved without continuing to identify you.
  • Security and audit logs: retained for a period appropriate to the operational and legal purposes they serve.
  • Backups: Personal data isolated in encrypted backup storage is purged on our backup rotation schedule (currently up to 30 days for daily backups and up to 90 days for off-site retention). We do not actively use backup data during that period.
  • Aggregated, de-identified data: data that cannot reasonably be linked to you may be retained indefinitely for product analytics and product improvement.

12. California Shine the Light, Nevada, and Do Not Track

California Shine the Light (Civ. Code §1798.83):we do not share personal information with third parties for those third parties' own direct marketing purposes.

Nevada SB 220: Nevada residents have a right to direct us not to sell covered personal information. We do not sell covered personal information. You may confirm this with us at privacy@docpassenger.com.

Do Not Track:browser “Do Not Track” signals are not interpreted consistently across the web. We do not engage in cross-site tracking, we do not load third-party advertising or analytics scripts, and we honor the Global Privacy Control signal as described in Section 10.

Financial incentives: we do not offer financial incentives or price/service differences in exchange for the collection of personal information.

13. Cookies and similar technologies

We use only the cookies and similar technologies that are strictly necessary to operate the Service:

  • Authentication cookies issued by our authentication provider to keep you signed in
  • Routing-hint cookies (such as a flag indicating that you have completed onboarding) that we read on the server to send you to the right page
  • Rate-limit identifiers derived from your IP address and session that prevent abusive traffic

We do not set advertising cookies and we do not load third-party analytics or tracking scripts. Our Content-Security-Policy excludes third-party scripts at the browser level.

14. Security

We protect your information using technical and organizational measures appropriate to the sensitivity of the data and to the size of our operations, including:

  • Encryption in transit using industry-standard TLS
  • Encryption at rest provided by our database and storage sub-processor (Supabase, certified SOC 2 Type 2)
  • Tenant isolation enforced at the database level by row-level security policies, so one daycare cannot see another daycare's records
  • Multi-factor authentication for DocPassenger personnel with administrative access
  • Hashed passwords (bcrypt or equivalent) stored by our authentication provider
  • A cryptographically chained, append-only audit trail for electronic signatures
  • HTTP Strict Transport Security, a strict Content-Security-Policy, and Permissions-Policy headers
  • Application-layer rate limiting on authentication, signup, and password-reset endpoints
  • Vulnerability monitoring of our software dependencies and risk-based patching

No system is perfectly secure. We do not guarantee that the Service or your information will not be subject to a security incident.

15. Security incident notification

If we discover a security incident affecting your personal information, we will notify the affected daycare as the controller without undue delay and in any event within 48 hours of discovery, and we will assist the daycare in providing notice to you and to regulators as required by applicable state breach-notification laws. Where DocPassenger is itself the controller of the affected information, we will notify you and the relevant authorities within the timeframes required by the law of your state of residence.

16. International users and visitors from outside the United States

The Service is intended for users in the United States. We do not target the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States. If you access the Service from outside the United States, you do so on your own initiative and you understand that your information will be processed in the United States. If we receive personal data from individuals in the European Economic Area, the United Kingdom, or Switzerland in connection with a daycare's use of the Service, we will apply appropriate safeguards (such as the European Commission's 2021 Standard Contractual Clauses) as described in our Data Processing Agreement.

17. Service providers and sub-processor changes

We will give daycare customers at least 30 days' advance notice (by email or by updating our sub-processor list) before adding a new sub-processor that processes personal data on our behalf, so the daycare can consider any reasonable objection under our Data Processing Agreement.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will give at least 30 days' advance notice of material changes by email to active account holders or by an in-product notice, and we will update the version number and effective date at the top of this page. Continued use of the Service after the new version's effective date constitutes acceptance of the updated Policy.

19. Contact us

For privacy questions or to exercise your rights, contact us at privacy@docpassenger.com.

DocPassenger LLC (a California limited liability company, formation pending) · California, United States. Our registered mailing address will be published here once formation is complete.