SproutScript icon SproutScript โ† Back to home

๐Ÿ”’ Privacy Policy

UK GDPR compliant ยท Last updated 8 June 2026

1. Who we are

SproutScript is a childminding management application operated by SproutScript (the "Controller"). We are based in the United Kingdom.

Data enquiries: SproutScriptApp@gmail.com

We are registered with the Information Commissioner's Office (ICO) as a data controller.

2. What data we collect

We collect and process the following categories of personal data:

  • Childminder accounts: name, email address, phone number, business name
  • Parent accounts: name, email address, phone number
  • Children's data: name, date of birth, photo, allergies, medical notes, emergency contacts, attendance records, development progress (EYFS), activity logs, meal records, photographs
  • Payment data: subscription status, billing history (payment card details are handled exclusively by Stripe and never stored by SproutScript)
  • Usage data: login timestamps, app settings

Children's data is classified as sensitive personal data and is handled with the highest level of care.

3. Lawful basis for processing

We process personal data under the following lawful bases (UK GDPR Article 6):

  • Contract: to provide the childminding management service you have subscribed to
  • Legitimate interests: to improve the app, prevent fraud, and maintain security
  • Legal obligation: to comply with Ofsted record-keeping requirements

For children's special category data, we rely on explicit consent from the childminder acting as the data controller for their setting, and the written consent of parents/guardians.

4. How we use your data

Your data is used to:

  • Provide and operate the SproutScript service
  • Enable communication between childminders and parents
  • Store attendance, activity, meal and development records
  • Process subscription payments via Stripe
  • Send in-app notifications
  • Comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising purposes.

5. Data sharing & third parties

We share data only with trusted processors necessary to operate the service:

  • Firebase (Google): cloud database, authentication, and file storage โ€” servers located in Europe (europe-west2)
  • Stripe: payment processing โ€” certified PCI DSS Level 1 compliant

All third-party processors are bound by data processing agreements and may not use your data for their own purposes.

6. Data retention

We retain personal data for as long as your account is active. Upon account deletion:

  • Your account data is deleted within 30 days
  • Children's records are deleted within 30 days
  • Payment records are retained for 7 years as required by HMRC
  • Backup copies are purged within 90 days

Childminders are responsible for retaining any records required by Ofsted for their own regulatory compliance.

7. Your rights

Under UK GDPR you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data ("right to be forgotten")
  • Right to restriction: limit how we process your data
  • Right to portability: receive your data in a machine-readable format
  • Right to object: object to processing based on legitimate interests

To exercise any right, email SproutScriptApp@gmail.com. We will respond within 30 days.

8. Children's data

SproutScript processes children's personal data on behalf of registered childminders. The childminder is the data controller for their setting. SproutScript acts as a data processor.

Childminders are responsible for:

  • Obtaining written consent from parents/guardians before adding a child to the app
  • Informing parents of the data held
  • Complying with their own Ofsted and data protection obligations

Parents may request access to or deletion of their child's data by contacting their childminder directly.

9. Security

We implement appropriate technical and organisational measures to protect your data:

  • All data is encrypted in transit (TLS 1.3) and at rest
  • Firebase authentication with email verification
  • Optional biometric login using device-level security
  • Access controls ensuring childminders only see their own data
  • Parents only access data for their own children

If you discover a security vulnerability, please report it to SproutScriptApp@gmail.com.

10. Cookies & analytics

SproutScript does not use cookies. The app does not include third-party analytics or tracking SDKs. Firebase may collect limited technical diagnostics data to maintain service reliability.

This website (sproutscript.co.uk) likewise sets no cookies and uses no analytics or tracking. Fonts are loaded from Google Fonts, which may log standard technical request data (such as IP address) to serve the font files.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app. Continued use after changes constitutes acceptance of the updated policy.

Last updated: 8 June 2026

12. Contact & complaints

Data Controller: SproutScript
Email: SproutScriptApp@gmail.com

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113

๐Ÿ“ง Submit a data request