MyKidRoute, LLC ("MyKidRoute") is committed to protecting the privacy of families and children who use our platform. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data and your child's data.
2. Data We Collect
About parents and guardians:
Name, email address, phone number
Government-issued ID (for identity verification, stored encrypted)
Selfie photo (compared to ID via AWS Rekognition; deleted after 30 days)
Payment method (tokenized via Stripe — we never store card numbers)
Account activity and session logs
About children:
Name, date of birth, grade, school
Photo (for driver verification at pickup)
Disability and special-needs flags (IEP, 504 plan, wheelchair needs, etc.)
Medical notes and emergency protocols (encrypted at rest with AES-256-GCM)
Ride history and GPS coordinates (purged after 90 days)
3. How We Use Your Data
Matching children with drivers and scheduling rides
Real-time ride tracking and parent notifications
Driver briefing for special-needs accommodations
Pickup identity verification (PIN and QR codes)
Billing and payment processing via Stripe
Fraud prevention and platform safety
Regulatory compliance (TNC reporting, COPPA)
Service improvement and analytics (never sold to third parties)
4. Data Sharing
We share data only as necessary to provide the service:
Drivers: child name, photo, grade, special-needs briefing (for the specific ride only)
Schools: ride status and arrival confirmation (with signed FERPA Data Sharing Agreement)
Stripe: payment processing under their Services Agreement
Checkr: driver background checks under their platform agreement
Google Maps: routing and ETA calculation (no personal data sent)
AWS Rekognition: selfie-to-ID matching only — no facial vectors stored
We do not sell, rent, or share personal information with advertisers or data brokers. We do not use child data for behavioral advertising.
5. Data Retention
GPS ride coordinates: deleted 90 days after ride completion
Selfie photos: deleted within 30 days of identity verification
Ride records: retained for 7 years for regulatory compliance
Account data: retained until deletion is requested, then removed within 45 days
6. Your Rights
You have the right to:
Access a copy of all data we hold about you and your children
Correct inaccurate information
Request deletion of your account and all associated data
Withdraw consent for marketing communications at any time
Opt out of analytics (contact us at privacy@mykidroute.com)
To exercise these rights, go to Account → Privacy in the app, or email privacy@mykidroute.com.
7. Security
We use TLS encryption in transit, AES-256-GCM encryption at rest for sensitive fields, role-based access controls, and regular security audits. We maintain a Written Information Security Plan (WISP) as required by applicable law. In the event of a breach affecting your data, we will notify you within 30 days.
8. California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, email privacy@mykidroute.com.
9. Contact
Privacy questions or requests: privacy@mykidroute.com · Privacy Officer, MyKidRoute LLC, 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, United States · legal@mykidroute.com