Privacy Policy

Effective January 1, 2026 · Version 1.0

1. Overview

MyKidRoute, LLC ("MyKidRoute") is committed to protecting the privacy of families and children who use our platform. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data and your child's data.

2. Data We Collect

About parents and guardians:

  • Name, email address, phone number
  • Government-issued ID (for identity verification, stored encrypted)
  • Selfie photo (compared to ID via AWS Rekognition; deleted after 30 days)
  • Payment method (tokenized via Stripe — we never store card numbers)
  • Account activity and session logs

About children:

  • Name, date of birth, grade, school
  • Photo (for driver verification at pickup)
  • Disability and special-needs flags (IEP, 504 plan, wheelchair needs, etc.)
  • Medical notes and emergency protocols (encrypted at rest with AES-256-GCM)
  • Ride history and GPS coordinates (purged after 90 days)

3. How We Use Your Data

  • Matching children with drivers and scheduling rides
  • Real-time ride tracking and parent notifications
  • Driver briefing for special-needs accommodations
  • Pickup identity verification (PIN and QR codes)
  • Billing and payment processing via Stripe
  • Fraud prevention and platform safety
  • Regulatory compliance (TNC reporting, COPPA)
  • Service improvement and analytics (never sold to third parties)

4. Data Sharing

We share data only as necessary to provide the service:

  • Drivers: child name, photo, grade, special-needs briefing (for the specific ride only)
  • Schools: ride status and arrival confirmation (with signed FERPA Data Sharing Agreement)
  • Stripe: payment processing under their Services Agreement
  • Checkr: driver background checks under their platform agreement
  • Google Maps: routing and ETA calculation (no personal data sent)
  • AWS Rekognition: selfie-to-ID matching only — no facial vectors stored

We do not sell, rent, or share personal information with advertisers or data brokers. We do not use child data for behavioral advertising.

5. Data Retention

  • GPS ride coordinates: deleted 90 days after ride completion
  • Selfie photos: deleted within 30 days of identity verification
  • Ride records: retained for 7 years for regulatory compliance
  • Account data: retained until deletion is requested, then removed within 45 days

6. Your Rights

You have the right to:

  • Access a copy of all data we hold about you and your children
  • Correct inaccurate information
  • Request deletion of your account and all associated data
  • Withdraw consent for marketing communications at any time
  • Opt out of analytics (contact us at privacy@mykidroute.com)

To exercise these rights, go to Account → Privacy in the app, or email privacy@mykidroute.com.

7. Security

We use TLS encryption in transit, AES-256-GCM encryption at rest for sensitive fields, role-based access controls, and regular security audits. We maintain a Written Information Security Plan (WISP) as required by Massachusetts law. In the event of a breach affecting your data, we will notify you within 30 days.

8. California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, email privacy@mykidroute.com.

9. Contact

Privacy questions or requests: privacy@mykidroute.com · MyKidRoute, LLC, Lawrence, MA 01840.