Legal & Policy Center

Safety & Child Protection Policy

v2.0

Effective Date: [EFFECTIVE DATE] Last Updated: [LAST UPDATED] Version: 2.0

KidStarter's highest priority is the safety and wellbeing of children. This Policy applies globally to all Users and all content on the Service. It forms part of the Agreement (see Terms of Service).

1. Core Safety Rules (All Markets)

1.1 No Identifying Information for Minors

Public content must not include any of the following for minors:

  • Full last names;
  • Home addresses, GPS coordinates, or directions;
  • Phone numbers, personal email addresses, or instant messaging handles;
  • Social media handles or usernames;
  • Government-issued ID numbers (SSN, NIN, SIN, passport);
  • School ID numbers or student numbers;
  • Medical, psychological, or behavioral health information;
  • Disciplinary or academic records;
  • Class rosters, bus routes, or extracurricular schedules;
  • Financial details about the student's family;
  • Any combination of information that, taken together, could reasonably identify or locate the child.

1.2 No School Location Disclosure by Default

For Campaigns involving minors, the following are prohibited by default unless explicitly approved under a safety review with documented consent from both the guardian and the school:

  • School name;
  • School logo;
  • School address;
  • Campus photographs showing identifiable features;
  • District-level identifiers that narrow location beyond the broad region.

1.3 Safe Images

  • Preferred: Head-and-shoulders images, or images with neutral backgrounds.
  • Avoid: Backgrounds showing classroom boards, rosters, name badges, student work with names, documents, mail, street signage, school signage, vehicles with license plates, or uniforms with visible school names.
  • Platform Controls: KidStarter may: (a) blur or remove backgrounds automatically or manually; (b) crop images; (c) offer avatar or cartoonization options; (d) reject images that pose safety risks.
  • No Exploitation: Images must not sexualize, objectify, degrade, or exploit minors in any way.

1.4 Prohibited Content — Zero Tolerance

The following are immediately removed and escalated to authorities:

  • Child Sexual Abuse Material (CSAM): Any sexual or sexually suggestive content involving minors.
  • Grooming: Any attempt to build a relationship with a minor for exploitation.
  • Solicitation: Any request for direct contact with a minor, personal information from a minor, or private communication with a minor.
  • Physical Abuse Content: Images or descriptions of physical abuse, severe punishment, or torture of minors.

1.5 Content Involving Distress

Campaign stories should focus on the educational need and positive impact, not on exploiting or sensationalizing a child's suffering, poverty, disability, or personal circumstances. KidStarter may edit or reject content that we determine could cause harm or distress to the Student if they were to see it.

2. Platform Controls

KidStarter implements multiple layers of safety controls:

ControlDescription
Verification GateAll Creators must pass identity and authority verification before creating Campaigns (see Verification Policy).
Pre-Publication ReviewAll Campaigns involving minors are reviewed by a trained human moderator before publication.
Automated PII DetectionText content is scanned for patterns matching phone numbers, email addresses, names, ID numbers, and addresses.
Image/OCR ScanningUploaded images are scanned for visible text, documents, badges, and identifying information.
Rapid TakedownContent that may endanger a child is removed first and reviewed second.
Comment/Update ModerationComments and Campaign updates are subject to moderation review, with automated pre-screening.
Access ControlsPrivate student data is accessible only to authorized personnel with documented need, under role-based access controls.
Audit LoggingAll moderation and administrative actions are logged with timestamps, actions, reasons, and responsible personnel.
Mandatory Reporting IntegrationSystems and procedures for reporting CSAM and suspected abuse to NCMEC (US), IWF (UK), Europol/national agencies (EU), and local law enforcement.
Staff TrainingAll moderation and support staff receive mandatory child safety training, updated annually.

3. Reporting

3.1 Report Safety Concerns

If you believe any content on the Service may endanger a child, or if you have any child safety concern, report it immediately:

  • In-App: "Report" button on any Campaign, comment, or profile
  • Email: [REPORT LINK OR EMAIL] — use subject line "URGENT: CHILD SAFETY" for immediate attention
  • Phone (if available): [SAFETY HOTLINE, if applicable]

3.2 Emergency

If a child is in immediate danger, contact your local emergency services first (e.g., 911 in the US, 999 in the UK, 112 in the EU), then notify KidStarter.

3.3 Response Times

  • Child safety reports: Triaged within 4 hours during business hours; as soon as reasonably possible outside business hours.
  • Content removal for child safety: Immediate upon confirmation of risk; review occurs before reinstatement, not before removal.

3.4 Whistleblower Protections

KidStarter will not retaliate against any User or employee who reports a child safety concern in good faith. Reports may be made anonymously.

4. Mandatory Reporting

4.1. KidStarter complies with all applicable mandatory reporting laws regarding child abuse, neglect, and exploitation.

4.2. Where KidStarter becomes aware of CSAM or has reasonable suspicion of child abuse or exploitation:

  • US: We report to the National Center for Missing & Exploited Children (NCMEC) via CyberTipline and, where required, to local law enforcement.
  • UK: We report to the Internet Watch Foundation (IWF), the National Crime Agency (NCA), and/or local police safeguarding teams.
  • EU/EEA: We report to the relevant national authority (e.g., Europol, national hotlines under the INHOPE network) and cooperate with cross-border investigations.
  • Canada: We report to the Canadian Centre for Child Protection and/or local police.

4.3. KidStarter preserves relevant data and evidence for law enforcement purposes in accordance with legal hold procedures.

5. Regional Notes

5.1 United Kingdom

  • We apply high-privacy defaults and age-appropriate design principles aligned with the ICO Children's Code (Age Appropriate Design Code).
  • We comply with the UK Online Safety Act obligations as applicable, including duty of care to protect children from harmful content.
  • We follow Department for Education (DfE) guidance on safeguarding children in educational settings.
  • Staff handling child-related content undergo DBS checks or equivalent where required.

5.2 EU/EEA

  • We follow GDPR data minimization, purpose limitation, and privacy-by-design principles.
  • We comply with applicable national implementations of the Audiovisual Media Services Directive (AVMSD) and the Digital Services Act (DSA) regarding the protection of minors online.
  • We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing involving children's data.
  • Where age of digital consent applies, we enforce the relevant threshold (13–16 depending on Member State).

5.3 United States

  • We design the Service so verified adults manage Campaigns — children do not interact directly with the Service.
  • If we obtain actual knowledge of collecting personal information directly from children under 13, we apply COPPA-aligned parental notice and verifiable consent, and provide parents with access and deletion rights.
  • We comply with applicable state child privacy laws, including California's AADC (AB 2273) and similar legislation.
  • We report CSAM to NCMEC as required under 18 U.S.C. § 2258A.

5.4 Canada

  • We follow PIPEDA meaningful consent and reasonable-purpose principles.
  • We provide guardian access, correction, and deletion pathways.
  • We comply with provincial child welfare reporting obligations.
  • We report child exploitation material to the Canadian Centre for Child Protection.

6. Staff and Volunteer Safety Standards

6.1. All KidStarter staff and contractors who have access to Campaign content involving minors, private Student data, or moderation functions are subject to:

  • background checks as permitted by applicable law;
  • mandatory child safety training (initial and annual refresher);
  • code of conduct requirements;
  • confidentiality and data protection obligations.

6.2. Staff who violate child safety policies are subject to immediate disciplinary action, up to and including termination and reporting to authorities.

7. Enforcement

7.1. Violations of this Policy may result in:

  • Immediate content removal;
  • Campaign pause or permanent removal;
  • Account suspension or permanent ban;
  • Forfeiture of undisbursed funds;
  • Reporting to payment processors;
  • Reporting to law enforcement and child protection authorities;
  • Preservation of evidence for legal proceedings.

7.2. For child exploitation and grooming violations, enforcement is immediate and permanent with no warning and no appeal.

8. Policy Review

This Policy is reviewed at least annually and updated to reflect changes in law, regulation, technology, and best practices. Material changes are communicated to Users.

9. Contact

Safety Reports: [REPORT LINK OR EMAIL] Privacy Inquiries: [PRIVACY EMAIL] General Support: [SUPPORT EMAIL]

help.title

Getting Started
Sign Up/registerFull Guide (PDF)
Create an account at /register. Choose your role: Donor (support students), Teacher (create campaigns for students), Parent/Guardian (create campaigns for your child), Corporate Sponsor (sponsor schools and campaigns), or Charity (collect tax-exempt donations). Your role determines which dashboard features you see.
💡 Tip: Use your school email address if you have one — it speeds up organization verification later.
Onboarding Wizard/onboarding
After registration, the onboarding wizard walks you through 4 steps: select your role, link your school/organization, choose a plan (Free, Teacher, or School), and confirm. You can skip and return later.
📝 Example: A teacher at Lincoln Elementary would: 1) Select "Teacher", 2) Search "Lincoln Elementary" in the org directory, 3) Choose the Free plan, 4) Confirm and land on their Creator Dashboard.
Plans & Pricing/pricing
KidStarter offers three plans: Free (1 campaign, basic features), Teacher Starter ($5/mo — up to 10 campaigns, share kit, priority review), and School Plan ($20/mo — multi-teacher, school dashboard, bulk tools). All plans include Stripe payments and donation receipts (tax-exempt receipts for charity-backed campaigns).
📈 Benchmark: Similar platforms charge 5–8% platform fees. KidStarter charges 0% platform fee — only Stripe's standard 2.9% + $0.30 processing fee applies.
Language Switcher
KidStarter supports 8 languages: English, Portuguese, Spanish, Hungarian, French, German, Slovak, and Czech. Click the flag icon in the top navigation bar to switch. Your preference is saved in a cookie and persists across sessions.
💡 Tip: The language auto-detects from your browser settings on first visit. Override it anytime with the flag switcher.
Campaigns
Creating a Campaign/dashboard/creatorFull Guide (PDF)
Navigate to your Creator Dashboard (/dashboard/creator) and click "Create Campaign". Fill in: student first name + last initial, their story, funding goal, category (STEM, Arts, Sports, Tuition, Supplies, General), and optionally upload a hero image.
📊 Impact: New campaigns enter DRAFT status. They become publicly visible only after passing moderation review (PENDING_REVIEW → APPROVED). Rejected campaigns can be edited and resubmitted.
⚠ Watch Out: Never include a student's full name, address, or other PII in the campaign story. Our moderation team will reject campaigns with identifying information.
Campaign Status Flow
Every campaign moves through a lifecycle: DRAFT (created, not submitted) → PENDING_REVIEW (submitted, awaiting moderator) → APPROVED (live, accepting donations) → FUNDED (goal reached) → COMPLETED (funds disbursed). Campaigns can also be REJECTED (with reason) or PAUSED (temporarily hidden).
📝 Example: Maria's campaign was created on Monday (DRAFT), submitted Tuesday morning (PENDING_REVIEW), approved Tuesday afternoon (APPROVED), reached its $500 goal by Friday (FUNDED), and funds were disbursed the following week (COMPLETED).
Campaign Verification
Every campaign must be verified before going live. Upload evidence of school affiliation: enrollment letter, school ID, teacher badge, or guardian consent form. These documents are reviewed privately by the moderation team and never shown publicly.
📈 Benchmark: GoFundMe has no verification for education campaigns. DonorsChoose requires teacher accounts only. KidStarter verifies both the creator AND the student's school enrollment.
💡 Tip: Campaigns with clear, scanned documents get approved faster than blurry phone photos.
Share Kit
Each approved campaign gets a Share Kit: pre-generated images (square for social, story for Instagram/WhatsApp, QR code for print), one-click share buttons (WhatsApp, Email, X, LinkedIn, Facebook), and a copyable campaign link. The post-donation share prompt is your highest-converting tool.
📊 Impact: Campaigns that are actively shared raise 3–5x more than those that aren't. Each share can generate 2–5 additional donations on average.
💡 Tip: Share within the first 48 hours of approval for maximum momentum. Post the QR code in your school's physical spaces.
Campaign Updates
Post updates to your campaign with text and photos showing the impact of donations. Updates appear on the campaign page and notify past donors. Go to your campaign page → "Post Update" section.
💡 Tip: Post an update with a photo within 1 week of receiving funds. Donors who see impact updates are 4x more likely to donate again.
Donations
Making a DonationFull Guide (PDF)
Click "Donate Now" on any campaign. Choose a preset amount or enter a custom one (minimum $1). Enter your name (optional — leave blank for anonymous) and email (for receipt). You're redirected to Stripe's secure checkout page.
💡 Tip: You don't need an account to donate. But creating one lets you track your donation history and get tax center access.
Donation Receipt/receipt
After donating, you receive a receipt token (e.g. "abc123def"). Save this! You can look up your receipt anytime at Donors → Receipt Lookup (/receipt). The receipt shows: amount, date, campaign, and a unique token. For charity-backed campaigns, the receipt also displays the charity name, tax ID, and a "Tax-Exempt Donation" badge.
Tax Center/tax-center
The Tax Center (/tax-center) provides information about tax deductibility of donations, including FAQs about charity-backed campaigns, tax-exempt receipts, and how to use your receipt for tax claims. Donations to charity-backed campaigns generate tax-exempt receipts with the charity's name and tax registration number.
⚠ Watch Out: KidStarter provides general tax information only. We are not tax advisors. Consult a qualified professional for your specific situation.
Organizations
Organization Directory/organizations
The public directory (/organizations) lists all registered schools, nonprofits, and corporate partners. Each org shows: name, type, country, verification status, member count, and active campaigns. Users can search, filter by country, and claim membership.
Claiming an Organization
If your school or org is already in the directory, click "Claim" on its page. You'll need to verify via your institutional email address (e.g. name@lincoln-elementary.edu). Once verified, you're linked to the org and can create campaigns under it.
📝 Example: Ms. Chen searches "Lincoln Elementary", finds it in the directory, clicks Claim, enters her school email, receives a verification code, and is now linked as a member.
Admin — Discovery & Enrichment
Discovery Console/dashboard/admin/discovery
The Discovery Console (/dashboard/admin/discovery) is the admin tool for finding, scraping, and enriching organization data. Access it from the Admin Dashboard → "🔍 Discovery Console" button. It shows all organizations in a table with enrichment status.
Seed Organizations
Click "Seed Organizations" to populate the directory with sample schools and partners. This creates org entries with names, types, countries, and website URLs. Useful for initial setup or demo purposes. You can also add orgs manually via /organizations or the API.
💡 Tip: For production, import real school data via CSV or the API at POST /api/organizations instead of using the seed function.
Web Scraper / Enrichment
The enrichment engine scrapes an organization's website and extracts structured data. Click "Enrich" next to any org with a website URL. The scraper fetches the page HTML (15-second timeout) and extracts: meta description, org-level contact emails (info@, contact@, admin@ — never personal emails), social links (LinkedIn, Twitter, Facebook), and page title.
📊 Impact: Enriched organizations have more complete profiles, which builds trust with donors and helps campaigns get more visibility. Orgs with descriptions and social links get 2x more campaign views.
📝 Example: Enriching "Lincoln Elementary" (website: lincoln-elementary.edu) extracts: description from meta tag, contact@lincoln-elementary.edu from page text, LinkedIn URL from footer links, and "Lincoln Elementary School — Excellence in Education" as page title.
⚠ Watch Out: The scraper respects a 15-second timeout. If a site is slow, blocks bots, or uses heavy JavaScript rendering, the scrape may fail. Retry later or add data manually.
Enrichment Fields & Confidence
Each extracted field has a confidence score (0.0–1.0). Scores reflect extraction reliability: meta descriptions score 0.8 (reliable), emails score 0.7 (need human review), social links score 0.9 (URL pattern matching is accurate), page titles score 0.6 (may include site navigation text).
💡 Tip: Always review extracted emails before approving. Verify they belong to the actual organization, not an ad network or third-party service on the page.
Approving Enriched Fields
After scraping, review extracted fields inline. Click "Approve" to push a field to the org's public profile (description, contact email, social links). Click "Reject" to discard. Approved fields immediately update the organization's listing in the public directory.
📊 Impact: Approving a description field makes the org more discoverable in search. Approving contact emails enables the platform to send verification and notification emails to the organization.
Verifying Organizations
After enrichment, change an org's status to "Approved" to make it visible in the public directory. Unverified orgs are hidden from public view but still accessible by direct URL. Verification confirms the org is a real, legitimate institution.
📝 Example: Workflow: 1) Seed/import org with website → 2) Click Enrich → 3) Review and approve fields → 4) Change status to Approved → Org appears in public directory.
Admin — Moderation
Moderation Queue/dashboard/modFull Guide (PDF)
The moderation queue (/dashboard/mod) shows all campaigns with PENDING_REVIEW status. Moderators and Platform Admins review each campaign's story, student info, evidence documents, and funding goal before approving or rejecting.
Reviewing a Campaign
Click a campaign in the queue to see full details: student first name + last initial, story text, category, goal amount, hero image, and uploaded verification evidence. Check for: specific and verifiable need, appropriate goal amount, valid school affiliation, no PII exposed.
⚠ Watch Out: Red flags: vague or generic stories, unusually high goal amounts (>$5,000 for individual students), no school affiliation, duplicate content from other campaigns, or requests for cash rather than specific items/services.
Approve / Reject / Pause
Approve makes the campaign live and publicly visible. Reject returns it to the creator with a reason code — they can edit and resubmit. Pause temporarily hides an approved campaign (preserving data) if issues arise post-approval. All actions are logged in the audit trail.
💡 Tip: When rejecting, select a specific reason code. "Insufficient evidence" is more helpful than "Rejected" — it tells the creator exactly what to fix.
Admin — Analytics
Admin Dashboard/dashboard/adminFull Guide (PDF)
The Admin Dashboard (/dashboard/admin) shows platform-wide metrics: total raised, total donations, active campaigns, pending reviews, total users, and a 7-day donation chart. Quick actions: Discovery Console, Guides, and Finance CSV Export.
Finance CSV Export
Click "📊 Export Finance CSV" on the Admin Dashboard to download a CSV of all donations with: date, amount, donor email, campaign, status, Stripe payment ID. Useful for accounting, reconciliation, and tax reporting.
⚠ Watch Out: The export contains donor emails (PII). Handle in accordance with GDPR and your data protection policy. Do not share publicly.
Corporate Sponsorship
Sponsor Program/dashboard/sponsorFull Guide (PDF)
Corporate sponsors create programs with a budget, target regions, and categories. Programs can be: Direct Sponsorship (fund specific campaigns), School Adoption (pledge to a school), or Matching (match community donations). Managed at /dashboard/sponsor.
Adopt-a-School/dashboard/sponsor/adopt
From /dashboard/sponsor/adopt, a corporate sponsor selects a school from the org directory and pledges a funding amount. This creates a SchoolAdoption record. The sponsor can then allocate funds to specific campaigns at that school, track spending vs budget, and export impact reports.
📝 Example: TechCorp adopts Lincoln Elementary with a $10,000 annual budget. They allocate $2,500 to "Laptops for CS Lab", $1,500 to "Art Supplies Room 204", and keep $6,000 for future campaigns. The Sponsor Dashboard shows 40% allocated, 60% remaining.
Vendor Partners
Vendor Portal/dashboard/vendor
Vendor partners (meal providers, school supply companies) manage their offers at /dashboard/vendor. They create voucher codes that students can redeem at participating locations. Vouchers are funded from campaign budgets.
Meal Vouchers
Meal vouchers are codes (e.g. "LUNCH-A3F2") redeemable at vendor locations for student meals. Created by vendors, funded from campaign budgets, distributed to students. Each voucher has: amount, expiry date, student assignment, and redemption status.
📝 Example: A campaign raises $200 for student meals. The creator purchases 40 × $5 meal vouchers from FoodPartner. Each student receives a code they show at the cafeteria. The vendor marks codes as redeemed, and the dashboard shows redemption rates.
Platform Settings
Trust & Safety/trust-safety
KidStarter's trust and safety page (/trust-safety) explains: campaign verification process, PII protection, payment security (Stripe PCI-DSS), content moderation, and reporting mechanisms. Every campaign shows a "Verified" badge after passing review.
User Roles
Platform roles: DONOR (browse, donate), CREATOR_TEACHER (create campaigns, post updates), CREATOR_GUARDIAN (create campaigns for their child), ORG_SCHOOL_ADMIN (manage school-wide campaigns), CORPORATE_ADMIN (manage sponsor programs), CHARITY_ADMIN (manage charity, enable tax-exempt receipts), MODERATOR (review campaigns), PLATFORM_ADMIN (full access), FINANCE_OPS (financial exports and reporting). Roles are assigned during registration or by admins.
💡 Tip: Users can have only one role. To change a user's role, a Platform Admin must update it from the Admin Dashboard user management section.