Legal & Policy Center

Data Retention & Deletion Policy

v2.0

Effective Date: [EFFECTIVE DATE] Last Updated: [LAST UPDATED] Version: 2.0

1. Retention Principles

KidStarter retains Personal Data only as long as necessary for the purposes for which it was collected, including:

  • providing and improving the Service;
  • preventing fraud and abuse;
  • meeting legal, tax, and accounting obligations;
  • resolving disputes and enforcing agreements;
  • complying with regulatory requirements.

We apply the principle of data minimization — retaining only what is needed, for as long as needed, and no longer.

2. Retention Schedule

Data CategoryRetention PeriodBasis
Account information (name, email, role)Duration of active account + 3 years after account closureContract performance; fraud prevention; legal claims
Donation records (amount, date, receipt, campaign)7 years from date of transactionFinancial/tax compliance (IRS, HMRC, CRA, EU Member State requirements)
Payment processor tokensDuration of active account; deleted on account closureContract performance
Verification evidence (authorization letters, consent forms, IDs)Duration of Campaign + 3 yearsFraud prevention; audit; legal claims
Government-issued IDs (submitted for verification)Deleted within 30 days of verification completion (unless legally required to retain)Data minimization
Campaign content (text, images, updates)Duration of active Campaign; archived on completion; deleted on verified request where legally permittedContract performance; fraud prevention
Student data (private)Deleted or anonymized within 12 months of Campaign completion or disbursementData minimization; child protection
Images of minorsDuration of active Campaign; deleted within 30 days of Campaign completion or verified guardian requestData minimization; child protection
Server and security logsUp to 24 monthsSecurity; fraud investigation; regulatory compliance
Moderation and audit logsUp to 36 monthsAccountability; regulatory compliance; dispute resolution
Analytics dataAggregated/anonymized within 24 monthsService improvement
Marketing consent recordsDuration of consent + 3 yearsEvidence of consent; compliance
Support communications3 years after resolutionQuality assurance; dispute resolution
Cookie dataPer cookie-specific duration (see Cookie Policy)As stated in Cookie Policy
Fraud investigation records7 years from conclusion of investigationLegal compliance; fraud prevention
Legal hold dataDuration of legal holdLegal obligation

[Adjust retention periods based on your jurisdiction-specific legal advice before publication.]

3. Deletion and Anonymization

3.1 Deletion

When retention periods expire and no legal hold, dispute, or regulatory obligation requires further retention, Personal Data is permanently deleted from all active systems and backups within a reasonable timeframe (typically within 90 days of the retention period expiring, accounting for backup rotation cycles).

3.2 Anonymization

Where deletion is not feasible or where data has analytical value, KidStarter may irreversibly anonymize data so that it can no longer be linked to any individual. Anonymized data is no longer Personal Data and may be retained indefinitely for statistical and analytical purposes.

3.3 Anonymization Standards

We apply anonymization techniques sufficient to meet the standard under applicable law (including GDPR Recital 26, UK ICO anonymization guidance, and CCPA/CPRA definitions), ensuring that re-identification is not reasonably possible.

4. Deletion Requests

4.1. You may request deletion of your Personal Data by contacting [PRIVACY EMAIL].

4.2. We will process your request in accordance with applicable law (GDPR, UK GDPR, CCPA/CPRA, PIPEDA).

4.3. We may retain certain data where we have a legal obligation, legitimate interest, or contractual right to do so, including:

  • donation records required for financial/tax compliance;
  • fraud investigation records;
  • data subject to a legal hold;
  • anonymized or aggregated data;
  • data necessary to enforce our Terms or resolve pending disputes.

4.4. We will inform you if we cannot fully comply with a deletion request and explain the reasons.

5. Legal Holds

5.1. A legal hold is a directive to preserve data that may be relevant to pending or reasonably anticipated litigation, regulatory investigation, audit, or other legal proceeding.

5.2. When a legal hold is issued, normal retention schedules are suspended for the affected data. Data under legal hold is preserved in its current state until the hold is lifted.

5.3. Legal holds are managed by KidStarter's legal team and are documented with: the scope of data affected, the reason, the date of issuance, and the date of release.

5.4. Data under legal hold is subject to the same access controls and security measures as other data.

6. Backup and Archival

6.1. KidStarter maintains encrypted backups for disaster recovery purposes.

6.2. Deleted data may persist in backup systems for up to 90 days beyond the deletion date due to backup rotation schedules.

6.3. We do not actively process data from backup systems except for disaster recovery purposes.

7. Third-Party Data

7.1. Where Personal Data has been shared with third-party processors (e.g., payment processors, cloud providers), we will use reasonable efforts to ensure that those processors delete or return data in accordance with their data processing agreements and applicable law.

8. Policy Review

This Policy is reviewed at least annually and updated to reflect changes in law, regulation, and business practices.

9. Contact

Deletion Requests: [PRIVACY EMAIL] Privacy Inquiries: [PRIVACY EMAIL] General Support: [SUPPORT EMAIL]

help.title

Getting Started
Sign Up/registerFull Guide (PDF)
Create an account at /register. Choose your role: Donor (support students), Teacher (create campaigns for students), Parent/Guardian (create campaigns for your child), Corporate Sponsor (sponsor schools and campaigns), or Charity (collect tax-exempt donations). Your role determines which dashboard features you see.
💡 Tip: Use your school email address if you have one — it speeds up organization verification later.
Onboarding Wizard/onboarding
After registration, the onboarding wizard walks you through 4 steps: select your role, link your school/organization, choose a plan (Free, Teacher, or School), and confirm. You can skip and return later.
📝 Example: A teacher at Lincoln Elementary would: 1) Select "Teacher", 2) Search "Lincoln Elementary" in the org directory, 3) Choose the Free plan, 4) Confirm and land on their Creator Dashboard.
Plans & Pricing/pricing
KidStarter offers three plans: Free (1 campaign, basic features), Teacher Starter ($5/mo — up to 10 campaigns, share kit, priority review), and School Plan ($20/mo — multi-teacher, school dashboard, bulk tools). All plans include Stripe payments and donation receipts (tax-exempt receipts for charity-backed campaigns).
📈 Benchmark: Similar platforms charge 5–8% platform fees. KidStarter charges 0% platform fee — only Stripe's standard 2.9% + $0.30 processing fee applies.
Language Switcher
KidStarter supports 8 languages: English, Portuguese, Spanish, Hungarian, French, German, Slovak, and Czech. Click the flag icon in the top navigation bar to switch. Your preference is saved in a cookie and persists across sessions.
💡 Tip: The language auto-detects from your browser settings on first visit. Override it anytime with the flag switcher.
Campaigns
Creating a Campaign/dashboard/creatorFull Guide (PDF)
Navigate to your Creator Dashboard (/dashboard/creator) and click "Create Campaign". Fill in: student first name + last initial, their story, funding goal, category (STEM, Arts, Sports, Tuition, Supplies, General), and optionally upload a hero image.
📊 Impact: New campaigns enter DRAFT status. They become publicly visible only after passing moderation review (PENDING_REVIEW → APPROVED). Rejected campaigns can be edited and resubmitted.
⚠ Watch Out: Never include a student's full name, address, or other PII in the campaign story. Our moderation team will reject campaigns with identifying information.
Campaign Status Flow
Every campaign moves through a lifecycle: DRAFT (created, not submitted) → PENDING_REVIEW (submitted, awaiting moderator) → APPROVED (live, accepting donations) → FUNDED (goal reached) → COMPLETED (funds disbursed). Campaigns can also be REJECTED (with reason) or PAUSED (temporarily hidden).
📝 Example: Maria's campaign was created on Monday (DRAFT), submitted Tuesday morning (PENDING_REVIEW), approved Tuesday afternoon (APPROVED), reached its $500 goal by Friday (FUNDED), and funds were disbursed the following week (COMPLETED).
Campaign Verification
Every campaign must be verified before going live. Upload evidence of school affiliation: enrollment letter, school ID, teacher badge, or guardian consent form. These documents are reviewed privately by the moderation team and never shown publicly.
📈 Benchmark: GoFundMe has no verification for education campaigns. DonorsChoose requires teacher accounts only. KidStarter verifies both the creator AND the student's school enrollment.
💡 Tip: Campaigns with clear, scanned documents get approved faster than blurry phone photos.
Share Kit
Each approved campaign gets a Share Kit: pre-generated images (square for social, story for Instagram/WhatsApp, QR code for print), one-click share buttons (WhatsApp, Email, X, LinkedIn, Facebook), and a copyable campaign link. The post-donation share prompt is your highest-converting tool.
📊 Impact: Campaigns that are actively shared raise 3–5x more than those that aren't. Each share can generate 2–5 additional donations on average.
💡 Tip: Share within the first 48 hours of approval for maximum momentum. Post the QR code in your school's physical spaces.
Campaign Updates
Post updates to your campaign with text and photos showing the impact of donations. Updates appear on the campaign page and notify past donors. Go to your campaign page → "Post Update" section.
💡 Tip: Post an update with a photo within 1 week of receiving funds. Donors who see impact updates are 4x more likely to donate again.
Donations
Making a DonationFull Guide (PDF)
Click "Donate Now" on any campaign. Choose a preset amount or enter a custom one (minimum $1). Enter your name (optional — leave blank for anonymous) and email (for receipt). You're redirected to Stripe's secure checkout page.
💡 Tip: You don't need an account to donate. But creating one lets you track your donation history and get tax center access.
Donation Receipt/receipt
After donating, you receive a receipt token (e.g. "abc123def"). Save this! You can look up your receipt anytime at Donors → Receipt Lookup (/receipt). The receipt shows: amount, date, campaign, and a unique token. For charity-backed campaigns, the receipt also displays the charity name, tax ID, and a "Tax-Exempt Donation" badge.
Tax Center/tax-center
The Tax Center (/tax-center) provides information about tax deductibility of donations, including FAQs about charity-backed campaigns, tax-exempt receipts, and how to use your receipt for tax claims. Donations to charity-backed campaigns generate tax-exempt receipts with the charity's name and tax registration number.
⚠ Watch Out: KidStarter provides general tax information only. We are not tax advisors. Consult a qualified professional for your specific situation.
Organizations
Organization Directory/organizations
The public directory (/organizations) lists all registered schools, nonprofits, and corporate partners. Each org shows: name, type, country, verification status, member count, and active campaigns. Users can search, filter by country, and claim membership.
Claiming an Organization
If your school or org is already in the directory, click "Claim" on its page. You'll need to verify via your institutional email address (e.g. name@lincoln-elementary.edu). Once verified, you're linked to the org and can create campaigns under it.
📝 Example: Ms. Chen searches "Lincoln Elementary", finds it in the directory, clicks Claim, enters her school email, receives a verification code, and is now linked as a member.
Admin — Discovery & Enrichment
Discovery Console/dashboard/admin/discovery
The Discovery Console (/dashboard/admin/discovery) is the admin tool for finding, scraping, and enriching organization data. Access it from the Admin Dashboard → "🔍 Discovery Console" button. It shows all organizations in a table with enrichment status.
Seed Organizations
Click "Seed Organizations" to populate the directory with sample schools and partners. This creates org entries with names, types, countries, and website URLs. Useful for initial setup or demo purposes. You can also add orgs manually via /organizations or the API.
💡 Tip: For production, import real school data via CSV or the API at POST /api/organizations instead of using the seed function.
Web Scraper / Enrichment
The enrichment engine scrapes an organization's website and extracts structured data. Click "Enrich" next to any org with a website URL. The scraper fetches the page HTML (15-second timeout) and extracts: meta description, org-level contact emails (info@, contact@, admin@ — never personal emails), social links (LinkedIn, Twitter, Facebook), and page title.
📊 Impact: Enriched organizations have more complete profiles, which builds trust with donors and helps campaigns get more visibility. Orgs with descriptions and social links get 2x more campaign views.
📝 Example: Enriching "Lincoln Elementary" (website: lincoln-elementary.edu) extracts: description from meta tag, contact@lincoln-elementary.edu from page text, LinkedIn URL from footer links, and "Lincoln Elementary School — Excellence in Education" as page title.
⚠ Watch Out: The scraper respects a 15-second timeout. If a site is slow, blocks bots, or uses heavy JavaScript rendering, the scrape may fail. Retry later or add data manually.
Enrichment Fields & Confidence
Each extracted field has a confidence score (0.0–1.0). Scores reflect extraction reliability: meta descriptions score 0.8 (reliable), emails score 0.7 (need human review), social links score 0.9 (URL pattern matching is accurate), page titles score 0.6 (may include site navigation text).
💡 Tip: Always review extracted emails before approving. Verify they belong to the actual organization, not an ad network or third-party service on the page.
Approving Enriched Fields
After scraping, review extracted fields inline. Click "Approve" to push a field to the org's public profile (description, contact email, social links). Click "Reject" to discard. Approved fields immediately update the organization's listing in the public directory.
📊 Impact: Approving a description field makes the org more discoverable in search. Approving contact emails enables the platform to send verification and notification emails to the organization.
Verifying Organizations
After enrichment, change an org's status to "Approved" to make it visible in the public directory. Unverified orgs are hidden from public view but still accessible by direct URL. Verification confirms the org is a real, legitimate institution.
📝 Example: Workflow: 1) Seed/import org with website → 2) Click Enrich → 3) Review and approve fields → 4) Change status to Approved → Org appears in public directory.
Admin — Moderation
Moderation Queue/dashboard/modFull Guide (PDF)
The moderation queue (/dashboard/mod) shows all campaigns with PENDING_REVIEW status. Moderators and Platform Admins review each campaign's story, student info, evidence documents, and funding goal before approving or rejecting.
Reviewing a Campaign
Click a campaign in the queue to see full details: student first name + last initial, story text, category, goal amount, hero image, and uploaded verification evidence. Check for: specific and verifiable need, appropriate goal amount, valid school affiliation, no PII exposed.
⚠ Watch Out: Red flags: vague or generic stories, unusually high goal amounts (>$5,000 for individual students), no school affiliation, duplicate content from other campaigns, or requests for cash rather than specific items/services.
Approve / Reject / Pause
Approve makes the campaign live and publicly visible. Reject returns it to the creator with a reason code — they can edit and resubmit. Pause temporarily hides an approved campaign (preserving data) if issues arise post-approval. All actions are logged in the audit trail.
💡 Tip: When rejecting, select a specific reason code. "Insufficient evidence" is more helpful than "Rejected" — it tells the creator exactly what to fix.
Admin — Analytics
Admin Dashboard/dashboard/adminFull Guide (PDF)
The Admin Dashboard (/dashboard/admin) shows platform-wide metrics: total raised, total donations, active campaigns, pending reviews, total users, and a 7-day donation chart. Quick actions: Discovery Console, Guides, and Finance CSV Export.
Finance CSV Export
Click "📊 Export Finance CSV" on the Admin Dashboard to download a CSV of all donations with: date, amount, donor email, campaign, status, Stripe payment ID. Useful for accounting, reconciliation, and tax reporting.
⚠ Watch Out: The export contains donor emails (PII). Handle in accordance with GDPR and your data protection policy. Do not share publicly.
Corporate Sponsorship
Sponsor Program/dashboard/sponsorFull Guide (PDF)
Corporate sponsors create programs with a budget, target regions, and categories. Programs can be: Direct Sponsorship (fund specific campaigns), School Adoption (pledge to a school), or Matching (match community donations). Managed at /dashboard/sponsor.
Adopt-a-School/dashboard/sponsor/adopt
From /dashboard/sponsor/adopt, a corporate sponsor selects a school from the org directory and pledges a funding amount. This creates a SchoolAdoption record. The sponsor can then allocate funds to specific campaigns at that school, track spending vs budget, and export impact reports.
📝 Example: TechCorp adopts Lincoln Elementary with a $10,000 annual budget. They allocate $2,500 to "Laptops for CS Lab", $1,500 to "Art Supplies Room 204", and keep $6,000 for future campaigns. The Sponsor Dashboard shows 40% allocated, 60% remaining.
Vendor Partners
Vendor Portal/dashboard/vendor
Vendor partners (meal providers, school supply companies) manage their offers at /dashboard/vendor. They create voucher codes that students can redeem at participating locations. Vouchers are funded from campaign budgets.
Meal Vouchers
Meal vouchers are codes (e.g. "LUNCH-A3F2") redeemable at vendor locations for student meals. Created by vendors, funded from campaign budgets, distributed to students. Each voucher has: amount, expiry date, student assignment, and redemption status.
📝 Example: A campaign raises $200 for student meals. The creator purchases 40 × $5 meal vouchers from FoodPartner. Each student receives a code they show at the cafeteria. The vendor marks codes as redeemed, and the dashboard shows redemption rates.
Platform Settings
Trust & Safety/trust-safety
KidStarter's trust and safety page (/trust-safety) explains: campaign verification process, PII protection, payment security (Stripe PCI-DSS), content moderation, and reporting mechanisms. Every campaign shows a "Verified" badge after passing review.
User Roles
Platform roles: DONOR (browse, donate), CREATOR_TEACHER (create campaigns, post updates), CREATOR_GUARDIAN (create campaigns for their child), ORG_SCHOOL_ADMIN (manage school-wide campaigns), CORPORATE_ADMIN (manage sponsor programs), CHARITY_ADMIN (manage charity, enable tax-exempt receipts), MODERATOR (review campaigns), PLATFORM_ADMIN (full access), FINANCE_OPS (financial exports and reporting). Roles are assigned during registration or by admins.
💡 Tip: Users can have only one role. To change a user's role, a Platform Admin must update it from the Admin Dashboard user management section.