Legal & Policy Center

Children's Privacy Notice

v2.0

Effective Date: [EFFECTIVE DATE] Last Updated: [LAST UPDATED] Version: 2.0 Contact: [PRIVACY EMAIL]

KidStarter supports fundraising for students' educational needs, primarily managed by verified adults. We take the privacy and safety of children extremely seriously. This Children's Privacy Notice supplements our general Privacy Notice and explains how we handle information relating to minors (anyone under 18, or under the applicable age of majority in their jurisdiction).

Key Commitment: KidStarter does not sell children's Personal Data. We do not use children's Personal Data for advertising, profiling, behavioral targeting, or any commercial purpose unrelated to the educational Campaign.

1. Design Principles

Our platform is built with the following principles for children's data:

1.1. Adult-Managed Model: Campaigns involving minors are created and managed exclusively by verified adults (teachers, legal guardians, or authorized school representatives). Minors do not create accounts, make donations, or manage Campaigns.

1.2. Data Minimization by Default: We collect and display the absolute minimum student information necessary to operate Campaigns.

1.3. Privacy by Default and by Design: All privacy settings for minors default to the highest protection level. No opt-in action is required from guardians for protective measures — protections are automatic.

1.4. No Profiling or Behavioral Targeting: We do not build profiles of minors, serve targeted advertisements to or based on minors, or use algorithms to recommend content to minors.

1.5. Best Interests of the Child: In all decisions regarding children's data, we prioritize the best interests of the child.

2. What We Show Publicly (Minors)

For Campaigns involving minors, public-facing pages display only:

  • First name and last initial (or a nickname/alias chosen by the Creator);
  • Grade band (e.g., elementary, middle, high school) — never specific grade or age;
  • Broad geographic region (city or area only) — never specific address;
  • Category of educational need (e.g., books, laptop, tuition, assistive technology);
  • A narrative story written by the Creator that must not contain identifying details.

2.1 Strictly Prohibited in Public Content

The following information about minors must never appear in public Campaign content, and our systems are designed to detect and prevent it:

  • Full last names;
  • Home addresses, GPS coordinates, or directions to the child's location;
  • Phone numbers, personal email addresses, or instant messaging handles;
  • Social media handles or usernames intended to enable contact;
  • Government-issued identification numbers (e.g., Social Security Number, National Insurance Number, SIN, passport number);
  • School ID numbers, student numbers, or enrollment IDs;
  • School name, school logo, school address, or campus identifiers (unless explicitly approved under safety review with appropriate consents);
  • Classroom rosters, class schedules, bus routes, or extracurricular schedules;
  • Medical, psychological, or behavioral health information;
  • Disciplinary or academic records;
  • Information about other students;
  • Financial details of the student's family;
  • Any photograph, video, or image containing visible identifying information (see Section 4 below).

3. What We May Collect Privately

We may process limited additional information about students privately (not publicly visible) to:

  • Verify creator authority and eligibility (guardian/school authorization);
  • Coordinate school/vendor disbursements (invoice details, purchase orders, enrollment confirmation);
  • Prevent fraud and protect children from exploitation;
  • Comply with legal obligations;
  • Respond to safety reports.

This private data is stored with restricted access (accessible only to authorized personnel with a legitimate need), encrypted at rest, and subject to the retention limits in Section 7 below.

4. Image Safety

4.1. Where images of minors are used in Campaigns, Creators must ensure they have all necessary consents (guardian consent and, where applicable, school consent).

4.2. Images should preferably be head-and-shoulders only. Backgrounds must not show classroom boards, rosters, name badges, documents, mail, street signage, school signage, or other identifying information.

4.3. KidStarter may, at its discretion: (a) blur or remove backgrounds; (b) crop images; (c) offer avatar/cartoonization options as an alternative; (d) reject images that pose safety risks.

4.4. We never use children's images for advertising, marketing, or commercial purposes beyond the Campaign itself and related platform communications (e.g., share-card previews for the specific Campaign).

5. Guardian Consent and Authorization

5.1 Creator Responsibility

Creators represent and warrant that they have obtained all legally required consents and authorizations before creating a Campaign for a minor, including guardian consent where required by applicable law.

5.2 KidStarter Verification

KidStarter may require documentary evidence of authorization, including:

  • Signed guardian consent/authorization forms;
  • School authorization letters on official letterhead;
  • Email confirmation from an institutional email address;
  • Other documentation reasonably necessary to verify authority.

5.3 Verifiable Parental Consent Methods (COPPA — US)

Where KidStarter has actual knowledge of collecting Personal Data directly from a child under 13 (which our adult-managed model is designed to prevent), we will obtain verifiable parental consent using one or more of the following methods:

  • Signed consent form (physical or electronic);
  • Credit card, debit card, or other online payment system verification providing notification of the transaction;
  • Government-issued ID verification (checked and deleted);
  • Video call or live conference verification;
  • Knowledge-based authentication;
  • Any other method permitted by the FTC under COPPA.

5.4 EU/EEA Age of Digital Consent

Where consent is the legal basis for processing a child's data in the EU/EEA, we comply with the age of digital consent in the relevant Member State (ranging from 13 to 16 years). For children below the applicable age, we require holder of parental responsibility consent.

5.5 UK Age of Digital Consent

The UK applies an age of digital consent of 13 under the Data Protection Act 2018. For children under 13, we require parental consent where consent is the legal basis.

5.6 Canada

We follow PIPEDA's requirement for meaningful consent and recognize that children's capacity to provide consent increases with age. For younger children, we require parental or guardian consent.

6. Safety Controls

KidStarter employs multiple layers of safety controls:

6.1. Pre-Publication Review: All Campaigns involving minors undergo human review before publication.

6.2. Automated PII Detection: Text content is scanned for patterns matching phone numbers, email addresses, full names, Social Security/National Insurance numbers, addresses, and other PII. Flagged content is held for human review.

6.3. Image/OCR Scanning: Uploaded images are scanned for visible text, documents, badges, and identifying information.

6.4. Rapid Takedown: Content that may endanger a child is removed immediately upon detection or report — review occurs before reinstatement, not before removal.

6.5. Audit Logging: All moderation and administrative actions on Campaigns involving minors are logged with timestamps and responsible personnel for accountability.

6.6. Access Restrictions: Private student data is accessible only by authorized personnel with a documented need, subject to role-based access controls and audit trails.

6.7. Mandatory Reporting: Where KidStarter becomes aware of child exploitation material (CSAM) or reasonable suspicion of child abuse, we report to the relevant authorities, including NCMEC (US), IWF (UK), and applicable local law enforcement.

7. Retention of Children's Data

We apply the shortest retention periods we can for children's data:

Data CategoryRetention Period
Public Campaign content (first name, initial, story)Duration of active Campaign; archived on completion; deleted on guardian request where legally permitted
Private verification data (consent forms, authorization)Duration of Campaign + 12 months for fraud prevention and audit, then deleted
Private student information (enrollment, need category)Deleted or anonymized within 12 months after Campaign completion or disbursement
Images of minorsDuration of active Campaign; deleted within 30 days of Campaign completion or guardian request
Moderation/safety logsUp to 24 months (for safety investigations and regulatory compliance)

Legal Holds: If data is subject to a legal hold, regulatory investigation, or ongoing dispute, it may be retained beyond these periods but only to the extent required and with appropriate access restrictions.

8. No Sale, No Advertising, No Profiling

8.1. We do not sell children's Personal Data under any definition, including the CCPA/CPRA definition of "sell."

8.2. We do not share children's Personal Data for cross-context behavioral advertising.

8.3. We do not serve targeted advertisements to children or based on children's data.

8.4. We do not build profiles of children for any commercial, behavioral, or algorithmic purpose.

8.5. We do not use children's data for machine learning training except for safety/moderation systems designed to protect children (e.g., PII detection).

9. Regional Compliance

9.1 United States — COPPA

  • Our Service is designed so that verified adults are the primary account holders and Campaign managers. Children do not interact with the Service directly.
  • If we obtain actual knowledge that we have collected Personal Data directly from a child under 13 without verifiable parental consent, we will promptly delete that data and notify the parent/guardian.
  • Parents may review, request deletion of, and refuse further collection of their child's information by contacting [PRIVACY EMAIL].
  • We do not condition a child's participation on the collection of more data than is reasonably necessary.

9.2 United Kingdom — ICO Children's Code (Age Appropriate Design Code)

We implement the following AADC standards:

  • Best interests of the child are a primary consideration in all design decisions;
  • Data minimization by default — we collect only what is necessary;
  • High privacy settings by default — no opt-in required for protections;
  • No detrimental use of children's data — no profiling, targeting, or nudge techniques;
  • Age-appropriate application — our adult-gated model prevents direct child interaction;
  • Transparency — this Notice is written in clear language;
  • No profiling of children for commercial or non-educational purposes;
  • Geolocation — we do not collect or use precise geolocation of children.

9.3 EU/EEA — GDPR

  • We comply with GDPR data minimization, purpose limitation, and lawful basis requirements.
  • Where consent is relied upon for children's data, we comply with Article 8 (age of digital consent) requirements.
  • Children (via their guardians) have full GDPR rights including access, rectification, erasure, restriction, portability, and objection.
  • DPIAs have been or will be conducted for high-risk processing involving children's data.

9.4 Canada — PIPEDA and Provincial Laws

  • We apply meaningful consent requirements, recognizing children's evolving capacity.
  • Guardian consent is required for younger children.
  • Guardians have full access, correction, and deletion rights.
  • Where required by Quebec Law 25, we conduct privacy impact assessments for processing involving children's data.

10. Guardian and Student Rights

Guardians (and students who have reached the age of majority) may:

  • Access the student's Personal Data held by KidStarter;
  • Correct inaccurate or incomplete data;
  • Delete the student's Personal Data (subject to legal retention obligations);
  • Object to specific processing;
  • Withdraw consent previously given;
  • Request data portability (where applicable under GDPR/UK GDPR);
  • Request removal of a Campaign or specific content featuring the student.

To exercise any right, contact [PRIVACY EMAIL]. We will verify the requester's identity and authority before acting. We aim to respond within the timeframes required by applicable law.

11. Report a Concern

If you believe a Campaign exposes identifying information about a minor, or if you have any safety concern regarding a child on the Service, report it immediately:

  • Report: [REPORT LINK OR EMAIL]
  • Email: [PRIVACY EMAIL]
  • Emergency: If a child is in immediate danger, contact your local emergency services first, then notify us.

We operate a rapid-response protocol for child safety reports. Content is removed first and reviewed second.

12. Changes to This Notice

We may update this Notice from time to time. Material changes will be communicated with at least 30 days' notice via email to Creators/guardians and prominent notice on the Service. The "Last Updated" date will be revised.

13. Contact

Privacy Inquiries: [PRIVACY EMAIL] Safety Reports: [REPORT LINK OR EMAIL] General Support: [SUPPORT EMAIL] Mailing Address: [ADDRESS]

help.title

Getting Started
Sign Up/registerFull Guide (PDF)
Create an account at /register. Choose your role: Donor (support students), Teacher (create campaigns for students), Parent/Guardian (create campaigns for your child), Corporate Sponsor (sponsor schools and campaigns), or Charity (collect tax-exempt donations). Your role determines which dashboard features you see.
💡 Tip: Use your school email address if you have one — it speeds up organization verification later.
Onboarding Wizard/onboarding
After registration, the onboarding wizard walks you through 4 steps: select your role, link your school/organization, choose a plan (Free, Teacher, or School), and confirm. You can skip and return later.
📝 Example: A teacher at Lincoln Elementary would: 1) Select "Teacher", 2) Search "Lincoln Elementary" in the org directory, 3) Choose the Free plan, 4) Confirm and land on their Creator Dashboard.
Plans & Pricing/pricing
KidStarter offers three plans: Free (1 campaign, basic features), Teacher Starter ($5/mo — up to 10 campaigns, share kit, priority review), and School Plan ($20/mo — multi-teacher, school dashboard, bulk tools). All plans include Stripe payments and donation receipts (tax-exempt receipts for charity-backed campaigns).
📈 Benchmark: Similar platforms charge 5–8% platform fees. KidStarter charges 0% platform fee — only Stripe's standard 2.9% + $0.30 processing fee applies.
Language Switcher
KidStarter supports 8 languages: English, Portuguese, Spanish, Hungarian, French, German, Slovak, and Czech. Click the flag icon in the top navigation bar to switch. Your preference is saved in a cookie and persists across sessions.
💡 Tip: The language auto-detects from your browser settings on first visit. Override it anytime with the flag switcher.
Campaigns
Creating a Campaign/dashboard/creatorFull Guide (PDF)
Navigate to your Creator Dashboard (/dashboard/creator) and click "Create Campaign". Fill in: student first name + last initial, their story, funding goal, category (STEM, Arts, Sports, Tuition, Supplies, General), and optionally upload a hero image.
📊 Impact: New campaigns enter DRAFT status. They become publicly visible only after passing moderation review (PENDING_REVIEW → APPROVED). Rejected campaigns can be edited and resubmitted.
⚠ Watch Out: Never include a student's full name, address, or other PII in the campaign story. Our moderation team will reject campaigns with identifying information.
Campaign Status Flow
Every campaign moves through a lifecycle: DRAFT (created, not submitted) → PENDING_REVIEW (submitted, awaiting moderator) → APPROVED (live, accepting donations) → FUNDED (goal reached) → COMPLETED (funds disbursed). Campaigns can also be REJECTED (with reason) or PAUSED (temporarily hidden).
📝 Example: Maria's campaign was created on Monday (DRAFT), submitted Tuesday morning (PENDING_REVIEW), approved Tuesday afternoon (APPROVED), reached its $500 goal by Friday (FUNDED), and funds were disbursed the following week (COMPLETED).
Campaign Verification
Every campaign must be verified before going live. Upload evidence of school affiliation: enrollment letter, school ID, teacher badge, or guardian consent form. These documents are reviewed privately by the moderation team and never shown publicly.
📈 Benchmark: GoFundMe has no verification for education campaigns. DonorsChoose requires teacher accounts only. KidStarter verifies both the creator AND the student's school enrollment.
💡 Tip: Campaigns with clear, scanned documents get approved faster than blurry phone photos.
Share Kit
Each approved campaign gets a Share Kit: pre-generated images (square for social, story for Instagram/WhatsApp, QR code for print), one-click share buttons (WhatsApp, Email, X, LinkedIn, Facebook), and a copyable campaign link. The post-donation share prompt is your highest-converting tool.
📊 Impact: Campaigns that are actively shared raise 3–5x more than those that aren't. Each share can generate 2–5 additional donations on average.
💡 Tip: Share within the first 48 hours of approval for maximum momentum. Post the QR code in your school's physical spaces.
Campaign Updates
Post updates to your campaign with text and photos showing the impact of donations. Updates appear on the campaign page and notify past donors. Go to your campaign page → "Post Update" section.
💡 Tip: Post an update with a photo within 1 week of receiving funds. Donors who see impact updates are 4x more likely to donate again.
Donations
Making a DonationFull Guide (PDF)
Click "Donate Now" on any campaign. Choose a preset amount or enter a custom one (minimum $1). Enter your name (optional — leave blank for anonymous) and email (for receipt). You're redirected to Stripe's secure checkout page.
💡 Tip: You don't need an account to donate. But creating one lets you track your donation history and get tax center access.
Donation Receipt/receipt
After donating, you receive a receipt token (e.g. "abc123def"). Save this! You can look up your receipt anytime at Donors → Receipt Lookup (/receipt). The receipt shows: amount, date, campaign, and a unique token. For charity-backed campaigns, the receipt also displays the charity name, tax ID, and a "Tax-Exempt Donation" badge.
Tax Center/tax-center
The Tax Center (/tax-center) provides information about tax deductibility of donations, including FAQs about charity-backed campaigns, tax-exempt receipts, and how to use your receipt for tax claims. Donations to charity-backed campaigns generate tax-exempt receipts with the charity's name and tax registration number.
⚠ Watch Out: KidStarter provides general tax information only. We are not tax advisors. Consult a qualified professional for your specific situation.
Organizations
Organization Directory/organizations
The public directory (/organizations) lists all registered schools, nonprofits, and corporate partners. Each org shows: name, type, country, verification status, member count, and active campaigns. Users can search, filter by country, and claim membership.
Claiming an Organization
If your school or org is already in the directory, click "Claim" on its page. You'll need to verify via your institutional email address (e.g. name@lincoln-elementary.edu). Once verified, you're linked to the org and can create campaigns under it.
📝 Example: Ms. Chen searches "Lincoln Elementary", finds it in the directory, clicks Claim, enters her school email, receives a verification code, and is now linked as a member.
Admin — Discovery & Enrichment
Discovery Console/dashboard/admin/discovery
The Discovery Console (/dashboard/admin/discovery) is the admin tool for finding, scraping, and enriching organization data. Access it from the Admin Dashboard → "🔍 Discovery Console" button. It shows all organizations in a table with enrichment status.
Seed Organizations
Click "Seed Organizations" to populate the directory with sample schools and partners. This creates org entries with names, types, countries, and website URLs. Useful for initial setup or demo purposes. You can also add orgs manually via /organizations or the API.
💡 Tip: For production, import real school data via CSV or the API at POST /api/organizations instead of using the seed function.
Web Scraper / Enrichment
The enrichment engine scrapes an organization's website and extracts structured data. Click "Enrich" next to any org with a website URL. The scraper fetches the page HTML (15-second timeout) and extracts: meta description, org-level contact emails (info@, contact@, admin@ — never personal emails), social links (LinkedIn, Twitter, Facebook), and page title.
📊 Impact: Enriched organizations have more complete profiles, which builds trust with donors and helps campaigns get more visibility. Orgs with descriptions and social links get 2x more campaign views.
📝 Example: Enriching "Lincoln Elementary" (website: lincoln-elementary.edu) extracts: description from meta tag, contact@lincoln-elementary.edu from page text, LinkedIn URL from footer links, and "Lincoln Elementary School — Excellence in Education" as page title.
⚠ Watch Out: The scraper respects a 15-second timeout. If a site is slow, blocks bots, or uses heavy JavaScript rendering, the scrape may fail. Retry later or add data manually.
Enrichment Fields & Confidence
Each extracted field has a confidence score (0.0–1.0). Scores reflect extraction reliability: meta descriptions score 0.8 (reliable), emails score 0.7 (need human review), social links score 0.9 (URL pattern matching is accurate), page titles score 0.6 (may include site navigation text).
💡 Tip: Always review extracted emails before approving. Verify they belong to the actual organization, not an ad network or third-party service on the page.
Approving Enriched Fields
After scraping, review extracted fields inline. Click "Approve" to push a field to the org's public profile (description, contact email, social links). Click "Reject" to discard. Approved fields immediately update the organization's listing in the public directory.
📊 Impact: Approving a description field makes the org more discoverable in search. Approving contact emails enables the platform to send verification and notification emails to the organization.
Verifying Organizations
After enrichment, change an org's status to "Approved" to make it visible in the public directory. Unverified orgs are hidden from public view but still accessible by direct URL. Verification confirms the org is a real, legitimate institution.
📝 Example: Workflow: 1) Seed/import org with website → 2) Click Enrich → 3) Review and approve fields → 4) Change status to Approved → Org appears in public directory.
Admin — Moderation
Moderation Queue/dashboard/modFull Guide (PDF)
The moderation queue (/dashboard/mod) shows all campaigns with PENDING_REVIEW status. Moderators and Platform Admins review each campaign's story, student info, evidence documents, and funding goal before approving or rejecting.
Reviewing a Campaign
Click a campaign in the queue to see full details: student first name + last initial, story text, category, goal amount, hero image, and uploaded verification evidence. Check for: specific and verifiable need, appropriate goal amount, valid school affiliation, no PII exposed.
⚠ Watch Out: Red flags: vague or generic stories, unusually high goal amounts (>$5,000 for individual students), no school affiliation, duplicate content from other campaigns, or requests for cash rather than specific items/services.
Approve / Reject / Pause
Approve makes the campaign live and publicly visible. Reject returns it to the creator with a reason code — they can edit and resubmit. Pause temporarily hides an approved campaign (preserving data) if issues arise post-approval. All actions are logged in the audit trail.
💡 Tip: When rejecting, select a specific reason code. "Insufficient evidence" is more helpful than "Rejected" — it tells the creator exactly what to fix.
Admin — Analytics
Admin Dashboard/dashboard/adminFull Guide (PDF)
The Admin Dashboard (/dashboard/admin) shows platform-wide metrics: total raised, total donations, active campaigns, pending reviews, total users, and a 7-day donation chart. Quick actions: Discovery Console, Guides, and Finance CSV Export.
Finance CSV Export
Click "📊 Export Finance CSV" on the Admin Dashboard to download a CSV of all donations with: date, amount, donor email, campaign, status, Stripe payment ID. Useful for accounting, reconciliation, and tax reporting.
⚠ Watch Out: The export contains donor emails (PII). Handle in accordance with GDPR and your data protection policy. Do not share publicly.
Corporate Sponsorship
Sponsor Program/dashboard/sponsorFull Guide (PDF)
Corporate sponsors create programs with a budget, target regions, and categories. Programs can be: Direct Sponsorship (fund specific campaigns), School Adoption (pledge to a school), or Matching (match community donations). Managed at /dashboard/sponsor.
Adopt-a-School/dashboard/sponsor/adopt
From /dashboard/sponsor/adopt, a corporate sponsor selects a school from the org directory and pledges a funding amount. This creates a SchoolAdoption record. The sponsor can then allocate funds to specific campaigns at that school, track spending vs budget, and export impact reports.
📝 Example: TechCorp adopts Lincoln Elementary with a $10,000 annual budget. They allocate $2,500 to "Laptops for CS Lab", $1,500 to "Art Supplies Room 204", and keep $6,000 for future campaigns. The Sponsor Dashboard shows 40% allocated, 60% remaining.
Vendor Partners
Vendor Portal/dashboard/vendor
Vendor partners (meal providers, school supply companies) manage their offers at /dashboard/vendor. They create voucher codes that students can redeem at participating locations. Vouchers are funded from campaign budgets.
Meal Vouchers
Meal vouchers are codes (e.g. "LUNCH-A3F2") redeemable at vendor locations for student meals. Created by vendors, funded from campaign budgets, distributed to students. Each voucher has: amount, expiry date, student assignment, and redemption status.
📝 Example: A campaign raises $200 for student meals. The creator purchases 40 × $5 meal vouchers from FoodPartner. Each student receives a code they show at the cafeteria. The vendor marks codes as redeemed, and the dashboard shows redemption rates.
Platform Settings
Trust & Safety/trust-safety
KidStarter's trust and safety page (/trust-safety) explains: campaign verification process, PII protection, payment security (Stripe PCI-DSS), content moderation, and reporting mechanisms. Every campaign shows a "Verified" badge after passing review.
User Roles
Platform roles: DONOR (browse, donate), CREATOR_TEACHER (create campaigns, post updates), CREATOR_GUARDIAN (create campaigns for their child), ORG_SCHOOL_ADMIN (manage school-wide campaigns), CORPORATE_ADMIN (manage sponsor programs), CHARITY_ADMIN (manage charity, enable tax-exempt receipts), MODERATOR (review campaigns), PLATFORM_ADMIN (full access), FINANCE_OPS (financial exports and reporting). Roles are assigned during registration or by admins.
💡 Tip: Users can have only one role. To change a user's role, a Platform Admin must update it from the Admin Dashboard user management section.