Security & privacy

Built for safeguarding childhood moments.

Kiddoz combines EU data residency, encryption by default, and transparent controls for schools and families. We treat every classroom story as sensitive personal data and protect it accordingly.

Infrastructure you can trust

  • Hosted in EU data centers with ISO 27001 and SOC 2 Type II certifications.
  • Data is encrypted at rest using AES-256 and in transit via TLS 1.3.
  • Geo-redundant backups taken hourly; retention policy reviewed quarterly.

Purpose-built access controls

  • Invite-only classrooms. Each caregiver has an individual, revocable login.
  • Role-based permissions for directors, administrators, teachers, and parents.
  • Granular consent templates ensure media sharing respects family preferences.

GDPR-first data handling

  • Kiddoz acts as a data processor; schools retain full ownership of content.
  • Sub-processor list published and updated with 30-day advance notice.
  • Data portability exports available within 48 hours of request.

For school leaders

Directors and administrators have the tools they need to maintain compliance and respond quickly to policy changes.

Policy controls

Apply consent templates per classroom, configure media retention schedules, and enforce multi-factor authentication for staff accounts.

Audit trails

Every login, post, download, and permission change is captured in immutable audit logs, exportable for regulators or internal review.

Staff onboarding & offboarding

Directory sync and SSO options streamline user lifecycle management. Access can be revoked instantly with one click.

For parents & caregivers

Families receive clarity on how their child’s information is used and can control it at any time.

Transparency

Parents see who has access to their child’s classroom, when posts were shared, and what permissions are active—right from the app.

Control

Request copies or deletion of a child’s media, restrict downloads, or pause sharing temporarily in coordination with the school.

Secure sharing

Two-step verification and device-level encryption protect access. There are no public profiles or searchable listings.

Incident readiness

Security is a continuous practice. We operate under a documented incident response plan that prioritizes fast, transparent communication.

24/7 monitoring

Kiddoz leverages automated anomaly detection and human review to surface suspicious activity in near real time.

Clear escalation

Breach notification procedures align with GDPR requirements. Affected customers receive direct updates within mandated timelines.

Penetration testing

Independent third parties test our platform annually. Findings are triaged immediately with executive-level oversight.

Need our latest security pack?

Request our detailed security report, DPA templates, and third-party audit summaries. We’re happy to answer specific procurement questionnaires.

Email the security team Talk to sales
🧸 Talk with Us