Legal

Privacy policy

How we collect, use, and protect information — including the sensitive information about children that providers entrust to Sunup.

Last updated: 8 July 2026Effective: on launch

Overview

Sunup provides software that children's activity providers use to run registration, payments, rosters, and attendance. This policy explains what information passes through Sunup, why, and how we protect it. It applies to our marketing site and to the Sunup application.

Providers are the controllers of the family data they collect through Sunup; we process that data on their behalf under our agreement with them. Where we determine our own purposes — for example, operating and securing the service — we act as a controller.

What we collect

We collect only what the service needs to do its job. Broadly, that falls into three groups:

Account & provider data
Business details, staff accounts, and the classes, schedules, and settings a provider configures.
Family & registration data
Parent contact details, children's profiles, emergency contacts, pickup authorizations, form responses, and signed waivers.
Usage & technical data
Log data needed to operate, secure, and debug the service — including access logs for sensitive records.

Children's information

Sunup handles information about children — health notes, emergency contacts, and who may collect a child. We treat this as a design constraint, not fine print.

We collect children's information only when a provider needs it, and show it only to the people who need it
Access to sensitive records is logged: who looked, at what, and when
We never sell family or children's data, and never use it for advertising

How we use it

We use the information passing through Sunup to provide the service the provider signed up for and to keep it running safely:

Operating registration, payments, rosters, attendance, and the parent portal
Sending operational email — confirmations, receipts, reminders, and schedule notices
Securing accounts, preventing abuse, and meeting legal obligations

Sharing & disclosure

We share information only as needed to run the service — for example with payment and infrastructure providers acting on our instructions — or where the law requires it. We do not sell data.

A parent's information is shared with the providers they register with, and within a household according to the per-child permissions the family sets.

Payments

Payments run through Stripe's secure hosted checkout, and the money settles to the provider's own Stripe account. Card details never touch Sunup's servers. Stripe processes payment information under its own terms and privacy policy.

Retention

Records that exist for safety and accounting — signed waivers, payments, and attendance — are preserved as history and never silently rewritten. We retain information for as long as the provider's account needs it or the law requires, and delete or anonymize it after that.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Families should direct requests to the provider they registered with; providers can reach us directly to help fulfill them.

Security

We protect information in transit and at rest, restrict access to sensitive records on a need-to-know basis, and log access to them. No system is perfectly secure, but the care a children's activity platform demands is the standard we hold ourselves to.

Contact

Questions about this policy or your information? Reach us at privacy@sunuphq.com.

← Back to home