How to protect your child’s digital footprint at childcare

Resources for Parents
Written By Niels Wouters

Big changes ahead! Your child will be attending childcare. It’s a time of big transitions: new routines, new faces, and for many parents, a mix of excitement and worry. It’s completely normal to feel a little uneasy: there’s suddenly more distance between you and your child, new systems to trust, and a sense of handing over parts of their day (and their information) to others.

It‘s also a time when the childcare operator might ask you to enrol on a childcare management app. It helps the operator know more about your child and your family, your emergency contacts, and your invoicing preferences. In this guide, we explain what childcare apps do, and which questions you should ask your childcare operator before signing up.

What do childcare apps actually do?

Childcare management apps are designed to make day-to-day communication between parents and educators smoother. The apps handle everything from drop-offs and pickups to incident reports, learning updates, photos, medical tracking, and daily routines. For many centres, these apps have become the main way to keep families informed about their child’s day.

But to do this, they collect and store information. A lot of information. Often far more than parents realise. This includes your names and contact details, identity documents, and, over time, photos and videos, developmental notes, sleep and meal records, and health details. Behind the scenes, the app also stores data about who can access what, how long it’s kept, and where it lives in the cloud.

When implemented and used well, these apps can be helpful and convenient. But when used poorly, they can leave unnecessary digital footprints for children and expose sensitive information. Understanding what these apps do (and what they hold) is the first step in keeping your child’s digital world safe.

What are some watch-outs?

Childcare apps have become part of daily life in Australia, and most families are asked to sign consent forms without much explanation. While opting out completely is often difficult, you still have meaningful choices about what you consent to and how your child’s data is used. Here are our top tips.

What can I opt out of?

Many early childhood centres and schools rely on their app for incident reports, enrolment information, health/medical alerts, communication between staff and families, and learning documentation. These functions are rarely optional, so you may not always be able to opt out of these features.

But you can often request reduced participation, such as:

  • not appearing in group photos

  • not having your child’s face shared in the app or portal

  • not having photos shared with other families

  • restricting who can view or tag your child in posts

  • opting out of certain features (such as portfolios and stories)

Most centres and app vendors won't advertise this flexibility. Therefore, don’t feel pressured to sign default consent forms as-is. Like any other agreement between parties, you can cross out sections or add written notes like “No individual photos of my child”, “No sharing with other parents”, or “No off-platform backups or third-party use”. Make sure you follow up with a written note or email to the centre to remind them of your consent and changes.

What does consent mean?

Consent forms vary, but most apps bundle several types of consent together. When you sign up, you’re often agreeing to:

Use of your child’s personal information

This includes name, date of birth, room/class, attendance logs, and health or development records.

Uploading and storing images

You’re usually also consenting to:

  • educators taking photos of your child

  • uploading them to a private platform

  • storing them in a cloud environment you don’t control

  • other parents seeing group photos

  • your child appearing in other children’s portfolios

Sharing data with third parties

You may also be consenting to data being shared with:

  • cloud storage providers

  • analytics tools

  • payments systems

  • “service partners”

This is rarely explained clearly. Vendors or centres will argue it’s not problematic because all data that is shared with third parties is “deidentified” (meaning they don’t send your child’s or family’s names). But it still means third parties build a digital profile of you, your child, or your family members. It might affect the advertising you see on your device, and the vendor may still be able to combine third-party data with your identifiable data. In short: your child’s digital footprint (and yours) can grow quickly and invisibly.

What should I ask my centre when enrolling?

Ask to see the vendor or centre’s privacy and security policy

It’s not always the most riveting read, but you should be across the key concepts of the policies that govern your and your child’s data. You want to look for:

  • how your child’s data is collected, used and stored

  • whether photos and documents are encrypted

  • how long data is kept

  • who data is shared with (e.g. third parties) and for what purposes

  • how the vendor handles data breaches

  • how deletion works when you leave the centre

  • whether they rely on “best efforts” language (a red flag)

You definitely want to ask if the platform or centre have ever experienced a data exposure or leak, what nature of breach it was (and the volume of records affected), and which processes they have implemented since to avoid it in future.

Ask how long your child’s data is kept, and why

  • What’s the retention period for photos, identity documents, timeline updates, and reports while a child is attending childcare? And how does the retention period change, if at all, after care has ended? For data that is retained, what is the purpose of the retention? (Note that some records, such as attendance records, will need to be kept for up to 7 years)

  • Upon ending care, does the platform delete data or merely “deactivate” profiles? How are they informed that care has ended? What is the childcare centre’s policy in terms of notifying the vendor?

  • If data is deleted, does deletion apply across all copies (primary data, backup data, cloud storage)?

Ask your centre how your child’s photos and documents are stored

  • Where are images stored? (Ideally, secure cloud storage such as Google Cloud, Microsoft Azure, or AWS.)

  • If images are stored on the vendor’s own servers, this is a red flag: they’re unlikely to match cloud providers’ security standards.

  • Ask broadly how files in cloud storage are secured. You’re not after their exact architecture, but you want to hear terms like time-limited signed URLs, encrypted storage, or independent security assessments (e.g. PCI DSS Level 1).

What can I do myself?

Manage your own sharing habits. Don’t re-upload centre photos to public socials. And don’t share photos that include other children; you don’t know what other parents consented to, and even if you know, you want to act on the basis of minimising children’s digital footprints wherever possible.

If you decide to share a photo of your own child, regardless, ask others in your network to respect your privacy settings and avoid reposting.

Know your rights

  • You can request:

    • access to your data

    • correction

    • deletion

    • information about security

    • breach notifications

Conduct spontaneous searches in search engines to track if any records of your child might have leaked.

Childcare is a big transition, and navigating the digital side of it can feel overwhelming. But a few clear questions and practical steps can make a huge difference. You don’t need to understand cloud security or app architecture — just what to look for, what to ask, and what to expect. By staying informed and involved, you can help ensure your child begins their digital life with confidence, dignity and the smallest possible digital footprint.

Niels Wouters
Previous

What childcare software really does (and why it matters)