Where is my data stored?

Your data is stored on EU-hosted PostgreSQL servers. Connections are encrypted and the database is not publicly accessible.

Is CrecheHQ GDPR compliant?

CrecheHQ is built with GDPR-conscious processes throughout. We strip EXIF metadata from images, encrypt data in transit and at rest, support data subject access requests, and provide full data export capabilities.

Can I export my data?

Yes. You can export your data at any time in structured formats. There is no lock-in and no additional charge for data export.

How do you handle children's photos?

All uploaded images have EXIF metadata automatically stripped, including GPS coordinates. This protects children's location privacy.

What happens if there is a security incident?

We contact affected customers directly by email with a clear explanation of what happened, what data was affected, and what steps we have taken. We do not rely on a status page alone.

Who can I contact about data protection?

Contact our Data Protection team at support@crechehq.ie for any data protection queries, subject access requests, or concerns.

Trust & Security

Your data, handled with care

Children's data deserves the highest standard of protection. Here is exactly how we handle yours.

Data handling

EU-hosted PostgreSQL database
Encrypted connections between all services
No public database access — private network only
Automated backups

Access controls

Role-based access: Owner, Admin, Staff, Parent
Permission-gated modules — staff see only what they need
Multi-tenant isolation — each creche is fully separated
Multi-factor authentication available

Payments infrastructure

Payments handled by Stripe (PCI-DSS Level 1)
Card details never touch CrecheHQ servers
Secure payment links sent to parents
Full payment audit trail

GDPR and data protection

EXIF metadata stripped from all uploaded images
No GPS data retained from children's photos
Data subject access requests supported
Data Protection contact: support@crechehq.ie

Data ownership and exports

Your data is always yours
Full data export available at any time
No lock-in — leave and take your data with you
Structured export formats for migration

Incident communication

Direct email notification if an issue affects your data
Clear communication about what happened and what we did
Post-incident summary provided
No hiding behind status pages — we contact you directly

What we do and don't do

Clear commitments, no ambiguity.

What we do

What we don't do

Host your data within the EU

Transfer data outside the EU

Encrypt connections and data at rest

Store passwords in plain text

Strip GPS metadata from children's photos

Retain location data from images

Let you export your data at any time

Lock your data behind paywalls

Separate each creche's data completely

Share data between organisations

Contact you directly if something goes wrong

Hide incidents or downplay issues

Role-based access

Every user sees only what they need. Staff, parents, and administrators have separate access levels.

Owner

Full access to settings, billing, staff management, and all data.

Admin

Day-to-day operations, attendance, invoicing, and scheme administration.

Staff

Attendance, daily logs, and room-specific information only.

Parent

Their own child's information, invoices, and communication only.

Security questions

Questions about security?

We are happy to discuss how we protect your data in more detail.

Create account