Seedling← Back to home

Privacy Policy

Effective date: June 15, 2026

This Privacy Policy explains how Seedling LLC, a Michigan limited liability company ("Seedling," "we," "us"), handles personal information in connection with the Seedling platform and services at goseedling.com (the "Services"). It is part of, and incorporated into, our Terms of Service.

1. Two roles: controller vs. processor

We handle personal information in two capacities:

  • As a controller for information about the account holders, Provider staff, and visitors who interact with us directly — for example, registration, billing, support, and website-usage information.
  • As a service provider / processor on behalf of Providers for the information a Provider and its families put into the Services about children and families ("Customer Data," including "Child Information"). The Provider controls that information, decides how it is used, and is responsible for the required notices and consents. If you are a parent or guardian with questions about a child's information, please contact your Provider.

2. Information we collect

  • From Providers and staff: name, email, phone, role, and account, billing, and support information.
  • From guardians/parents: name, contact details, family relationships, and payment information (payment-card details are collected and stored by Stripe, not by us).
  • Child Information entered by Providers and guardians: such as name, date of birth, photos and media, allergy/medical/medication information, immunization records, emergency contacts, attendance, and activity logs.
  • Automatically: device, log, and usage information, and limited analytics about how the Services are used.
  • Communications: emails and messages sent through or in connection with the Services, including replies.

3. Children's privacy and COPPA

The Services are intended for use by adults (Providers and guardians), not by children. We do not knowingly collect personal information directly from children. Child Information is provided to us by Providers and guardians, and we process it on the Provider's behalf. The Provider is responsible for obtaining any consent required under COPPA, FERPA, or similar laws. We do not use Child Information for behavioral advertising, and we do not sell it. A parent or guardian who wishes to review, correct, or delete a child's information should contact the Provider; we will assist the Provider with such requests.

4. How we use information

We use information to: provide, operate, secure, and improve the Services; process payments through Stripe; send service and transactional communications; respond to support requests; maintain safety and prevent abuse; and comply with law. We may use aggregated or de-identified data to improve the Services. We do not sell personal information, do not use Customer Data or Child Information for advertising, and do not use it to train artificial-intelligence models.

5. How we share information (subprocessors)

We share information with service providers who help us operate the Services — including providers of cloud hosting and infrastructure, database and file storage, and email delivery — under contracts that limit their use of it to providing services to us. A current list of our subprocessors is available to Providers on request at support@goseedling.com.

Payment processing is provided by Stripe. Stripe processes payment information directly and has its own direct relationship with Providers and Guardians; see Section 11 of our Terms of Service and Stripe's own terms and privacy policy.

We also share information with the relevant Provider (for its own data); when required by law or to protect safety and legal rights; and in connection with a merger, acquisition, or sale of assets. We do not sell personal information or share it for cross-context behavioral advertising.

6. Photos and media

Photos and "moments" are shared within a private, closed network to authorized recipients only and are not used for advertising or marketing. Moments are retained for approximately twenty-four (24) months and then deleted in the ordinary course, unless a Provider's settings or applicable law require otherwise. On termination of a Provider's account, the data-export and deletion timeline in the Terms of Service controls over this retention period.

7. Data retention and deletion

We retain personal information for as long as needed to provide the Services and as described in our Terms, then delete or de-identify it, subject to a reasonable period for residual backups and any retention required by law. Deletion of Customer Data on termination is addressed in the Terms of Service.

8. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information, including encryption of data in transit and at rest, role-based access controls, database-level tenant isolation (row-level security), private storage with access controls for sensitive documents, network and rate-limiting protections, and use of infrastructure providers that maintain recognized security certifications (such as SOC 2). We periodically review our security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Security incidents

If we become aware of a breach of security leading to the unauthorized access, disclosure, or destruction of Customer Data, we will notify the affected Provider without undue delay and provide information reasonably available to us to help the Provider assess the incident and meet its own legal obligations. Because the Provider is the controller of Customer Data, the Provider is responsible for determining whether notification to families, guardians, regulators, or others is required and for making any such notifications. We will reasonably cooperate with the Provider's response.

10. Your choices and rights

  • Account and child information: Providers and guardians can access and update much of their information within the Services. Requests about a child's information should go to the Provider.
  • Email preferences: you can unsubscribe from non-essential emails; service and transactional emails are necessary to use the Services.
  • Payment information: managed through Stripe.
  • State privacy rights: depending on where you live, you may have rights to access, correct, or delete personal information we control; contact us at support@goseedling.com. For Child Information and other Customer Data, we will direct or assist requests through the relevant Provider.
  • Sale/sharing: We do not sell personal information or share it for cross-context behavioral advertising, as those terms are defined under applicable state privacy laws (including the CCPA/CPRA). We do not process sensitive personal information, including Child Information, for purposes other than providing the Services.
  • How to exercise rights: Email support@goseedling.com. We will verify your request as required by law and respond within the timeframe the applicable law requires. You may use an authorized agent where the law permits.

11. Where information is processed

The Services are operated using U.S.-based cloud infrastructure and service providers. The Services are intended for use in the United States.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice as appropriate.

13. Contact

Seedling LLC
Email: support@goseedling.com