Legal

Privacy & Disclaimer.

Last Updated: 14 June 2026 · Version 3.1

KidsFirst Vision Pty Ltd ("we", "us", or "our") recognises that your privacy is very important and we are committed to protecting the personal information we collect from you.

This Privacy & Disclaimer Statement applies to users of the KidsFirst App and website in Australia, New Zealand, and Singapore. Jurisdiction-specific rights and obligations are set out in the regional appendices at the end of this Statement (Sections A–C).

Depending on your country of residence, this Statement is governed by:

  • Australia: Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) (including 2024 amendments), and the Children's Online Privacy Code where applicable.
  • New Zealand: Privacy Act 2020 and the Information Privacy Principles (IPPs).
  • Singapore: Personal Data Protection Act 2012 (PDPA).

1. Collection of Personal Information

1.1 Types of Information Collected

We may collect and hold personal information about you that can identify you and is relevant to providing you with the services or products you are seeking. This information may include:

  • Identity Data: Name, age, gender, contact details.
  • Account Data: Email address, password (hashed), authentication tokens, device identifiers.
  • Co-parenting Data: Event details, shared documents, expense records, messages.
  • Communications Data: Messages exchanged through the App (including original and AI-processed versions).
  • Children's Data: Names, dates of birth, schedules, and other details about children provided by their parents or guardians.
  • Technical Data: IP address, device type, operating system, app version, crash logs.
  • Metadata: Technical data associated with uploaded files (which may include timestamps or location data, though we attempt to strip this).

1.2 Method of Collection

Personal information is generally collected directly from you through our website, mobile application, email, phone calls, or online forms. We may also collect information from third parties acting on your behalf (for example, a solicitor or counsellor) or indirectly when impractical to collect it directly.

1.3 Purpose of Collection

We collect and use your personal information to:

  • Provide products or services to you or someone you know.
  • Facilitate constructive communication between co-parents through AI-powered message analysis.
  • Send newsletters or information you have requested.
  • Manage our internal business operations and fulfil legal obligations.
  • Improve our products, services, and user experience.

1.4 Legal Basis for Processing

Where applicable law requires us to identify a legal basis for processing, we rely on the following:

  • Performance of a contract: To provide the App's core services to you.
  • Consent: Where you have provided explicit consent (e.g., marketing communications).
  • Legitimate interests: To improve our services, ensure security, and prevent abuse, where such interests are not overridden by your rights.
  • Legal obligation: To comply with applicable laws, court orders, and regulatory requests.
  • Vital interests: To protect the safety of users, particularly children, in emergency situations.

1.5 Internet Users & Analytics

When you access our website, we may collect information such as your IP address, domain name, and browsing activity.

  • Analytics: We may use a third-party analytics service (for example, Google Analytics) to understand how our website and app are used, solely to measure and improve performance.
  • No Advertising or Remarketing: We do not run advertising, and we do not use advertising or remarketing trackers (such as advertising pixels) to target you on third-party websites. We do not sell or trade your personal information.

1.6 Children's Information

As a co-parenting application, we process information about children as provided by their parents or guardians. We:

  • Only collect children's information from verified parent/guardian accounts.
  • Do not knowingly allow account creation by anyone under 18.
  • Process children's information solely to facilitate co-parenting arrangements.
  • Allow parents/guardians to review, correct, or delete their children's information upon request.
  • Adhere to applicable children's privacy protections in each jurisdiction where we operate (see regional appendices).

Parents and guardians are responsible for ensuring they have the legal authority to provide information about a child, including consent from any other parent/guardian where required by law or court order.

1.7 AI-Powered Communication Features (Automated Decision Making)

Our application includes AI-assisted tools designed to promote constructive communication between co-parents. This involves Automated Processing where algorithms filter and may rewrite content before delivery.

  • Real-time Message Analysis: We process message content to identify and filter aggressive, abusive, or harmful language.
  • Data Minimisation: Before message content reaches the AI language model, we apply automated safeguards that detect and remove personal details (such as names and contact information) so the model does not process them in identifiable form. These safeguards are automated and best-effort; while we continually improve them, they are not guaranteed to remove every identifier. This processing takes place within AWS infrastructure in Australia.
  • No Training on User Data: We do not use your private message content to train AI models, and we do not permit our processors to do so. Your message is sent for processing solely to handle that specific message.
  • Processed Within AWS: Message processing is performed using Amazon Web Services (AWS Bedrock), within AWS infrastructure, with our primary processing region in Australia (AWS ap-southeast-2). These services are bound by confidentiality and privacy safeguards consistent with the privacy laws applicable to you. If we engage any additional AI provider in the future, we will update this Statement and notify you before that change takes effect.
  • Integral Service Feature: The AI filtering technology is a core component of the KidsFirst safety architecture. To ensure a protected environment for all users, this feature is always active and cannot be disabled. By using our messaging service, you acknowledge that automated processing is a mandatory condition of use.
  • No Legal or Similarly Significant Effects: The AI does not make decisions about you that produce legal or similarly significant effects. It only filters/rewrites the wording of messages to support constructive communication.
  • Human Review: If you believe an AI-processed message has been handled incorrectly, you may contact us at privacy@kidsfirst.app to request human review of the processing logs related to your account.

By using our messaging features, you acknowledge and consent to this automated processing of your message content for conflict-de-escalation purposes.

2. How We Use & Disclose Personal Information

We use and disclose personal information only for the purposes for which it was collected or as otherwise permitted by law. We may disclose information to:

  • Our related entities to support internal operations.
  • Third-party service providers (such as cloud hosting, data storage, analytics, and customer-support partners) who assist in operating our services.
  • Professional advisers (e.g., legal and accounting).
  • Government authorities when required by law.

All third-party providers are required to handle information in accordance with confidentiality and privacy obligations consistent with the privacy laws applicable to you. We do not sell or trade your personal information, and we do not disclose it for third-party advertising.

2.1 Overseas / Cross-Border Disclosure

Some of our service providers store or process data outside your country of residence. Our primary processing locations are:

  • Australia (AWS ap-southeast-2 region – primary data residency, including AI message processing via AWS Bedrock).
  • United States (e.g., certain AWS services, Firebase/Google).
  • Singapore (e.g., certain AWS services for users in the APAC region).
  • European Union (limited backup services).

Where personal information is disclosed overseas, we take reasonable steps to ensure that those recipients handle your information consistently with the privacy laws applicable to you. Specifically:

  • For Australian users: We comply with APP 8 (cross-border disclosure).
  • For New Zealand users: We comply with IPP 12 (disclosure outside New Zealand).
  • For Singapore users: We ensure overseas recipients provide a standard of protection comparable to the PDPA, including through contractual safeguards.

2.2 Marketing Communications

We may send you updates or promotional information about our own services if you have provided consent. You can opt out of marketing communications at any time by following the unsubscribe link in our messages or by contacting us directly.

2.3 Business Transfers (Mergers & Acquisitions)

If KidsFirst Vision Pty Ltd is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred to the acquiring entity as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

3. Security, Retention & Deletion of Your Information

We store personal information in secure electronic systems. We take reasonable steps to protect information from loss, unauthorised access, destruction, or misuse. Access is restricted to authorised personnel, and data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

3.1 Upload Safety (Metadata)

When you upload photos or files, they may contain metadata (such as GPS location). While we aim to strip this data for your safety, you are responsible for ensuring that files you share do not inadvertently reveal sensitive locations (e.g., via background details in photos or unstripped GPS tags).

3.2 Data Retention and Deletion

We retain personal information only for as long as necessary to provide our services or as required by law. Indicative retention periods are:

  • Active account data: For as long as your account is active.
  • Deleted account – private data: Permanently deleted or de-identified within 30 days of deletion request, unless legal retention is required.
  • Shared Content (co-parenting record): Retained in the connected co-parent's account view to preserve the integrity of the co-parenting record. May be retained indefinitely while that co-parent's account remains active.
  • Backups: Encrypted backups may persist for up to 90 days after deletion before being fully purged.
  • Legal and compliance records: Retained only as long as required by applicable law (e.g., financial records for 7 years where applicable).

Requesting Deletion: You may request deletion of your account and associated data at any time via in-app settings (Settings > Account & Security > Delete Account) or at kidsfirst.app/delete-account.

Shared Records: Please note that data you have already shared with a co-parent (Shared Content) may be retained in their account view to preserve the integrity of the co-parenting record.

3.3 Data Breach Notification

If we become aware of a data breach likely to cause serious harm, we will promptly notify affected individuals and the relevant regulator(s) in your jurisdiction, outlining steps taken to contain and mitigate the breach. The applicable regulator is identified in the regional appendices below.

4. Access & Correction

You may request access to or correction of your personal information at any time by contacting us in writing at contact@kidsfirst.app. We will respond to verified requests within 30 days (or sooner where required by local law). If we refuse access or correction, we will provide written reasons and inform you of available complaint mechanisms.

Additional rights specific to your jurisdiction (such as withdrawal of consent, portability, or restriction of processing) are set out in the regional appendices.

5. Links to Other Websites

Our website may contain links to other sites. We are not responsible for the privacy practices or content of linked websites and recommend reviewing their policies.

6. Changes to This Privacy Statement

We may update this policy periodically to reflect new laws, technologies, or business practices. Any updated version will be published on our website with a new "Last Updated" date. Where changes are material, we will provide additional notice via email or in-app message.

7. Complaints & Contact Details

7.1 Privacy Officer

You may contact our Privacy Officer with any privacy-related questions, requests, or complaints at:
Email: privacy@kidsfirst.app
For general enquiries: contact@kidsfirst.app

7.2 Complaints

If you wish to make a complaint about how we have handled your personal information, please contact our Privacy Officer first. We will investigate and respond within a reasonable timeframe (typically 30 days). If you are not satisfied with our response, you may contact the relevant regulator in your jurisdiction (see the appendices below).

Appendix A – Australia

A.1 Governing Law

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the 2024 amendments and the Children's Online Privacy Code where applicable.

A.2 Your Rights

  • Access your personal information (APP 12).
  • Request correction of your personal information (APP 13).
  • Opt out of direct marketing (APP 7).
  • Not be identified by a government identifier where avoidable (APP 9).

A.3 Regulator

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au · Phone: 1300 363 992

Appendix B – New Zealand

B.1 Governing Law

We comply with the Privacy Act 2020 and the Information Privacy Principles (IPPs).

B.2 Your Rights

  • Access your personal information (IPP 6).
  • Request correction of your personal information (IPP 7).
  • Be informed about how your information is collected and used.
  • Object to certain processing.
  • Be notified of any privacy breach likely to cause serious harm.

B.3 Cross-Border Disclosure

In accordance with IPP 12, when we disclose your personal information to a recipient outside New Zealand, we take reasonable steps to ensure that the recipient is subject to privacy protections comparable to the Privacy Act 2020, including through contractual safeguards.

B.4 Regulator

Office of the Privacy Commissioner (New Zealand)
Website: www.privacy.org.nz · Phone: 0800 803 909

Appendix C – Singapore

C.1 Governing Law

We comply with the Personal Data Protection Act 2012 (PDPA) and any subsidiary legislation, including the Advisory Guidelines issued by the Personal Data Protection Commission (PDPC).

C.2 Your Rights

  • Access: Request access to your personal data and information about how it has been used or disclosed in the past 12 months.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Withdraw Consent: Withdraw consent to the collection, use, or disclosure of your personal data, subject to reasonable notice (typically 10 business days). Note that withdrawing consent for essential processing may result in our inability to provide the Service.
  • Data Portability (once provisions are in force): Request transfer of certain data to another organisation.

C.3 Data Protection Officer

In accordance with the PDPA, we have appointed a Data Protection Officer (DPO):
Email: dpo@kidsfirst.app

C.4 Do Not Call (DNC) Registry

We respect the Singapore Do Not Call Registry. We will not send marketing messages to Singapore phone numbers registered on the DNC Registry without clear and unambiguous consent.

C.5 Regulator

Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg

© 2026 KidsFirst Vision Pty Ltd