Current version: June 2026
1. IDENTITY OF THE DATA CONTROLLER
CDR TECH S.A.S.
Tax ID (NIT): 900.707.225-1
Address: Bogotá, Colombia
Email: kuidapp25@gmail.com
2. LEGAL FRAMEWORK
This Privacy Policy has been prepared in compliance with:
- Law 1581 of 2012 — Colombia's Personal Data Protection Law.
- Decree 1377 of 2013 — which partially regulates Law 1581 of 2012.
- Article 15 of the Political Constitution of Colombia — right to privacy and habeas data.
In the event of a conflict between this Policy and the Terms and Conditions of Use, the provision offering greater protection to the data subject shall prevail.
3. SCOPE OF APPLICATION
This Policy applies to all personal data collected, stored, used, or transmitted through the KuidApp platform, including the mobile application and any official communication channels of the Company.
It applies to all platform users: kindergartens, teachers, parents, guardians, and any person whose data is processed in connection with the use of the service.
4. PERSONAL DATA WE COLLECT
4.1. Parent and Guardian Data
- Full name.
- Email address.
- Phone number.
- Login credentials (encrypted access credentials).
4.2. Children's Data
- Full name.
- Date of birth.
- Photographs and videos uploaded within the platform.
- Daily activity reports.
- Attendance records.
- Teacher observations regarding educational and behavioral development.
- Basic health information: food or medication allergies, entered by parents, guardians, or the kindergarten administrator.
⚠️ Sensitive data: A child's health information (allergies) constitutes sensitive data under Article 5 of Law 1581 of 2012. Its processing requires express consent and will be carried out solely to ensure the child's well-being while at the kindergarten.
4.3. Kindergarten and Teacher Data
- Institution name and tax ID.
- Contact information of the legal representative or administrator.
- Name and contact details of authorized teachers.
- Information published within the platform (reports, photographs, communications).
4.4. Technical Data
- Device model and operating system.
- Application version.
- Installation identifiers (generated by Firebase Analytics, not linked to personal data).
- Access and activity logs within the platform (screens visited, features used).
- Application performance metrics.
5. PURPOSES OF DATA PROCESSING
Collected personal data will be used exclusively for the following purposes:
| Purpose | Data Involved |
|---|---|
| Providing the communication service between kindergarten, teachers, and parents | All user data |
| Managing daily activity reports and attendance | Child data |
| Monitoring the child's educational and behavioral development | Child data |
| Managing basic health information to ensure the child's safety | Health data (allergies) |
| Direct communication between parents and teachers within the platform | Contact data |
| Authentication and role-based access control | User credentials |
| Improving app usage experience and performance | Technical data (Firebase Analytics) |
| Compliance with legal obligations | As required by law |
The use of data for commercial or advertising purposes, or to train artificial intelligence models, is expressly prohibited.
6. LEGAL BASIS FOR PROCESSING
The processing of personal data is based on the following legal grounds:
- Informed consent: By accepting this Policy and the Terms and Conditions, the user consents to the processing of their data and that of the minor in their care.
- Contract performance: Processing is necessary to provide the service agreed between the kindergarten and CDR TECH S.A.S.
- Legal obligation: Processing may be required to comply with obligations imposed by Colombian law.
- Legitimate interest: Processing of technical app usage data to ensure the security and proper functioning of the service.
For a child's health data (allergies), the legal basis is the express consent of the parent or guardian, in accordance with Article 6 of Law 1581 of 2012.
7. PROCESSING OF CHILDREN'S DATA
7.1. Best Interests of the Child
KuidApp recognizes that children's data deserves special and heightened protection. All processing of children's data will be carried out in the child's best interests and with strict respect for their fundamental rights.
7.2. Mandatory Parental Authorization
No personal data of a minor will be processed without the prior, express, and informed authorization of their parents or legal representatives. This responsibility lies primarily with the kindergarten, which must obtain and retain such authorizations before registering a child on the platform.
Parents' or guardians' acceptance of this Policy upon registering on the platform constitutes their informed consent.
7.3. Health Data (Allergies)
- May only be entered by parents, guardians, or the kindergarten administrator.
- Used exclusively to protect the child's physical well-being at the kindergarten.
- Not shared with third parties under any circumstances.
- Parents may update or request deletion of this data at any time.
7.4. Photographs and Multimedia Content
- Stored securely on Azure infrastructure.
- Visible only to authorized users within the platform.
- Not public or accessible from outside the app.
- Will be deleted within 30 calendar days of account cancellation.
7.5. Prohibition of Unauthorized Use of Children's Content
The use of photographs, videos, or other content of minors for any purpose other than communication between the kindergarten and families within the platform is absolutely prohibited. KuidApp will not publish, sell, or transfer such content to third parties.
8. INFRASTRUCTURE AND STORAGE
8.1. Infrastructure Provider
Personal data is stored on servers managed by Microsoft Azure, in the East US region (United States). Although these servers are physically located outside Colombia, Microsoft Azure contractually guarantees security standards equivalent to or exceeding those required by Colombian law.
8.2. Technology Service Providers
| Provider | Service | Accessible Data |
|---|---|---|
| Microsoft Azure | Storage, database, backend | User and child data |
| Google Firebase | Analytics (Firebase Analytics), authentication, push notifications | Technical data and session identifiers |
These providers act as data processors under the instructions of CDR TECH S.A.S. They are not authorized to use the data for their own purposes.
8.3. Firebase Analytics
The application uses Firebase Analytics to collect usage data in an anonymous and aggregated manner. This includes:
- Installation identifiers (not linked to identifiable personal data).
- In-app navigation events.
- Device information (model, OS, app version).
- Performance metrics.
This information does not allow any individual user to be identified. Firebase privacy policy: https://firebase.google.com/support/privacy.
9. DATA RETENTION AND DELETION
| Data Type | Retention Period |
|---|---|
| Active user data | For the duration of the account |
| Data after account cancellation | Up to 12 additional months |
| Photographs and multimedia content | Up to 30 calendar days after cancellation |
| Health data (allergies) | Up to 30 calendar days after cancellation or deletion request |
| Technical and access logs | Up to 6 months from generation |
After these periods, KuidApp will proceed to the secure deletion or anonymization of the data. If a legal obligation requires retention for a longer period, such obligation will be respected.
10. DATA SUBJECT RIGHTS (ARCO RIGHTS)
Under Law 1581 of 2012, data subjects have the following rights:
- Access: To know what personal data KuidApp processes about you or the minor in your care.
- Rectification: To request correction of inaccurate or outdated data.
- Cancellation: To request deletion of data that is no longer necessary or when you have withdrawn your consent.
- Opposition: To object to data processing when it is not necessary for the provision of the service.
10.1. How to Exercise Your Rights
Submit a written request to kuidapp25@gmail.com including:
- Full name and identification.
- The right you wish to exercise.
- Description of the data the request concerns.
- Documents proving your identity or legal representation of the minor.
Response time: Maximum 10 business days from receipt of the request. If the request cannot be resolved within that period, you will be notified of the reasons and the estimated response date.
10.2. Right to Delete Account
Users may request account deletion directly within the application at Settings > Account > Delete Account, or by sending a request to kuidapp25@gmail.com.
11. INFORMATION SECURITY
CDR TECH S.A.S. implements the following measures to protect personal data:
Technical measures:
- Data transmission under HTTPS/TLS protocol.
- Encryption of access credentials.
- Role-based access control (RBAC).
- Restriction of information visibility according to user profile.
Organizational measures:
- Restricted internal access: only CDR TECH personnel with a demonstrated operational need may access data.
- Confidentiality policy for employees and contractors with access to data.
Security breach protocol:
In the event of a security breach affecting personal data, CDR TECH S.A.S. will:
- Notify affected users as soon as possible.
- Report the incident to the Superintendencia de Industria y Comercio (SIC) in accordance with applicable regulations.
- Take the corrective measures necessary to contain and remediate the incident.
If you detect a vulnerability or misuse, please report it to: kuidapp25@gmail.com
12. INTERNATIONAL DATA TRANSFERS
Data is stored on Microsoft Azure servers in the East US region. This transfer of data to infrastructure located outside Colombia is carried out under the following guarantees:
- Microsoft Azure holds international security certifications (ISO 27001, SOC 2, among others).
- The agreement with Microsoft Azure includes data protection clauses equivalent to the standards required by Law 1581 of 2012.
- Data is not transferred or sold to unauthorized third parties.
Google Firebase (Google LLC) may also involve the transfer of technical data to servers in the United States, under Google's privacy policies, which comply with international data protection standards.
13. COOKIES AND TECHNICAL IDENTIFIERS
The KuidApp mobile application does not use cookies in the traditional sense (browser-based cookies). However, it uses equivalent technologies in the mobile environment:
- Firebase installation identifiers: Automatically generated by Firebase Analytics upon app installation. Not linked to personally identifiable data and used exclusively for aggregated usage analytics.
- Session tokens: Generated to maintain the user's session securely. Deleted upon logout.
- Push notification tokens (FCM): Generated by Firebase Cloud Messaging for sending notifications. Used solely for this purpose and not shared with third parties.
Users may revoke push notification permissions from their device settings at any time.
14. MODIFICATIONS TO THIS POLICY
CDR TECH S.A.S. reserves the right to update this Privacy Policy when necessary. Changes will be communicated through:
- In-app notice.
- Email to registered users.
When changes affect the processing of children's data or involve the use of sensitive data, new express consent will be requested from parents or legal representatives.
Continued use of the platform after notification of changes will constitute acceptance of the updated Policy.
15. CONTACT AND EXERCISE OF RIGHTS
For any inquiry, request, or report related to the processing of personal data:
Company: CDR TECH S.A.S.
Tax ID (NIT): 900.707.225-1
Email: kuidapp25@gmail.com
City: Bogotá, Colombia
Supervisory authority: If you believe your rights have been violated, you may file a complaint with the Superintendencia de Industria y Comercio (SIC):
Website: https://www.sic.gov.co
Last updated: June 2026