Kimshi Simple
Kimshi Simple
OverviewSee how Kimshi Simple helps kids clubs calm bookings, registers, payments, and parent messages.What is Kimshi Simple?Understand how the product keeps club admin connected without adding more busywork.FeaturesExplore the tools for bookings, registers, payments, parent updates, and day-to-day club admin.PricingSee what happens after a preview and how live club plans work.MomentumSee how prepared follow-up helps with parent questions and schedule changes.SecurityReview platform security, compliance, and protection practices.
Kids Clubs
BlogArticles about operating session-based businesses and using the platform.HelpSupport for sign-in, MFA, and account access.ContactGet in touch about the product, setup, or your use case.
Company
Sign inGet started

Privacy Policy

Last updated: 2026-05-21

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect personal data. We comply with UK GDPR and applicable international laws.

We act as:

  • Data Controller: for data you provide to register your account.
  • Data Processor: for data you store in our platform about your clients, staff, and business operations.

2. Data We Collect

As Controller:

  • Name
  • Email
  • Business details
  • Login information
  • Usage logs

As Processor (data you upload):

  • Client names (including children’s names)
  • Email addresses
  • Phone numbers
  • Addresses
  • Family, guardian, attendee, and participant profile details
  • Booking, attendance, and operational history
  • Staff records, roles, suitability, and safety-check information
  • Uploaded files (images, PDFs, documents)

Where a customer chooses to use restricted sensitive-data features, we may process special-category data and other sensitive operational records on that customer’s instructions. This may include health information, allergies, medical conditions, medication or equipment needs, disability or access needs, dietary requirements, emergency instructions, welfare notes, safeguarding-related information, incident records, and staff suitability or safety-check records.

Our customer is responsible for deciding what sensitive information to collect, identifying the lawful basis and any special-category condition, and providing privacy information to the people whose data is collected.

3. Data Storage Location

Primary storage regions:

  • eu-west-1 (Ireland)
  • eu-west-2 (London)

Supporting services operate in:

  • us-east-1 (Virginia)
  • Global edge locations (CloudFront)

4. International Data Transfers

CloudFront and some AWS services process:

  • IP addresses
  • Request metadata
  • Publicly served files

For transfers outside the UK/EU, we use:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum

5. How We Use Data

We process data to:

  • Provide and maintain the Service
  • Host websites and content
  • Enable scheduling, bookings, staff management
  • Ensure security
  • Improve functionality

6. No Review of User Content

We do not actively monitor or examine user-uploaded content.

Users are fully responsible for:

  • Content legality
  • Data subject permissions
  • Compliance with privacy laws

7. Subprocessors

We use third-party providers including AWS, Stripe, and email delivery services. A full list is provided in our Subprocessor Disclosure.

8. Security Measures

Security measures include:

  • Encryption at rest and in transit
  • AWS IAM access controls
  • Backups
  • Logging and monitoring

See our Security & Data Protection page for more detail.

9. Data Retention

We retain data as long as:

  • Your account remains active, or
  • Applicable law requires retention.

Upon termination, data is deleted within 90 days unless backup retention applies.

10. Your Rights (UK & EU)

You may:

  • Access your data
  • Request correction
  • Request deletion
  • Object to processing
  • Request data export

Requests are processed within 30 days.

Contact

Email: privacy@kimshisimple.com