Privacy Policy

FamilyStack is a trading name of Rescout Limited, registered in England and Wales (company number 15690139). We are registered with the Information Commissioner's Office under registration number ZC121870.

We are the data controller for personal data processed through familystack.co.uk.

Contact: contact us

We collect the following categories of personal data:

Account data: email address and the date your account was created.

Childcare data you provide: children's names and dates of birth, household income, employment status, childcare costs, nursery invoice contents.

Invoice analysis data: nursery name, invoice reference, invoice date, invoice amounts. Names extracted from invoices (parent name, children's names as they appear on the invoice) are stored separately and deleted after 90 days or immediately when you mark a dispute as resolved.

Payment data: your payment is processed entirely by Stripe. We do not store card numbers or bank details. We receive confirmation of payment and your Stripe customer ID only.

To provide the service: calculating childcare entitlements, analysing invoices, generating dispute letters, and showing your salary optimisation options.

To send transactional emails: purchase confirmation, sign-in link emails, dispute letter reminders (personal details expiry notice, letter not sent, awaiting nursery response). You can unsubscribe from reminder emails at any time.

What we never do: we never sell your data, share it with advertisers, or use it to build profiles for marketing.

When you upload a nursery invoice, the full document is sent to AWS Bedrock for AI analysis. The AI extracts entity references (parent name, children's names) and returns its analysis with those references replaced by tokens such as [PARENT] and [CHILD_1]. The nursery's name is kept as-is rather than tokenised, because dispute and escalation letters generated from the analysis are addressed to the nursery. The mapping between tokens and real names is stored separately in our database and deleted after 90 days, or sooner if you mark the dispute as resolved.

AWS and Anthropic's Bedrock terms confirm that data submitted to Bedrock is not used to train models. See the Sub-processors section below for the full data flow.

Contract performance (Article 6(1)(b) UK GDPR): processing your childcare data to provide the tools you have purchased or signed up to use.

Legitimate interests (Article 6(1)(f) UK GDPR): fraud prevention and security monitoring.

Legal obligation (Article 6(1)(c) UK GDPR): retaining transaction records as required by HMRC.

We process children's dates of birth and names to calculate childcare entitlements and analyse invoices. We do not use this data for any purpose other than providing the service to the parent or guardian who created the account.

Children's names extracted from nursery invoices are stored for 90 days only and are never used for profiling, advertising, or any secondary purpose.

Account data: retained until you delete your account.

Invoice analysis results: retained permanently. Personal names are replaced with tokens (e.g. [PARENT], [CHILD_1]) before being stored; the token-to-name mapping is held separately and follows the 90-day schedule below.

Invoice names (parent and children's names extracted from invoices): deleted after 90 days, or immediately when you mark a dispute as resolved.

Transaction records: retained for 7 years as required by HMRC.

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (right to erasure)
• Restrict our processing of your data while a query or correction is being resolved
• Export your data (right to portability)
• Object to processing based on legitimate interests
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us. We will respond within 30 days.

To delete your account, send an email from the address registered to your account — either directly to hello@familystack.co.uk or via the "Request account deletion" link on your account page, which opens a pre-filled email to the same address. We action deletion within 30 days as required by UK GDPR, and confirm in writing when complete.

FamilyStack uses only strictly necessary cookies: authentication session cookies set by Supabase (required for you to stay logged in) and payment session cookies set by Stripe (required to complete purchases). No advertising or tracking cookies are used. No cookie consent banner is required for strictly necessary cookies.

Analytics. We use Plausible Analytics to measure how the service is used in aggregate. Plausible is privacy-focused and does not use cookies, does not store any information on your device, and does not identify or track individual visitors across visits or sessions. The data it processes (such as page paths, referrer, country, browser, and device type) is anonymous and aggregated. The lawful basis for this processing is our legitimate interest in understanding and improving the service.

We use the following third-party services to provide FamilyStack:

Amazon Web Services (AWS) — compute (Lambda), AI inference (Bedrock), and static hosting (S3 + CloudFront). Compute and hosting run from eu-west-2 (London, United Kingdom). AI inference uses an EU-only cross-region inference profile, routing requests within the United Kingdom and European Economic Area (eu-west-1, eu-west-2, eu-west-3, eu-central-1, eu-north-1, eu-south-1, eu-south-2). The AWS GDPR DPA applies automatically under AWS Service Terms.

Anthropic operates as AWS's sub-processor for the Claude language model inside Bedrock. AWS and Anthropic's Bedrock terms confirm that data submitted to Bedrock is not used to train models.

Supabase — database and authentication. Data stored in eu-west-2 (London, United Kingdom). DPA signed April 2026.

Brevo (Sendinblue SAS) — transactional email delivery (sign-in links, purchase confirmations, dispute-letter reminders). Brevo is established in France and processes data within the European Economic Area. DPA available at www.brevo.com/legal/termsofuse/.

Stripe — payment processing. Stripe Payments Europe Limited (SPEL). DPA incorporated into Stripe Services Agreement.

Plausible Analytics (Plausible Insights OÜ) — privacy-focused web analytics. Established in Estonia and processes data within the European Economic Area. We use Plausible to understand aggregate usage of the service (such as which pages are most visited and which features are most used) so we can improve it. Plausible does not use cookies or other persistent identifiers and does not track visitors across sessions. DPA available at https://plausible.io/dpa.

Your data is processed within the United Kingdom and European Economic Area. Payment data handled by Stripe may be transferred internationally under their UK International Data Transfer Addendum (IDTA) safeguards.

All data is encrypted in transit (TLS) and at rest (AES-256). Invoice names are additionally encrypted at the application level before database storage. Access to personal data is restricted to authorised systems only.

We may update this policy from time to time. If we make significant changes, we will notify you by email. The current version is always available at familystack.co.uk/childcare/privacy.

Questions or concerns? Contact us.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. Our ICO registration number is ZC121870.

Rescout Limited · Registered in England and Wales · Company number 15690139 · ICO registration ZC121870