Last Updated: May 2026
Glow Worm ("we," "us," or "our") is committed to protecting the privacy and security of the
personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard
your information when you use the Glow Worm application and services (the "Service").
This policy is designed to comply with the Protection of Personal Information Act (POPIA) of
South Africa and other applicable data protection standards.
1. Information We Collect
To provide our childcare management services, we collect several types of information:
A. Information Provided by Schools/Staff
- Staff Profiles: Name, email address, job role, and school affiliation.
- Student Metadata: Name, date of birth, gender, and classroom assignment.
- Operational Data: Attendance records, daily activity logs (meals, sleep, hygiene), and
incident reports.
- Medical Information: Allergies, chronic conditions, and medication requirements.
B. Information Provided by Parents/Guardians
- Account Details: Name, email address, and relationship to the child.
- Digital Signatures: Hand-drawn signatures for incident reports and statement
acceptances.
C. Media Content
- Photos/Videos: Images of children uploaded by staff for daily reports or school galleries.
These are shared only with the specific family and authorized school staff.
D. Usage and Technical Data
- Device Information: IP address, device type, and operating system version.
- App Interactions: Log data regarding how you interact with the Service to help us improve
performance and security.
2. How We Use Your Information
We use the collected data solely for the following purposes:
- Care Coordination: Allowing staff to track and report on a child's well-being.
- Secure Communication: Facilitating messaging between parents and educators.
- Safety: Utilizing the QR-code pickup system and allergy alerts to ensure child safety.
- Administration: Managing subscriptions, billing, and school-wide announcements.
- Compliance: Maintaining an audit trail (logbook) of all significant staff actions.
3. Data Sharing and Disclosure
We do not sell your personal information to third parties. Data is shared only in the
following limited circumstances:
- Authorized Users: Child data is strictly restricted to linked parents/guardians and
authorized staff at the child's school.
- Service Providers: We may share data with trusted third-party service providers (e.g.,
Firebase for notifications, Mailgun for emails) who assist us in operating the Service.
- Legal Requirements: We may disclose information if required by law or in response to valid
requests by public authorities.
4. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: Data is encrypted in transit (using SSL/TLS) and at rest.
- Access Control: Role-based access ensures that users only see data relevant to their
specific permissions.
- Authentication: Secure session management and password hashing (bcrypt) protect user
accounts.
5. Data Retention
We retain personal information for as long as the school's subscription is active or as necessary to fulfill
the purposes outlined in this policy. Upon termination of a service or a specific request, we will securely
delete or de-identify data in accordance with our internal policies and legal obligations.
6. Your Rights (POPIA Compliance)
Under POPIA, you have the following rights regarding your personal information:
- Right to Access: You can request a copy of the personal information we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete data.
- Right to Objection: You can object to the processing of your personal information for
specific purposes.
- Right to Deletion: You can request the deletion of your personal data, subject to legal and
contractual retention requirements.
7. Children's Privacy
The Service is specifically designed for managing information about minors. We treat this data with the highest
level of care. We only process children's data with the consent of the School (acting as the data controller)
and the Parents/Guardians (the data subjects' representatives).
8. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact our
Information Officer at: