Privacy Policy

This policy explains what information The Growth Collective Limited trading as Kindo (TGCL, Kindo) collects, how we store this information, and the steps we take to protect it.

The purpose of this document is to explain to schools the privacy processes TGCL have in place for handling sensitive school data, so the school may be confident that data is handled appropriately and per the commitment they have made to their families.

Kindo Storage and Management of API Data

TGCL work with some third-party systems, such as Student Management Systems, and use APIs to receive data for providing the Kindo service. The following relates to the storage and management of this data:

All web traffic is over secure http (i.e. https) and is terminated at Kindo servers.
Kindo serves all traffic from Kindo servers rather than trust third party content delivery networks.
User passwords in the Kindo database are stored as ‘hashes’ only (per standard best practice).
Off-site backups made by Kindo are encrypted. 
Manual data exchange with schools uses a secure facility provided by Microsoft Office 365 and this is kept to a minimum.

Kindo’s website and production database is hosted in New Zealand an enterprise class cloud environment by Voyager. Customers will be notified of any relocation or expansion of the cloud infrastructure, including system components, user data and related data; and any additional access to data e.g. more staff with access to encryption keys and encrypted data, via announcement in the News section of the Kindo website.

Kindo and SMS API Specifics

Calls to the SMS (Student Management System) APIs should provide only data which is relevant to Kindo (see Saved data below). Only data which is relevant to the Kindo service is stored or utilised by Kindo, all other information is discarded at code level by Kindo software as it is received from the SMS.

Kindo requests roll data from the SMS service, and requests are made on a per-school basis. This data is received from an internet connection (https) by Kindo software, which performs several tasks which include decisions about what data to save.

Saved data:

Core student attributes:

an identifier, such as Student ID (but not NSN per Privacy Act regulations); legal name; preferred name; year level; student type; groups; organisation and room.

Core caregiver attributes:

an identifier, such as the Caregiver ID; name; email; phone number.

Notable ‘not saved’ data includes:

emergency caregiver records
non-core student details
non-core caregiver details

Data Saved in Kindo from the SMS

The standard Kindo “seed” roll.  

This includes students; caregivers (a combination of SMS contact and caregiver data); associations (between students and Kindo caregiver).

This dataset is available to the school-facing Kindo web user interface, but not to the end-user web user interface or apps. It is accessed occasionally by Kindo help desk to resolve problems linking Kindo members to student records.

Additional attributes, not required by the seed roll, may be saved from the SMS data sent to Kindo and made available to Kindo technical staff only , to resolve data issues and for debugging problems. This includes student date of birth (to potentially disambiguate students); siblings; student home phone; EOTC Permissions. This dataset is not available to the user interface. Schools may request a copy of this dataset at any time.

Other information

When a caregiver creates a Kindo account, they agree to a privacy clause within our Terms & Conditions. This creates a a separate (from the seed roll described above), Kindo student record that is populated with permission from the caregiver as part of the Kindo join process and may include additional data as specified in the Terms & Conditions. A link to the Terms and Conditions of account holders can be found at the bottom of the Kindo homepage.

Note: TGCL is PCI-DSS compliant and do not hold credit card details on our servers. Account Holder Terms & Conditions (accepted during account registration by end-users such as school families) provide further specific information and should be read in conjunction with this policy statement.

With respect to Privacy Act compliance, we strongly suggest that the school privacy statements for families include sharing data with 3rd party systems. It is TGCL’s understanding that the SchoolDocs privacy statement is sufficient to describe sharing SMS data with Kindo, in the same way it would describe library services, maths programmes etc, however this is not to be taken as legal advice.

In order to reflect the fact that our business is growing constantly, we reserve the right to change this policy at any time.

Contact

Questions, comments, and requests regarding this policy should be addressed to Sandra Finlay, Privacy Officer, sandra@tgcl.co.nz

Take automation to the next level with Kindo Payables

Easily request payments, view paid and unpaid, report, download and action with Kindo Payables. Designed by schools, for schools, Kindo Payables integrates with all major NZ Student Management Systems to ensure a seamless update of caregiver, student and group data. Automatically apply or remove payment requests, send instant email reminders and view up to date reports, Kindo offers a new approach to student finance that is simple for families, cuts reconciliation and brings in more funds.

PHONE : 0508 4KINDO | 09-869 5200
Auckland, New Zealand

Our Mission

Supporting our tamariki to grow and learn underpins the heart of Kindo and ezlunch – from healthy food to creating time for families and increasing funding for school programmes.