What is The Milestone Kid?

The Milestone Kid is an autism parenting app that tracks your child's daily patterns, IEP goals, and milestones, then generates weekly activity plans aligned to your child's actual therapy goals.

Do I need an IEP to use this app?

No. The Milestone Kid works for any autistic child. The IEP analyzer is available on Growth and Premium plans and enhances activity suggestions, but daily logging, milestones, and activity plans work without an IEP.

Is my child's data private?

Yes. Your child's data is encrypted, never shared, never sold, and never used to train AI models. You own it completely and can export or delete it at any time.

How is this different from a regular behavior tracker?

Most behavior trackers just collect data. The Milestone Kid connects that data to your child's IEP goals and generates specific weekly activity suggestions — so the tracking leads directly to action.

How much does The Milestone Kid cost?

Plans start at $9/month with a free 14-day trial. No credit card required to start. Starter ($9/mo) covers 1 child and core tracking. Growth ($19/mo) adds IEP tools for up to 3 children. Premium ($29/mo) adds AI coaching and care-team reports for up to 5 children.

← Back to The Milestone Kid

Privacy Policy

Last updated: May 2026 · The Milestone Kid

The Milestone Kid ("we," "us," or "our") is a parent-facing service designed to help families track daily patterns, milestones, and school-related planning for children, including children with autism and other developmental needs. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices you have. By using the service, you agree to this policy.

Plain-English summary: we hold sensitive information about your child. We never sell it. We never use it for advertising. We share it only with infrastructure providers we need to run the product (database, hosting, email, payments, AI inference) and only with people you explicitly invite (therapists or co-parents who open share links you create). You can delete your account and your child's data at any time.

Who this service is for

The product is designed for parents and adult caregivers aged 18 or older. You must have legal authority to make decisions for the child whose information you enter. The Milestone Kid is not directed at children as an audience for their own accounts and we do not knowingly create accounts for children under 13.

Privacy of children's data (COPPA)

Although accounts on The Milestone Kid are held by adults, the data those adults enter often relates to children under 13. We treat that data with extra care:

Parental consent. By creating a child profile, you confirm you are the child's parent or legal guardian (or have the parent's authority to do so) and you consent to the collection and use of that child's information as described in this policy.
No behavioral advertising. We do not show ads in the product, do not allow advertisers to track or profile your child, and do not share children's data with ad networks or data brokers.
Data minimization. We collect only the categories of information needed to operate the features you use. We do not ask for a child's full date of birth, address, school name, or other identifiers beyond what you choose to enter (typically a first name and age).
Parental access and deletion rights. You can review every piece of information we hold about your child by exporting your account data (Settings → Export). You can request deletion at any time from Settings; the account moves to a short recovery window, then we permanently delete the child's data and all derived records (logs, milestones, IEP analyses, care-team notes, share links).
No child-directed marketing. Children do not receive emails, push notifications, or other communications from us.
Contact for COPPA inquiries. Email privacy@themilestonekid.com with COPPA-specific requests; we respond within 10 business days.

Information we collect

Account data. Such as your name, email address, and authentication details processed through our auth provider (for example sign-in, password reset, and optional sign-in methods you enable).
Profile and family data you enter. Including child profiles (for example name, age, support areas), daily logs, milestones, activities, notification preferences, and similar content you choose to save.
IEP-related features. If you use IEP tools, we do not store your uploaded files (for example PDF or Word documents). Text may be processed temporarily to generate a structured, plain-language analysis. We store only the analysis output (for example summary and goal-style fields), which is designed to be redacted and generic where possible. You can delete saved analyses from the IEP section of the product.
AI coach and insights. When you use features that rely on artificial intelligence, your prompts and relevant context you submit are sent to our AI provider to generate a response. We do not use that content to train third-party models unless a provider's terms say otherwise—review your AI provider's policy for details.
Billing. If you subscribe or pay through our checkout flow, our payment processor receives and processes payment information according to its own terms. We do not store full payment card numbers on our servers.
Technical and security data. Such as device/browser type, approximate location derived from IP, logs needed to operate and secure the service, and similar metadata from hosting and infrastructure providers.

How we use information

We use personal information to:

Provide, maintain, and improve The Milestone Kid (syncing your data, showing dashboards, sending account emails).
Authenticate you, prevent fraud and abuse, and protect the security of the service.
Process subscriptions, trials, and support requests you initiate.
Comply with law, enforce our terms, and defend our rights where permitted.

We do not sell your personal information. We do not use your health information to sell advertising.

How we share information

We share information with service providers who help us run the product, for example:

Database and authentication (for example Supabase)—to store application data and manage sign-in.
Hosting and application delivery (for example Vercel)—to serve the website and API.
Email delivery (for example transactional email providers)—for account, security, and product messages you expect to receive.
Payments (for example Stripe)—to process subscriptions and invoices where enabled.
AI inference (for example OpenRouter or similar)—to power coaching, IEP summaries, and related features that you trigger.

These providers process data under contractual terms and only as needed to perform services for us. We may also disclose information if required by law, legal process, or to protect users and the public.

People you choose to share with

You can also voluntarily share your child's data with people in your care team. Two flows can do this:

Share links. If you generate a read-only snapshot link from the Reports page, anyone who has that URL can view a sanitized 30-day summary (mood/energy averages, captured wins, milestones in flight, IEP goals on file). Treat the URL like a password — anyone you forward it to can see the snapshot until you revoke it. Default expiry is 30 days; you can revoke a link at any time from Reports.
Care-team notes. A signed-in viewer of one of your share links (typically a therapist who created an account after clicking the link) can leave you a note. We email you a preview when this happens. Both you and the note's author can view and reply to the resulting thread. We never share your data with anyone you have not personally invited via a share link.

Data retention and deletion

We keep your information for as long as your account is active and as needed to provide the service. Specific retention practices:

Daily logs, milestones, activities, IEP analyses, care-team notes: retained as long as your account is active and deleted (or scheduled for deletion) when you delete your account.
Account deletion: when you delete your account from Settings, we mark it for deletion and remove it after a short recovery window (typically 7 days), after which the child's profile and all associated data (logs, milestones, activities, IEP analyses, share links, care-team notes, push subscriptions) are permanently deleted.
Share links: default 30-day expiry, max 90 days. Revoked or expired links are kept as inactive audit records but cannot be used to access data.
Backups and infrastructure logs: our database provider (Supabase) keeps point-in-time recovery backups for up to 30 days. Application logs at hosting and email providers may persist 30–90 days depending on the provider's retention policy.

Security

We use industry-standard measures appropriate to the nature of the service, including:

HTTPS/TLS for all traffic between your browser and our servers.
Database row-level security so your data is only readable by your authenticated account (or care-team members you explicitly invite via a share link).
Passwords stored as salted hashes, never in plaintext.
Payment information handled directly by Stripe; we never see or store card numbers on our servers.
Server-side rate limiting and bot protection on auth and AI endpoints.
Audit logs of administrative actions and security-sensitive events.

No method of storage or transmission is completely secure. Use a strong, unique password and protect your sign-in credentials. Notify us immediately if you believe your account has been accessed without your permission.

Security incident notification

If we discover a security incident that materially affects the confidentiality, integrity, or availability of your personal information, we will notify affected users by email without undue delay (and in any case within 72 hours of discovery where required by applicable law), with a description of what happened, what data was affected, and what steps we and you can take in response.

International users

Our infrastructure providers may process data in the United States or other countries. If you use the service from outside the United States, you consent to that transfer and processing where permitted by law.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. To exercise rights connected to your account, use in-product controls (such as Settings and IEP deletion) or contact us. We may need to verify your identity before fulfilling a request.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the "Last updated" date. For material changes, we may also notify you by email or in-product notice where appropriate.

Contact

For privacy questions or requests, contact us through the form on this site, or email info@themilestonekid.com.

This policy is provided for transparency. It is not legal advice. For requirements specific to your situation (including HIPAA, FERPA, state privacy laws, or school-district obligations), consult qualified counsel.