Child safeguarding
Public commitment · draft pending legal review · last updated July 2026
Our commitment
We work with children in need, through the organizations that care for them every day. That makes child protection a precondition, not an appendix: no workshop runs, no mentor speaks to a child, no photo is taken until the protections on this page are in place. Every child’s safety comes before every program goal, every partnership, and every deadline — without exception.
Our policy follows the Keeping Children Safe international standards — policy, people, procedures, and accountability — and complies fully with India’s framework: the Juvenile Justice (Care and Protection of Children) Act 2015, the POCSO Act 2012, and the Digital Personal Data Protection Act 2023.
Who this covers
Everyone acting for CanvasCode, in person or online: staff, trainers, volunteer mentors, board members, contractors, partners, and the co-founders. Nobody is senior enough to be exempt.
Safe people
- Verification before any contact with children, tiered to the role — full verification for in-person roles (police verification, reference checks, and a signed self-declaration, refreshed periodically); identity, references, and safeguarding training for remote roles. This applies to everyone, including the co-founders and the board.
- Safeguarding training first — no adult interacts with a child before completing training on this policy, and every adult signs the code of conduct annually.
- Group sessions only — never one-to-one, in any medium. Every session is a group session on supervised, logged channels, with the child’s guardian present. There is no private adult-to-child interaction, physical or digital, ever.
- No private contact — adults never contact children through personal phones, personal social media, or private messaging, and never request a child’s personal contact details.
Safe programs inside partner organizations
- Nomination, always. A child joins one way only: nominated by the organization that knows them, each child with a named guardian — a coordinator from that organization, or a parent — beside them from nomination to independence. Lawful-guardian consent is documented, and the child’s own assent is sought, before anything begins.
- Online-led, locally anchored. Trainers teach remotely; children gather at their organization’s own space, in groups, with their guardian present.
- Where we work with child care institutions, they must be registered under Section 41 of the JJ Act — we verify registration before partnership, and where required we coordinate with the district Child Welfare Committee, the statutory authority over the care of children in institutions.
- Every program activity is risk-assessed before it runs, and each child’s participation respects their individual circumstances and needs.
Safe digital delivery, and how we will use AI
Our programs are in design; these commitments bind anything digital we build or use:
- No social features. Nothing we put in front of children will have child-to-child messaging, comments, public profiles, or leaderboards. A child sees their own work.
- AI is supervised, always. If AI ever drafts feedback on a child’s work, a trained adult reviews, edits, and approves it before the child sees it. AI never speaks to a child directly and never decides anything about a child.
- Data minimization. The least identity the work strictly needs — no surname where a first name will do, no date of birth beyond an age band, no photograph. Children’s data is never used for tracking, behavioural monitoring, advertising, profiling, or training AI models (DPDP Act, Section 9(3) — and our own stricter bar).
- Supervised tools. Any tool a child uses runs on supervised, filtered access, with digital safety taught alongside the skills.
Photos, stories, and children’s privacy
No identifiable child appears in our public materials — no names, faces, or identifying details. For children in institutional care this is also the law: Section 74 of the JJ Act prohibits publishing anything that could identify a child in a child care institution. We show the work, never the face, and we tell stories that grant children the dignity of their fight — never pity.
Mandatory reporting
If anyone in our organization learns that a child may have been sexually abused, Indian law — the POCSO Act, Sections 19 to 21 — requires reporting it to the police or the Special Juvenile Police Unit. We will always do so, and we will never investigate internally instead of reporting. Failing to report is itself an offence, and we treat the duty as seriously as the law does.
How children can speak up
Children in our programs are told, at induction and in their own language, how to raise a concern: to our safeguarding lead through their guardian or any trusted adult, to their organization’s management, to the Child Welfare Committee — or to ChildLine 1098, India’s 24-hour helpline for children, at any time. No child will ever face consequences for speaking up.
How adults can raise a concern
Write to hello@canvascode.org marked “Safeguarding” — it reaches the safeguarding lead directly. Reports are handled confidentially, whistleblowers are protected, and failing to pass on a concern is treated as a disciplinary matter. A named safeguarding lead and deputy will be published here when the founding team is complete.
Accountability
- This policy is reviewed annually and after every incident or near-miss.
- A board-level safeguarding owner reports on implementation at every board meeting.
- We self-assess against the Keeping Children Safe standards and commit to periodic external review, with findings reported in our annual report.
- Honesty with partners and authorities always takes precedence over reputation management.
The full signed policy document will be published on the transparency page alongside our registrations. Questions? Ask us directly.