Privacy & Data Protection

Privacy & Data Protection — BloomBridge

Privacy & Data Protection

Children’s data is sacred. We build security into every layer.

BloomBridge handles sensitive information about children’s behavioral and emotional wellbeing. We take this responsibility with the utmost seriousness. Here’s exactly what we collect, how we protect it, and the rights you have.

Our Principles

Our privacy principles.

Privacy by Design

Security is built into our architecture from day one, not bolted on later.

Data Minimization

We collect only what’s necessary to provide intervention support. Nothing more.

Role-Based Access

Teachers see their students. Management sees aggregated data. No unauthorized access.

Anonymized Reporting

Dashboards and reports use anonymized identifiers, not student names in shared views.

Transparency

You always know what data we have and how we use it.

Data Collection

What data we collect.

Data we do collect

  • Teacher observations (plain-language text input)
  • Student age group and focus area (categorized data)
  • Intervention plans and progress notes
  • Parent communication records (template usage)
  • School information (name, type, size)
  • Teacher and administrator account info (name, email, role)

Data we don’t collect

  • Student real names in shared/aggregated views (anonymized)
  • Medical or clinical diagnosis data
  • Biometric information
  • Precise geographic location
  • Personal data of students beyond what’s needed for intervention
  • Data sold to third parties (we never sell data)

Security Measures

How we protect your data.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Controls

Role-based access with multi-factor authentication for administrators.

Audit Logs

All data access is logged and auditable.

Data Retention

Data retained only as long as needed for the student’s intervention plan. Deletion on request.

Regular Security Reviews

Periodic security assessments and penetration testing.

Incident Response

Documented incident response plan for data breaches.

Compliance

Regulatory compliance.

DPDP Act (India)

Aligned with the Digital Personal Data Protection Act, 2023. Data fiduciary responsibilities, consent management, data principal rights.

COPPA-Aware Design

While BloomBridge is used by schools (not directly by children), we follow COPPA principles for child data protection in our architecture.

NEP 2020 Alignment

Privacy practices align with National Education Policy 2020’s emphasis on data protection in educational technology.

Your Rights

Your data rights.

Right to access your data
Right to request correction
Right to request deletion
Right to data portability
Right to withdraw consent
Right to object to processing
Right to restrict processing
Right to lodge a complaint

To exercise any of these rights, email us at hello@bloombridge.app. We respond within 30 days.

Parental Consent

Parental consent and school responsibility.

BloomBridge is used by teachers and school management — not directly by students. Schools are responsible for informing parents about the use of behavioral intervention tools and obtaining appropriate consent. We provide template consent letters schools can use.

Download Parent Consent Letter Template

Data Retention

How long we keep data.

Data Type Retention Period Deletion Method
Active intervention plans Duration of plan + 6 months Secure deletion
Completed plans 1 year for reference Anonymized then deleted
Teacher account data Duration of employment + 3 months Secure deletion
School aggregated data 2 years for trend analysis Anonymized
Audit logs 3 years Automated deletion

Contact Us

Questions about privacy?

We’re committed to transparency. If you have any questions about how BloomBridge handles data, please contact us.

Last updated: July 2, 2026