Privacy & Data Protection
Children’s data is sacred. We build security into every layer.
BloomBridge handles sensitive information about children’s behavioral and emotional wellbeing. We take this responsibility with the utmost seriousness. Here’s exactly what we collect, how we protect it, and the rights you have.
Our Principles
Our privacy principles.
Privacy by Design
Security is built into our architecture from day one, not bolted on later.
Data Minimization
We collect only what’s necessary to provide intervention support. Nothing more.
Role-Based Access
Teachers see their students. Management sees aggregated data. No unauthorized access.
Anonymized Reporting
Dashboards and reports use anonymized identifiers, not student names in shared views.
Transparency
You always know what data we have and how we use it.
Data Collection
What data we collect.
Data we do collect
- Teacher observations (plain-language text input)
- Student age group and focus area (categorized data)
- Intervention plans and progress notes
- Parent communication records (template usage)
- School information (name, type, size)
- Teacher and administrator account info (name, email, role)
Data we don’t collect
- Student real names in shared/aggregated views (anonymized)
- Medical or clinical diagnosis data
- Biometric information
- Precise geographic location
- Personal data of students beyond what’s needed for intervention
- Data sold to third parties (we never sell data)
Security Measures
How we protect your data.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Controls
Role-based access with multi-factor authentication for administrators.
Audit Logs
All data access is logged and auditable.
Data Retention
Data retained only as long as needed for the student’s intervention plan. Deletion on request.
Regular Security Reviews
Periodic security assessments and penetration testing.
Incident Response
Documented incident response plan for data breaches.
Compliance
Regulatory compliance.
DPDP Act (India)
Aligned with the Digital Personal Data Protection Act, 2023. Data fiduciary responsibilities, consent management, data principal rights.
COPPA-Aware Design
While BloomBridge is used by schools (not directly by children), we follow COPPA principles for child data protection in our architecture.
NEP 2020 Alignment
Privacy practices align with National Education Policy 2020’s emphasis on data protection in educational technology.
Your Rights
Your data rights.
To exercise any of these rights, email us at hello@bloombridge.app. We respond within 30 days.
Parental Consent
Parental consent and school responsibility.
BloomBridge is used by teachers and school management — not directly by students. Schools are responsible for informing parents about the use of behavioral intervention tools and obtaining appropriate consent. We provide template consent letters schools can use.
Download Parent Consent Letter TemplateData Retention
How long we keep data.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Active intervention plans | Duration of plan + 6 months | Secure deletion |
| Completed plans | 1 year for reference | Anonymized then deleted |
| Teacher account data | Duration of employment + 3 months | Secure deletion |
| School aggregated data | 2 years for trend analysis | Anonymized |
| Audit logs | 3 years | Automated deletion |
Contact Us
Questions about privacy?
We’re committed to transparency. If you have any questions about how BloomBridge handles data, please contact us.