Privacy Policy
Last updated: May 31, 2026
Bloomy (“we,” “us,” or “our”) operates the Bloomy website, application, learning platform, AI tutoring features, parent dashboard, billing features, and related services at www.bloomylearning.com and related Bloomy domains (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information from parents or legal guardians (“you”) and from children who use Bloomy under a parent or guardian account.
Bloomy is designed for use by children under parent or guardian supervision. We are committed to complying with the Children’s Online Privacy Protection Act (COPPA) and applicable privacy laws.
Privacy Snapshot
This snapshot summarizes our practices at a high level. The rest of this Privacy Policy provides more detail and controls if there is any conflict.
| Data Category | How We Collect It | Primary Purpose | Key Disclosures |
|---|---|---|---|
| Parent and guardian identifiers | From checkout, account setup, waitlist forms, support messages, and parent dashboard use. | Create accounts, manage subscriptions, provide support, send notices, and protect the Service. | Payment, email, hosting, support, security, professional-advisor, and business-transfer recipients where needed. |
| Checkout and billing information | From Stripe Checkout, customer portal activity, receipts, refunds, and promotion-code use. | Provide trials, subscriptions, billing, taxes, fraud prevention, discounts, and cancellation support. | Payment processor, tax and fraud tools, support, accounting, and legal advisors where needed. |
| Child profile information | From parent setup, authorized school setup, and child use of the Service. | Create child profiles, personalize instruction, manage access, and show progress to authorized adults. | Hosting and database providers, AI providers where needed for tutoring, support and safety tools, and authorized schools in school-managed use. |
| Learning performance data | From diagnostics, lesson activity, written responses, mastery checks, review history, and usage of learning features. | Personalize lessons, track mastery, report progress, improve educational quality, and maintain safety. | Hosting and database providers, AI providers where needed for tutoring, support and safety tools, and authorized schools in school-managed use. |
| AI tutoring and safety data | From BloomyBot messages, lesson context, AI responses, safety signals, and related technical logs. | Generate tutoring responses, support safety review, debug issues, and improve educational quality. | AI service providers, hosting and database providers, and limited support or safety reviewers. We do not permit third-party AI training on identifiable child data sent by Bloomy. |
| Voice or audio data, if enabled | From device microphone permission or text-to-speech use when Bloomy offers voice features. | Transcribe speech, generate tutoring responses, provide accessibility features, and support safety review. | Speech-to-text, text-to-speech, AI, hosting, and safety providers as needed. Voice data is not used for advertising or third-party general model training. |
| Device, log, and cookie data | Automatically when you visit the website or use the Service. | Authenticate users, secure accounts, operate the Service, troubleshoot issues, and measure marketing website performance. | Hosting, security, analytics, and operations providers. We do not use advertising cookies on child-facing learning pages. |
| Communications and support data | From parent, school, or support communications with Bloomy. | Respond to requests, resolve billing or privacy issues, investigate safety reports, and maintain records. | Email, support, hosting, security, legal, and professional-advisor recipients where needed. |
1. Information We Collect
1.1 Information from Parents and Guardians
We collect parent and guardian information when you visit our website, join a waitlist, request information, create an account, start a free trial, purchase a subscription, manage billing, contact support, or use the parent dashboard. This may include:
- Contact information: Name, email address, phone number if you provide it, and communication preferences.
- Account information: Login credentials, account settings, household subscription details, and parent dashboard activity.
- Checkout and billing information: Selected plan, billing cadence, number of child seats, promotion code or discount information, transaction status, billing address where required, and payment-related identifiers from our payment processor. We do not store full credit card numbers.
- Communications: Emails, support messages, feedback, cancellation requests, refund requests, and other messages you send us.
- Marketing website activity: Pages viewed, referral source, cookie consent choices, and analytics information as described in Section 10.
Stripe Checkout collects parent/payment information and the number of child seats purchased. We do not ask for child names, grade levels, child contact information, learning responses, or AI tutoring messages in Stripe Checkout.
1.2 Information from Children
We collect child information only after a parent or guardian has started a trial or subscription, accepted the applicable terms, and created child profiles or otherwise authorized child use. Child information may include:
- Profile information: First name or nickname, grade level, household account association, and learning preferences provided by the parent or through use of the Service.
- Learning performance data: Lesson activity, diagnostic results, question responses, written answers, accuracy rates, mastery scores, skill-level proficiency metrics, completion status, and spaced review history.
- AI interaction logs: Messages between the child and BloomyBot, relevant lesson context, AI responses, safety signals, and related metadata needed to provide and monitor tutoring.
- Voice feature information, if enabled: Voice input, audio snippets, speech transcripts, text-to-speech requests, and related metadata needed to provide speech, accessibility, AI tutoring, or safety features.
- Usage data: Session duration, features used, progress through lessons, navigation within the learning platform, device/browser information, and technical logs.
- Support and safety information: Problem reports, flagged messages, support requests, and information needed to investigate safety, security, or service issues.
We do not intentionally collect physical addresses, phone numbers, photos, videos, precise geolocation, social media identifiers, or government identifiers from children. If Bloomy enables a microphone or voice feature, we collect audio only as needed to provide that feature, and we do not use voice data for advertising or third-party general model training.
1.3 Automatically Collected Information
When anyone visits our website or uses the Service, we may automatically collect:
- Device and browser information: Browser type, operating system, device type, screen size, language, and similar technical information.
- Log information: IP address, pages or screens viewed, referring URL, timestamps, session identifiers, error logs, and security logs.
- Cookies and similar technologies: Essential cookies for authentication, security, session management, and Service operation; analytics cookies on the marketing website only after consent where required.
2. How We Use Information
2.1 Children’s Information
We use child information to:
- Provide personalized ELA instruction and adaptive learning paths.
- Power BloomyBot tutoring, hints, feedback, and lesson support.
- Provide speech, text-to-speech, microphone, or accessibility features if enabled.
- Track mastery, skill retention, progress, and review schedules.
- Show parents progress reports, learning history, and child profile information.
- Maintain safety, detect misuse, investigate reported content, and respond to support issues.
- Debug, secure, maintain, and improve the Service.
- Create aggregated or de-identified data that does not identify a child.
We do not use children’s personal information for behavioral advertising, targeted advertising, or sale to third parties.
2.2 Parent and Guardian Information
We use parent and guardian information to:
- Create and manage parent accounts.
- Process trials, subscriptions, payments, receipts, refunds, taxes, discounts, billing updates, and cancellations.
- Provide parent dashboards, child profile management, and support.
- Send transactional communications, including account notices, trial notices, billing notices, receipts, cancellation confirmations, security alerts, and legal notices.
- Respond to support, privacy, cancellation, refund, and data deletion requests.
- Send product updates or educational content when permitted; you may opt out of non-transactional emails.
- Protect against fraud, abuse, security incidents, and unauthorized access.
3. How We Share Information
We share personal information only as needed to provide, secure, support, and improve the Service; comply with law; or protect users. We do not sell personal information.
| Recipient | Purpose | Data Shared |
|---|---|---|
| Payment processor | Checkout, trials, subscriptions, billing, taxes, receipts, refunds, promotion codes, fraud prevention, and customer billing portal. | Parent/payment information, selected plan, child seat count, billing address where required, transaction metadata. No child profile names, grades, learning responses, or AI chat logs are intentionally sent to the payment processor. |
| Hosting, database, and infrastructure providers | Host, store, secure, and operate the Service. | Parent, child, account, learning, usage, and technical data as needed to run the Service. |
| AI service providers | Generate BloomyBot tutoring responses, evaluate safety, and support AI features. | Child chat messages, lesson context, selected response context, and technical metadata needed to provide AI tutoring. We do not permit AI providers to use identifiable child data sent by Bloomy to train their general-purpose models. |
| Speech-to-text and text-to-speech providers | Provide voice, microphone, narration, speech transcription, and accessibility features if enabled. | Voice input, audio snippets, speech transcripts, lesson text, and technical metadata as needed for the feature. Some text-to-speech features may use only pre-generated lesson text and no child personal information. |
| Email and communication providers | Send transactional emails, support replies, trial notices, billing notices, receipts, safety notices, and product communications. | Parent contact information and message content; child-related safety or support details only when needed for the communication. |
| Analytics providers | Understand marketing website usage and improve the website. | Website usage data, cookie consent status, device/browser data, and anonymized or truncated IP information where configured. We do not use analytics cookies on child-facing learning pages. |
| Support, security, and operations tools | Investigate bugs, security issues, support requests, safety concerns, and service quality. | Account, technical, support, and limited child data needed to resolve the issue. |
| Professional advisors and business transaction recipients | Receive legal, accounting, security, insurance, financing, merger, acquisition, or similar professional support. | Information reasonably necessary for the relevant professional purpose or transaction, subject to confidentiality or legal obligations where appropriate. |
We may also disclose information if required by law, subpoena, court order, governmental request, or if we believe disclosure is necessary to protect the safety, rights, or security of a child, parent, Bloomy, or the public.
4. AI & Children’s Data
4.1 How AI Processes Child Data
BloomyBot uses AI to provide educational guidance based on a child’s lesson context, responses, chat messages, and, if voice features are enabled, speech transcripts. When a child interacts with BloomyBot, the child’s message and relevant educational context may be sent to our AI service provider to generate a response and support safety review.
4.2 AI Training and Product Improvement
We do not permit third-party AI providers to use identifiable child personal information sent by Bloomy to train their general-purpose models. Bloomy does not sell child AI interaction data. Bloomy may use aggregated, de-identified, or otherwise non-identifying data derived from learning activity to improve our curriculum, educational quality, safety systems, and AI tutoring experience.
4.3 AI Safety
BloomyBot is designed for educational support and includes safeguards intended to reduce inappropriate, harmful, off-topic, or answer-giving behavior. We may log, automatically review, and manually review AI interactions to investigate safety concerns, reported content, abuse, or technical issues. If you encounter concerning AI-generated content, contact hello@bloomylearning.com.
4.4 Voice Features
If Bloomy enables microphone or voice input features, your device or browser will typically ask for permission before audio is captured. We use voice data only to provide the requested speech, tutoring, accessibility, transcription, and safety features. We may retain transcripts like other AI tutoring logs, but we do not use voice data for advertising or permit third-party providers to use identifiable child voice data sent by Bloomy to train their general-purpose models.
5. Data Retention
We retain personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law:
- Active account and child profile data: Retained while the account or subscription is active so we can provide the Service.
- After cancellation or termination: Child personal information is deleted within 30 days of account termination unless you request earlier deletion or retention is required for security, legal, billing, or compliance reasons.
- Parent account information: Retained for up to 12 months after cancellation to support billing records, account recovery, dispute resolution, and resubscription, unless deletion is requested earlier and no legal or operational retention need applies.
- Billing and transaction records: Retained as required for tax, accounting, fraud prevention, chargeback, and financial compliance.
- Security logs: Retained for a limited period appropriate to detect abuse, investigate incidents, and maintain security.
- De-identified or aggregated data: May be retained indefinitely because it no longer identifies an individual child or parent.
6. Data Security
We use administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit, access controls, authentication controls, logging, least-privilege access practices, vendor review, and security monitoring. No online service can be guaranteed completely secure. If we learn of a security incident affecting personal information, we will notify affected users and authorities as required by law.
6.1 International Processing
Bloomy is based in the United States and primarily uses United States-based infrastructure and service providers. If information is processed outside your state, province, or country, we take steps designed to protect it as described in this Privacy Policy and applicable service-provider agreements.
7. COPPA Compliance & Direct Parent Notice
Bloomy is intended for children to use only with parent or guardian consent and supervision. We collect personal information from children under 13 only after providing notice to a parent or guardian and obtaining parental consent.
7.1 How Consent Works
The parent purchase and setup flow is designed so that Bloomy’s family plan builder may collect non-name setup details such as learner age, grade level, goals, routine preference, and diagnostic-data availability before checkout. Bloomy account setup collects parent name, email, and password or OAuth account information before Stripe Checkout. Stripe Checkout collects payment information and child seat count. Child names, score files, learning responses, and account-linked child profile information are collected after the parent or guardian accepts the Terms of Service and Privacy Policy, starts a trial or subscription, and creates child profiles. By completing that process, you provide verifiable parental consent for Bloomy to collect, use, and disclose your child’s personal information as described in this Privacy Policy.
7.2 What Child Data Is Collected and Why
Child data collected by Bloomy includes profile information, learning responses, mastery data, progress data, AI tutoring chat logs, voice transcripts if a voice feature is enabled, usage data, and safety/support information. We collect this information to provide personalized instruction, track progress, operate BloomyBot, maintain safety, support parents, and improve the Service.
7.3 Parent Rights
As a parent or guardian, you may:
- Review the personal information we have collected from your child.
- Correct inaccurate child profile information.
- Request deletion of your child’s personal information.
- Refuse or withdraw consent for further collection, use, or disclosure of your child’s personal information.
- Ask questions about our children’s privacy practices.
To exercise these rights, use the available account tools or contact hello@bloomylearning.com. We may verify your identity and relationship to the child before processing a request. If you withdraw consent or request deletion of information needed to provide the Service, we may need to terminate the affected child profile or account.
We aim to respond to verified privacy and parental-rights requests within 30 days or within the period required by applicable law. Where applicable law allows an authorized agent to submit a request for you, we may require proof of authorization and may ask you to verify the request directly. If we deny or limit a privacy request, we will explain the reason where required and tell you how to appeal or ask for reconsideration. We will not discriminate against you for exercising privacy rights.
7.4 Disclosure Choices
You may consent to Bloomy’s collection and use of your child’s personal information without consenting to disclosure to third parties where disclosure is not integral to the Service. Certain vendors, such as hosting, database, security, payment, support, and AI service providers, are necessary to provide the Service. If you do not want child information processed by vendors that are integral to Bloomy, you should not create a child profile or should request deletion of the affected profile.
8. School & District Use
8.1 School-Managed Use
Bloomy may also be used by schools, districts, teachers, or educational organizations (“Schools”). In a school-managed context, the School may authorize student access, manage rosters, and provide consent where legally permitted.
8.2 School Consent Under COPPA
Where permitted by COPPA and applicable law, a School may consent on behalf of parents for Bloomy to collect, use, and disclose student personal information solely for educational purposes authorized by the School. Bloomy does not use school-managed student data for behavioral advertising or unrelated commercial purposes.
8.3 Teacher and Administrator Visibility
For school-managed accounts, authorized teachers or administrators may be able to view student progress, skill mastery, lesson completion, diagnostic results, BloomyBot chat logs, safety alerts, and other educational data for students within their authorized classes or schools. Where enabled, teachers or administrators may export class-level or school-level progress data for reporting and instructional planning. Teachers and administrators should not be able to access student data outside their authorized class, school, or account scope.
8.4 FERPA
When Bloomy is used by a School, student data may constitute education records under the Family Educational Rights and Privacy Act (FERPA). In that context, Bloomy acts as a school official or service provider as authorized by the School and uses education records only to provide and improve the educational Service as permitted by the School agreement and applicable law. Schools may request a Data Processing Agreement by contacting hello@bloomylearning.com.
8.5 School Data Retention and Parent Rights
When a School’s relationship with Bloomy ends, or upon authorized request from the School, we delete school-managed student personal information within 30 days unless a longer retention period is required by law, security, or compliance needs. Parents with questions about school-managed data may contact the School or Bloomy at hello@bloomylearning.com.
9. California Privacy Rights
If you are a California resident, you may have rights under California privacy laws, including the right to know what personal information we collect, use, disclose, sell, or share; the right to request deletion; the right to correct inaccurate personal information; the right to limit certain uses of sensitive personal information where applicable; the right to opt out of sale or sharing where applicable; and the right not to be discriminated against for exercising privacy rights.
Bloomy does not sell personal information and does not share personal information for cross-context behavioral advertising. To submit a California privacy request, contact hello@bloomylearning.com with the subject line “California Privacy Request.”
10. Cookies & Tracking
We use the following types of cookies and similar technologies:
- Essential technologies: Required for authentication, session management, security, account functionality, billing flow continuity, and Service operation. These cannot be disabled through Bloomy’s cookie banner.
- Analytics technologies: Used on the marketing website to understand aggregate website usage and improve the website. We use analytics only after consent where required, and you can update that choice through the cookie preferences link in the website footer. We do not use analytics cookies on child-facing learning pages.
We do not use advertising cookies, retargeting pixels, or social media tracking pixels on child-facing learning pages.
11. Promotional Emails
We may send parents product updates, educational content, launch announcements, and promotional emails where permitted. You can unsubscribe from non-transactional emails at any time. We will still send transactional emails such as receipts, account notices, trial notices, billing notices, cancellation confirmations, security alerts, legal notices, and child safety or support communications.
12. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of third-party websites or services that are not controlled by Bloomy. Please review their privacy policies before providing information to them.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes to how we handle children’s personal information, we will notify parents by email, through the Service, or by another reasonable method and obtain new parental consent where required by law. The “Last updated” date above reflects the most recent revision.
14. Contact Us
If you have questions about this Privacy Policy, want to exercise privacy or parental rights, want to request deletion, or have concerns about child data, contact us at:
Bloomy
Email: hello@bloomylearning.com
Website: www.bloomylearning.com
If you believe we have collected personal information from a child without proper parent or guardian consent, please contact us immediately and we will investigate and delete the information where required.