Privacy Policy

We collect the minimum information needed to deliver the service:

• Account information: full name, email address, and (optional) phone number.
• Payment information: handled by a PCI-DSS Level 1 payment processor. Bloom Academy never sees or stores your card details — we receive only a charge confirmation and a tokenised payment ID.
• Booking history: the slots you book, when, and whether you attended.
• Session recordings: video recordings of your tutoring sessions are retained for 30 days for your personal review.
• Communications: emails you send to support, hello, or press addresses.

To deliver sessions, process payments, send reminders, prevent abuse, and improve the service. We do not sell personal information and we do not use student data to train third-party AI models.

The service depends on a small set of vendors, each handling a defined slice of data:

• A managed Postgres database stores account, booking, and payment-record data, hosted in the United States.
• A PCI-DSS Level 1 payment processor handles payments and card data.
• A transactional email service delivers confirmations and reminders.
• A cloud hosting platform serves the website and the application.

We periodically review our vendors and only entrust them with the minimum data each needs to do its job. The current vendor list is available on request — email privacy@bloomschool.academy.

We use first-party cookies necessary for authentication and session state. We do not use advertising cookies or third-party behavioural tracking. A theme-preference cookie remembers your light/dark mode choice.

• Account data: retained while your account is open. Deleted on request.
• Session recordings: 30 days, then automatically deleted.
• Payment records: retained as required by tax and accounting law (typically 7 years).
• Support emails: 24 months from the last reply.

You can request a copy of your data, correct it, or delete your account at any time by emailing privacy@bloomschool.academy. If you are a California, EU, or UK resident, additional rights may apply under your local data-protection law.

Bloom Academy is intended for users age 13 or older. See our COPPA Notice for how we handle data for users under 13 (with verifiable parental consent).

Data in transit is encrypted with TLS. Database access is restricted by row-level security policies and audited regularly. Account passwords are hashed; Bloom Academy staff cannot read them.

Material changes are communicated by email to registered users at least 14 days before they take effect.

Privacy questions? Email privacy@bloomschool.academy.