Privacy Policy
Last updated: 16 June 2026
1. Introduction
Bloomie Inc. (“we”, “us”, or “our”) is committed to protecting the privacy of everyone who uses Bloomie (“the Service”), and in particular the privacy of the children whose learning the Service supports. This Privacy Policy explains what information we collect, how we use it, and the rights available to you under data-protection law.
This policy applies to all users of the Service, including teachers, school staff, and the parents or legal guardians of children whose profiles are added to the Service.
2. Who We Are
Bloomie Inc. is the data controller responsible for the personal data processed through the Service. Our contact details are set out in the “Contact Us” section at the end of this policy.
Although Bloomie Inc. is established in the United States, we offer the Service to users in the United Kingdom and handle UK users’ data in line with UK data-protection law (see Section 3). You can reach us about any data-protection matter using the contact details in Section 14.
3. The Law That Applies
Because the Service is offered to schools and children located in the United Kingdom, our processing of personal data is governed by the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, regardless of where Bloomie Inc. is established.
As a service used by and designed for children, we also have regard to the Information Commissioner’s Office (ICO) Age Appropriate Design Code (the “Children’s Code”), and we aim to act in the best interests of the child throughout the design and operation of the Service.
4. Data We Collect
We deliberately collect as little personal data as possible. We do not collect a child’s voice, video, photographs, or free-text written by the child at any point. A child’s interaction with the Service happens entirely through gameplay.
Information teachers provide about themselves
- First name and last name.
- Email address (used to sign in via a one-time passcode).
Information provided about a parent or guardian
When a teacher invites a parent or guardian to add a child, the only information collected about that parent or guardian is:
- Email address.
Information provided about a child
A child’s profile is created with the involvement of their parent or guardian (see Section 7). The information held about a child is limited to:
- First name and last name.
- Age (we collect age only, not a full date of birth).
- Class or year group.
- Gender — used only so that reports can refer to the child with the correct pronouns.
Information from gameplay
- Behavioural signals derived from how a child approaches the in-game activities (for example, how they pace themselves, what they do when stuck, and how they respond after a mistake). These signals are used to produce the educational insights that are the purpose of the Service.
Information we collect automatically
- Usage data — information about how the Service is used, such as features accessed and session times.
- Technical information — limited technical details such as device type, operating system, and browser version, used to keep the Service working and secure.
As Bloomie grows, we may add features that involve additional information (for example, school or class management details). Where we do, we will update this policy to describe the new information and why we collect it before collection begins. We will not begin collecting a child’s voice, video, or images without first updating this policy and putting the appropriate safeguards and consents in place.
5. How We Use Your Data
We use the data we collect for the following purposes:
- To provide the Service — to create and manage accounts, run the gameplay activities, and generate behavioural insight reports for teachers, school staff, and parents or guardians.
- To keep the Service secure and working — to authenticate sign-in, prevent misuse, and diagnose technical problems.
- To improve the Service — to understand how the Service is used and to develop new features. Where we analyse data for this purpose, we use it in a form that does not single out an individual child wherever possible.
- To communicate with you — to send service-related messages, such as sign-in passcodes and report notifications, by email.
- To meet legal obligations — to comply with applicable law and respond to lawful requests.
We do not use children’s personal data to train general-purpose AI models, and we do not use account sign-up details such as names and email addresses to train AI models. If this ever changes, we will update this policy beforehand and explain clearly what would change and why.
6. Our Lawful Bases for Processing
Under the UK GDPR we must have a lawful basis for each use of personal data. The bases we rely on are:
- Consent — a parent or guardian consents to the creation of their child’s profile and the processing of their child’s data for the purpose of producing educational insights (see Section 7).
- Legitimate interests — for limited purposes such as keeping the Service secure and improving it, balanced against the rights and interests of users and, above all, children.
- Legal obligation — where we are required by law to process or retain certain information.
7. Children’s Privacy
Protecting children is central to how the Service is designed. The following safeguards apply:
- Children do not create their own accounts and cannot sign in by themselves.
- A child’s profile is added through a teacher’s invitation to the child’s parent or guardian, and the information about the child is provided with the parent’s or guardian’s involvement and consent.
- We collect only the minimal child information listed in Section 4, and never a child’s voice, video, images, or free-text.
- Reports about a child are written to describe how the child approaches challenges, not to score, rank, or label the child, and are shared only with the adults responsible for that child.
- We do not use children’s data for marketing, and we do not sell children’s data.
8. Sharing of Data
We do not sell personal data. We share data only in the following circumstances:
- With the adults responsible for a child — a child’s reports and related insights are available to their teacher and school, and to their parent or guardian.
- With service providers — we use a small number of trusted third parties to operate the Service (for example, cloud hosting and email delivery). They may process personal data only on our instructions and are contractually required to protect it.
- For legal reasons — where required to comply with the law or to respond to a valid legal request.
- In a business transfer — if Bloomie is involved in a merger, acquisition, or sale of assets, data may be transferred as part of that transaction, subject to the protections in this policy.
9. International Data Transfers
Bloomie Inc. is established in the United States, and personal data collected through the Service may be transferred to, stored, or processed in the United States or other countries outside the UK. Where we transfer personal data outside the UK, we take steps to ensure it is protected to a standard consistent with UK data-protection law, using the safeguards that law requires.
10. Data Security
We use appropriate technical and organisational measures — including encryption in transit, access controls, and secure hosting — to protect personal data against unauthorised access, loss, or misuse. No system can be guaranteed completely secure, but we work to protect data in a way that is proportionate to its sensitivity, taking particular care with children’s data.
11. Data Retention
We keep personal data only for as long as necessary for the purposes set out in this policy, to provide the Service and maintain accounts, or as required by law. When data is no longer needed, we delete it or anonymise it. A parent, guardian, or school may request deletion of a child’s data as described in Section 12.
12. Your Rights
Under the UK GDPR, you have rights over personal data, including the right to:
- Access the personal data we hold.
- Ask us to correct inaccurate or incomplete data.
- Ask us to delete data, where there is no overriding reason to keep it.
- Restrict or object to certain processing.
- Withdraw consent at any time, where we rely on consent.
Parents and guardians may exercise these rights on behalf of their child. To make a request, contact us using the details below. You also have the right to complain to the ICO (the UK’s data-protection regulator) at ico.org.uk, though we hope you will contact us first so we can help.
13. Changes to This Policy
We may update this policy from time to time, for example as the Service develops. If we make significant changes, we will notify users through the Service or by email and update the “Last updated” date above. We encourage you to review this policy periodically.
14. Contact Us
If you have questions about this policy or wish to exercise your rights, please contact us:
Email: hello@bloomlearn.com
Address: 131 Continental Dr, Suite 305, Newark, Delaware 19713, United States
We review and update this policy as Bloomie grows.
