bloom-ed — LMS Privacy Policy

1. Introduction

Welcome to bloom-ed ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when schools, teachers, students, and administrators use our Learning Management System (LMS) and associated educational services.

By using our LMS, you acknowledge that you have read and agree to this Privacy Policy. If you are a parent or guardian and do not agree, please contact your school administrator before allowing your child to use the LMS.

2. Audience

This policy applies to schools, teachers, students, and school administrators who use the bloom-ed LMS.

3. Information We Collect

3.1 Student Information

With consent from the school or an authorized school administrator, we may collect the following student information:

• First name and last initial, and email address (or student identifier)
• Class/grade and enrollment information
• Learning activity data (quiz scores, assignment submissions, completion status)
• Usage data (time spent on activities, activity interactions — note: activities can include many types such as quizzes, games, worksheets, and interactive lessons)

3.2 Teacher and School Accounts

• Name and contact email
• School or institution name and class assignments
• Professional role and permissions within the LMS
• Account login credentials (securely stored and hashed)

3.3 Automatically Collected Information

• IP address and device information
• Browser type and version
• Usage patterns, interaction logs, and technical diagnostics
• Error reports and performance metrics

We do not collect payment card information as part of the core LMS unless you explicitly opt into a paid feature — in which case separate payment terms will apply and we will disclose the data collected at that time.

4. How We Use Information

We use collected information for the following purposes:

• Educational Delivery: To deliver lessons, activities, and manage classrooms.
• Progress Tracking: To track student learning, produce reports for teachers and administrators, and provide feedback.
• Account Management: To create and manage teacher and school accounts, roles, and permissions.
• Support & Communication: To respond to support requests and send administrative messages to teachers and schools.
• Platform Improvement: To analyze anonymized usage patterns to improve content and system performance.
• Security & Compliance: To protect the platform from misuse and to comply with legal obligations.

Important: Student information is not used for targeted advertising or marketing purposes.

5. Consent and Parental Controls

bloom-ed is primarily deployed through schools. Schools or authorized school administrators provide the necessary consent for student accounts and data collection. Parents or legal guardians who have questions or who wish to review or opt out of data collection should contact their school administrator.

If you are a parent and believe we have collected your child's personal information without proper authorization, please contact us at hello@bloomed.com so we can promptly investigate.

6. Information Sharing and Disclosure

We do not sell or rent student information. We may share information in the following limited circumstances:

• With Schools: Authorized school personnel (teachers, administrators) can access student progress and class data to support teaching and reporting.
• Service Providers: Trusted third-party providers who perform services on our behalf (hosting, analytics, email delivery) under strict contractual confidentiality and security obligations.
• Legal Requirements: When required by law or to respond to lawful requests from public authorities.
• Business Transfers: In connection with a merger, sale, or reorganization, with appropriate protections for personal data.

7. Data Security

We implement reasonable technical and organizational measures to protect data, including:

• Encryption of data in transit and at rest where practicable
• Secure authentication and role-based access controls
• Regular security reviews and vulnerability management
• Staff training on data protection and privacy best practices
• Incident response procedures and notification processes

While we strive to protect personal data, no system can be guaranteed 100% secure. If a data incident affecting personal data occurs, we will follow our incident response process and notify impacted parties as required by applicable law.

8. Data Retention

We retain personal information only as long as necessary to provide the LMS services and for legitimate operational or legal purposes. Typical retention practices include:

• Student Data: Retained during active enrollment and generally for one year after completion or withdrawal unless the school requests otherwise.
• Teacher & School Accounts: Retained for the duration of the service agreement and as required for operational needs.
• Technical Logs: Typically retained for 90 days for security and troubleshooting purposes.

Schools may request exports or deletions of their students' data; we will comply with such requests in accordance with applicable laws and our operational procedures.

9. Your Rights and Choices

Depending on applicable law and the administrative relationship with your school, teachers, parents, or administrators may have rights to:

• Access: Request access to personal data we hold about a student or account.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of personal information (subject to school policies and legal retention requirements).
• Data Portability: Request a copy of data in a commonly used, machine-readable format.
• Consent Withdrawal: Schools or parents may withdraw consent through their school administrator (which may limit access to certain features).

To exercise these rights or to submit requests, please contact us at hello@bloomed.com or coordinate with your school administrator.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to support authentication, remember preferences, and collect anonymized analytics to improve the LMS. You can control cookie settings through your browser; disabling certain cookies may affect functionality.

11. Third-Party Services & Hosting

Our LMS is hosted in India. We may use trusted third-party service providers (for hosting, email, analytics, or backups) who are contractually required to safeguard data. If personal data is transferred outside India, we will ensure appropriate safeguards are in place.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. If we make material changes, we will notify schools and administrators.

13. Contact Information

If you have questions, concerns, or requests regarding this LMS Privacy Policy, please contact: