Bloom AI

Bloom AI

Back to Home
Your privacy matters

Privacy Policy

Last updated: 3 February 2026

This Privacy Policy describes how Bloom AI Pty Ltd ACN 671 399 107 ("we", "our" or "us") collects, uses, and shares your personal information when you use our website at bloom.study and the services provided through our website, applications and services (collectively, the "Services"). We comply with applicable privacy and data protection laws, including the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable laws in the jurisdictions where we operate.

Table of Contents

1. What personal data we collect

We collect the categories of data listed below. Providing certain information is necessary to create your account and use the Services. We do not intentionally collect special-category data (e.g., health, religion, ethnicity).

Information you provide

  • Account information: Name, email address, role (student/teacher), and password when you create an account.
  • Organisation information: School or institution name (for Space Owners).
  • Payment information: Card details and billing address (processed via Stripe; we do not store full card numbers).
  • User content: Conversations, prompts, file uploads, and feedback you provide to the Services.
  • Communication: Messages you send to our support team.

Information collected automatically

  • IP address and approximate location
  • Device and browser type
  • Pages visited and features used
  • Date and time of access

2. How we use your information

We use your personal information to:

  • Provide and operate the Services;
  • Process payments and manage subscriptions;
  • Communicate with you about your account and the Services;
  • Provide customer support;
  • Improve and develop the Services (see Section 3);
  • Prevent fraud and maintain security;
  • Send marketing communications (with your consent; you can opt out anytime);
  • Comply with legal obligations.

Aggregated and de-identified data

We may aggregate or de-identify personal information so it can no longer identify you. We use such data for analytics, research, benchmarking, and product improvement. This data is not subject to restrictions on personal data.

3. AI Training and Improvement

This section explains how we use data to improve our AI and your controls over that use.

The Improvement Data Toggle

Space Owners control whether Teaching Space data may be used for AI training and improvement through the Improvement Data Toggle in their Space settings.

  • Free Tier: Toggle is ON by default. Space Owners may turn it OFF at any time in their settings.
  • Paid Tiers: Toggle is OFF by default. Space Owners may opt in if they wish to contribute to improvement.

What "training and improvement" includes

When the Toggle is ON, we may use conversation data to:

  • Fine-tuning: Training our AI models on conversation data to improve responses;
  • Evaluation: Testing model performance against real examples;
  • Human review: Our team may review conversations for quality assurance and safety.

When changes take effect

  • Changes to the Toggle apply prospectively (going forward).
  • Data collected while the Toggle was ON may continue to be used for improvement.
  • Data collected after the Toggle is turned OFF will not be used for training.
  • We cannot "untrain" models on data already processed, but we stop using new data from that point.

Aggregated data

Regardless of the Toggle setting, we may use de-identified and aggregated usage metrics for analytics and product improvement. This data cannot identify you or any individual.

4. Children's data

Bloom is designed for educational use by students of various ages. We take children's privacy seriously and comply with applicable laws including COPPA (US), the Children's Code (UK), and the Privacy Act (Australia).

Our age rules

  • No self-signup under 13: Users under 13 years of age may not create an Account themselves.
  • Under 13 invite-only: Users under 13 may only access Bloom via an Invite from a Space Owner (such as a school or teacher) who has obtained appropriate parental or guardian consent.
  • Under 13 no Guest Chat: Users under 13 are prohibited from using Guest Chat.
  • Ages 13-17: May create an Account or use Guest Chat with consent from parent, guardian, or school where required.

How we obtain consent for children

When children under the applicable age of digital consent access Bloom through an educational institution, we rely on the institution to obtain and provide appropriate consent on behalf of parents or guardians, in accordance with applicable laws (such as the school official exception under COPPA).

Space Owners warrant that they have obtained all necessary consents before inviting users under 13 to their Teaching Space.

5. Cookies & similar technologies

We use cookies and similar technologies for essential functionality, analytics, and marketing. Our cookie banner allows you to accept, reject, or customise non-essential cookies.

You can change or withdraw consent at any time via the "Cookie Settings" link in our footer. Withdrawal is as easy as giving consent.

6. How we share information

We may share your personal information with:

  • Service providers: Hosting (Google Cloud), payment processing (Stripe), AI providers, analytics, and customer support vendors. These parties process data only on our instructions.
  • Space Owners: If you are an End User, your Space Owner may access information about your use of their Teaching Space.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.
  • Legal requirements: When required by law or to protect our rights, safety, or property.

7. Your rights

Depending on your location, you may have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Delete your data;
  • Export your data (portability);
  • Restrict or object to certain processing;
  • Withdraw consent (where we rely on consent);
  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at [email protected].

8. Data retention

We retain your data only as long as needed for the purposes described in this policy. Here's how long we typically keep different types of data:

Data typeRetention period
Account and conversation dataWhile account is active. After closure: 30 days in active systems, then deleted. Backups retained up to 90 days.
Payment records7 years (for tax and audit compliance)
Server and application logs30 days, then aggregated/deleted
Security and fraud logsUp to 24 months
Support tickets3 years after last contact
De-identified analyticsIndefinite (cannot identify individuals)

You can request deletion of your data sooner by contacting us. We may retain some data as required by law.

9. Data security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest;
  • Access controls and authentication;
  • Regular security assessments;
  • Employee training on data protection.

However, no system is completely secure. Please use strong passwords and notify us immediately if you suspect unauthorised access to your account.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top and, for significant changes, by email or in-app notification.

11. Contact us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Bloom AI Pty Ltd ACN 671 399 107
Email: [email protected]
Address: 425/1 Hutchinson Walk, Zetland NSW 2017, Australia

12. Supplementary information for EU/UK users

Controller

Bloom AI Pty Ltd ACN 671 399 107 is the controller of your personal data for direct users. When Bloom is contracted by an educational institution, the school acts as the controller and Bloom acts as processor under Article 28 GDPR.

Representatives in EU and UK

We've appointed DataRep as our local representative. You can contact DataRep at:

  • EU: DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
  • UK: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Legal bases for processing

We process your data on the following legal bases:

  • Contract: To provide the Services (account creation, tutoring);
  • Legitimate interest: Fraud prevention, security, analytics (where not overridden by your rights);
  • Consent: Marketing communications, non-essential cookies;
  • Legal obligation: Tax records, law enforcement requests.

International transfers

We host data primarily on Google Cloud in Australia. When personal data of EEA/UK residents is transferred outside the EEA/UK, we rely on:

  • Standard Contractual Clauses (2021) approved by the European Commission;
  • UK International Data Transfer Addendum;
  • Encryption in transit and at rest;
  • Access controls and audit logging.

Automated decision-making

We do not use your personal data to make automated decisions that have legal or similarly significant effects on you. While Bloom uses AI to support learning, this is not "automated decision-making" under GDPR.

Complaints

You have the right to lodge a complaint with your local data protection authority. In the EU, you may contact the Irish Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, Ireland. In the UK, contact the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, SK9 5AF.