โ† Back to BrightMinds

Data Security & Privacy Policy

Comprehensive guidelines on how we collect, protect, and manage student and parent information.

Last Updated: June 1, 2025

1. Overview & Commitment

At BrightMinds Tutoring, the privacy and security of our students, parents, and guardians are our highest priorities. We recognize that educational data is highly sensitive and handle it with the utmost care, transparency, and industry-leading security protocols.

๐Ÿ”’ Our Promise

We never sell, rent, or trade personal information. Your data is used solely to deliver, improve, and secure our tutoring services.

This policy outlines how we collect, use, store, and protect information in compliance with educational privacy laws and international data protection standards.

2. Information We Collect

We collect information to personalize learning experiences, ensure account security, and comply with educational regulations. Data is categorized as follows:

  • Account Information: Name, email, phone number, preferred language, and account credentials.
  • Student/Academic Data: Grade level, subjects of interest, learning goals, progress metrics, session recordings, and assessment results.
  • Payment & Billing: Processed securely via PCI-compliant third parties. We do not store full credit card numbers.
  • Technical & Usage Data: IP address, device type, browser, session duration, and platform interaction logs for security and optimization.

For students under 13, we require verified parental consent before collecting any personal or academic information, in full compliance with COPPA.

3. Security Measures

BrightMinds employs a multi-layered security architecture designed to protect data against unauthorized access, disclosure, alteration, and destruction.

๐Ÿ”

Encryption

AES-256 at rest & TLS 1.3 in transit

๐Ÿ›ก๏ธ

Access Control

Role-based permissions & MFA

๐ŸŒ

Infrastructure

SOC 2 Type II certified cloud hosting

๐Ÿ“‹

Audits

Quarterly penetration testing & reviews

Our security team monitors systems 24/7. All employees and contracted tutors complete mandatory cybersecurity and student privacy training annually. Session recordings and academic files are stored in isolated, encrypted environments with strict retention limits.

4. Regulatory Compliance

We adhere to all applicable local, state, and federal privacy regulations governing educational technology and student data:

  • FERPA (Family Educational Rights and Privacy Act): We respect parental rights to access, review, and update education records. No data is disclosed without consent unless legally required.
  • COPPA (Children's Online Privacy Protection Act): Verifiable parental consent is required for users under 13. We implement age-gating and strict data minimization for minor accounts.
  • GDPR & CCPA/CPRA: For users in the EU and California, we provide full data portability, consent management, and right-to-erasure workflows.
  • ISO 27001 & SOC 2: Our systems are regularly audited against international information security management standards.

โš–๏ธ Legal Exceptions

We may disclose information without consent if required by law, to prevent imminent harm, or to protect BrightMinds' legal rights.

5. Data Sharing & Third Parties

We do not share personal or academic data with advertisers, brokers, or unrelated third parties. Data is only shared with:

  • Service Providers: Payment processors, cloud infrastructure, and analytics vendors bound by strict data processing agreements (DPAs).
  • Assigned Tutors: Only necessary academic and scheduling information is shared to facilitate sessions. Tutors sign confidentiality agreements and undergo background checks.
  • Schools & Districts: Only with explicit written consent from parents/guardians or as part of verified institutional partnerships.

6. Your Rights & Control

Depending on your jurisdiction, you may have the right to:

  • Access, review, and export your personal and academic data
  • Correct inaccurate or incomplete information
  • Request deletion of account data (subject to legal retention requirements)
  • Opt out of non-essential data collection and marketing communications
  • Withdraw consent at any time (for COPPA/GDPR governed accounts)

To exercise these rights, use the privacy settings in your account dashboard or contact our Data Protection Officer directly.

7. Data Retention & Deletion

We retain data only as long as necessary to provide services, comply with legal obligations, and resolve disputes:

  • Active Accounts: Data is maintained while you use our services.
  • Inactive Accounts: Data is anonymized after 24 months of inactivity.
  • Session Recordings: Automatically deleted after 30 days unless explicitly saved to your account.
  • Financial Records: Retained for 7 years per tax and auditing requirements.

Upon account deletion, all personal identifiers are permanently erased within 30 days. Aggregated, anonymized data may be retained for educational research and platform improvement.

8. Policy Updates

We may update this policy to reflect changes in technology, regulations, or business practices. Material changes will be communicated via email and in-app notifications at least 30 days before they take effect. Continued use of our services constitutes acceptance of updated terms.

9. Contact Our Privacy Team

If you have questions about this policy, your data, or wish to submit a privacy request, please reach out:

๐Ÿ“ง Data Protection Officer

BrightMinds Tutoring, Inc.

โœ‰๏ธ Email: privacy@brightminds.com
๐Ÿ“ž Phone: (800) 555-1234 ext. 880
๐Ÿ“ Mail: 123 Education Lane, Suite 200, San Francisco, CA 94102