Bloomland Privacy Policy

Effective date: June 27, 2026 · Operator: Akshana Enterprises LLC (Sproutopolis / Bloomland)

Contact: privacy@sproutopolis.com · Phone: (857) 264-0439 · Mailing address: 82 Wendell Ave., STE 100, Pittsfield, MA 01201, USA

1. Who this is for

Bloomland is a heritage-language learning app. An adult (18+) holds the account; learners are profiles they create — which may be the adult themselves or a child they're responsible for. A parent/guardian creates and manages any child profile. This policy explains what we collect from children and parents, why, and your rights.

2. What we collect

From the parent: email, name, payment info (processed by Stripe — we never store card numbers).

From/about the child (only after parental consent): a Profile name (a first name or nickname — we do not ask for a last or full name), birth year and month (we do not collect an exact date of birth), lesson progress and in-app rewards.

Microphone: for pronunciation practice the app uses the mic on-device/at the edge to score how a word is said, then discards the audio. We never record, upload, or store a child's voice. Audio the child hears is computer-generated (synthetic).

3. How we use it

To provide the lessons, personalize content to the child's age, maintain progress, and operate/secure the service. We do not sell children's data, do not use it for behavioral advertising, and do not send children's data to third-party AI/ad services. We use no third-party analytics or advertising SDKs.

4. Parental consent (COPPA)

We obtain verifiable parental consent before collecting any child data — via the parent's paid subscription (a card transaction) or an explicit in-app affirmation by the signed-in parent. A parent can review, or refuse further collection, at any time.

5. Your rights as a parent

• Review your child's data · Delete it · Refuse further collection.
• Delete in-app (Delete account) or email privacy@sproutopolis.com. We complete deletion within 30 days.

6. Who we share with (subprocessors)

Service providers that process data on our behalf under contract (DPAs): Supabase, Neon, Railway, Cloudflare, Apple/Expo, Stripe (parent payment), Google Cloud TTS (name audio). A current subprocessor list is available on request at privacy@sproutopolis.com. We disclose data only as required by law.

7. Data retention, security, isolation

Kept while the account is active; deleted on request (§5). Security: encrypted in transit, row-level access controls, an audit log of access to children's data. Children's data is physically isolated from our unrelated business lines.

8. Changes & contact

We'll post changes here and update the effective date. Questions: privacy@sproutopolis.com.