Thumbnail

Privacy Evaluation for Bloomz

Last updated April 18, 2018

Overview

Bloomz provides an application to communicate with parents, and to share class photos and updates. The terms of Bloomz state they do not provide any social interactions between students, but the terms specify that any information a user voluntarily chooses to include in a publicly accessible area, such as a public profile page, will be available to anyone who has access to that content, including other users. Bloomz's terms state they collect personal information from a user when they create an account, or automatically while using the service, or from other third party sources. Bloomz's terms do not specify details about its data security practices or whether personally identifiable information is encrypted while in transit or while stored. Bloomz specifies in their terms that they will never use a student’s personally identifiable information, or collect, use, or share that information for any purposes beyond the authorized educational or school purposes..

Bloomz can be accessed through its website, and is available for download at the iOS App Store, and the Google Play Store. The Privacy Policy and Terms of Use accessed for this evaluation can be found on Bloomz’s website, iOS App Store, and the Google Play Store.This evaluation only considers policies that have been made publicly available prior to an individual using the application or service.

Safety

The terms of Bloomz state they do not provide any social interactions between students, but the terms specify that any information a user voluntarily chooses to include in a publicly accessible area, such as a public profile page, will be available to anyone who has access to that content, including other users. The terms also specify that users have the ability to store significant dates and details about family members (like birthdays) in a calendar in order to get email reminders.

Privacy

The terms of Bloomz state they collect personal information from a user when they create an account, or automatically while using the service, or from other third party sources. Bloomz's terms state they will never sell a student’s personally identifiable information to third parties for any purpose, but Bloomz allows third party service providers to use cookies and/or other monitoring technologies to compile anonymous statistics about their visitors. The terms state that Bloomz may use third-party service providers to serve advertisements on their behalf to users across the Internet and on their Apps. However, the terms state Bloomz does not directly target advertisements to students, but may behaviorally target advertising to parents. The terms also specify that Bloomz can receive personally identifiable information from trusted partners and other third-party sources.

Security

The terms of Bloomz state they use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of a user’s information. If Bloomz learns of a security systems breach, they may post a notice through its Apps and may attempt to notify a user electronically so they can take appropriate protective steps. However, Bloomz's terms do not specify any additional details about its data security practices or whether personally identifiable information is encrypted while in transit or while stored.

Compliance

The terms of Bloomz state the Service is not intended for use by children under the age of 13, and Bloomz does not knowingly collect personally identifiable information from visitors under the age of 13. In addition, Bloomz's terms state the Service is intended for teacher-parent communication only, and a teacher may request an individual student to input content that was created by that student. However, in no circumstances does Bloomz allow that information to become part of the student's profile without teacher approval and parental consent.

The terms state Information may be provided to Bloomz by teachers, teacher aides, or other personnel at an Educational Institution that is directly related to a student and maintained by the Institution, and may be considered an education record under the Family Educational Rights and Privacy Act ("FERPA"). Bloomz's terms state information provided about a student, such as student name and grade level, may be considered directory information under FERPA and not an education record.

Lastly, Bloomz specifies in their terms they will never use a student’s personally identifiable information, or collect, use, or share that information for any purposes beyond the authorized educational or school purposes, or as explicitly authorized by the student or parent. The terms state if Bloomz learns that personally identifiable information has been collected on its service from children under the age of 13, and without verifiable parental or teacher consent, then Bloomz will take appropriate steps to delete that information.

Data Collection
SCORE: 55%

What data does it collect?

  • Personally identifiable information (PII) is collected.
  • The categories of collected personally identifiable information are indicated.
  • Collection or use of data is limited to product requirements.
  • Geolocation data are collected.
  • Unclear whether this product collects biometric or health data.
  • Unclear whether this product collects behavioral data.
  • Unclear whether this product collects sensitive data.
  • Non-personally identifiable information is collected.
  • Combined information is treated as personally identifiable information (PII).
  • Personal information from children under 13 years of age is not collected online.
Data Sharing
SCORE: 90%

What data does it share?

  • Collected information is shared with third parties.
  • The categories of information shared with third parties are indicated.
  • The purpose for sharing a user's personal information with third parties is indicated.
  • Use of information is limited to the purpose for which it was collected.
  • Data are shared for analytics.
  • Data are shared for research and/or product improvement.
  • Data are shared with third-party service providers.
  • The roles of third-party service providers are indicated.
  • Social or federated login is supported.
  • Contractual limits are placed on third-party data use.
Data Security
SCORE: 70%

How does it secure data?

  • Unclear whether a user's identity is verified with additional personal information.
  • Account creation is required.
  • Parental controls or managed accounts are available.
  • Two-factor account protection is available.
  • Third-party contractual security protections are required.
  • Industry best practices are used to protect data.
  • Unclear whether this product limits employee or physical access to user information.
  • All data in transit are not encrypted.
  • All data at rest are not encrypted.
  • Notice is provided in the event of a data breach.
Data Rights
SCORE: 75%

What rights do I have to the data?

  • Opt-in consent is requested from users at the time personal information is collected.
  • Users can control their information through privacy settings.
  • Users can create or upload content.
  • Users retain ownership of their data.
  • Processes to access and review user data are available.
  • Processes to modify inaccurate data are available.
  • A data-retention policy is available.
  • Unclear whether the school, parents, or students can delete data.
  • Unclear whether a user can delete all their data.
  • Processes to download user data are available.
Data Sold
SCORE: 45%

Is the data sold?

  • Data are not sold or rented to third parties.
  • Unclear whether users can opt out from the disclosure or sale of their data to a third party.
  • Unclear whether user information can be transferred to a third party.
  • Unclear whether users are notified if their information is transferred to a third party.
  • Unclear whether user information can be deleted prior to its transfer to a third party.
  • Unclear whether third-party transfers are contractually required to use the same privacy practices.
  • User information is shared in an anonymous or deidentified format.
  • The vendor describes their deidentification process of user information.
  • Data are shared for research and/or product improvement.
  • Contractual limits prohibit third parties from reidentifying deidentified information.
Data Safety
SCORE: 25%

How safe is this product?

  • Unclear whether this product supports interactions between trusted users and/or students.
  • Unclear whether users can interact with untrusted users, including strangers and/or adults.
  • Unclear whether profile information is shared for social interactions.
  • Personal information is displayed publicly.
  • Users can control how their data are displayed.
  • User-created content is not reviewed, screened, or monitored by the vendor.
  • User-created content is not filtered for personal information before being made publicly visible.
  • Unclear whether social interactions between users are moderated.
  • Unclear whether social interactions of users are logged.
  • Unclear whether users can report abuse or cyberbullying.
Ads & Tracking
SCORE: 50%

Are there advertisements or tracking?

  • Data are shared for third-party advertising and/or marketing.
  • Traditional or contextual advertisements are displayed.
  • Behavioral or targeted advertising is not displayed.
  • Data are collected by third-party advertising or tracking services.
  • Data are used to track and target advertisements on other third-party websites or services.
  • Unclear whether this product creates and uses data profiles for data enhancement, and/or targeted advertisements.
  • The vendor can send marketing messages.
  • The vendor does provide promotional sweepstakes, contests, or surveys.
  • Unclear whether this product provides users the ability to opt-out of traditional, contextual, or behavioral advertising.
  • Users can opt out or unsubscribe from marketing communications.
Parental Consent
SCORE: 80%

Can I provide parental consent?

  • Not intended for children under 13.
  • Intended for parents or guardians.
  • Vendor does not have actual knowledge that personal information from users under 13 years of age is collected.
  • Children's privacy is applicable.
  • Unclear whether this product indicates COPPA parental consent exceptions.
  • Parental consent is required.
  • Unclear whether this product limits parental consent with respect to third parties.
  • Parents can withdraw consent for the further collection of their child's information.
  • Children's personal information is deleted if collected without parental consent.
  • Parental consent notice and method for submission are provided.
School Purpose
SCORE: 85%

Is the product intended for school?

  • Intended for students.
  • Personal information or education records are collected from preK-12 students.
  • Intended for teachers.
  • Product is primarily used by, designed for, and marketed toward students in grades preK–12.
  • Product does create education records.
  • Notification of a contract or additional rights is provided.
  • Vendor is designated as a school official.
  • Parental consent obligations are transferred to the school or district.
  • FERPA parental consent exceptions are indicated.
  • Directory information is disclosed.

Common Sense Standard Privacy Report (SPR)

The standard privacy report (SPR) displays all the privacy practices from a product's policies in a single, easy-to-read outline. The report shows a green check mark for better privacy practices and an orange alert for risky or unclear practices. This alert indicates that more time should be focused on these particular details prior to use.

About Privacy Evaluations

The privacy evaluations have been designed with the help and support of a consortium of schools and districts across the United States. These evaluations are designed to help educators make informed decisions about the potential privacy implications of educational technology used to support teaching and learning.

Our core evaluation criteria will always be freely available. People are encouraged to read the questions we use and our information security primer. Vendors are encouraged to use our questions and the information security primer to self-evaluate. You can also learn more about our evaluation process. Please be in touch with any questions or feedback.