Bloomland

Privacy Policy

Bloomland is operated by Akshana Enterprises LLC ("we," "our," or "us"). This Privacy Policy explains how we collect, use, share, and protect information when you and your child use the Bloomland app (iOS and Android) and related services available at bloomland.app (collectively, the "Service").

Bloomland is a tap-driven language-learning app for kids ages 6–12. Because children are the direct end-users of the app, we take our privacy obligations seriously and apply the strictest practices we know. Please read this policy fully before creating an account.

Contact: [email protected] | [email protected]


1. Who We Are

Akshana Enterprises LLC ("Akshana Enterprises LLC") is a Delaware limited liability company doing business as Bloomland. All data collected through the Service is controlled by Akshana Enterprises LLC. Questions, requests, and complaints related to this policy may be sent to:

Akshana Enterprises LLC d/b/a Bloomland Email: [email protected]

For time-sensitive account-deletion or data-rights requests, include "Privacy Request" in the subject line. We will respond within 10 business days.


2. Who Uses the Service

Parents or legal guardians (18+) create and own Bloomland accounts. Children ages 6–12 use the app under parent oversight. Children do not create their own accounts.

This structure is intentional: it lets us honor COPPA's verifiable-parental-consent requirement while still giving children a fully personalized learning experience.


3. What We Collect

3.1 Parent Account Information

When you create a Bloomland account, we collect:

Payment information is handled entirely by Stripe when you subscribe at bloomland.app. Stripe processes and stores your payment method under its own privacy and security policies; we receive only the confirmation that a subscription is active. We never see or store your credit card number, expiration date, or CVC.

We do not collect your home address, phone number, or location. We do not collect a profile photo or social-login data.

3.2 Child Information (Provided by Parents; Used Within the App)

When a parent creates a child profile, we collect:

We do not collect: child's surname, email address, phone number, home address, photo, or any social-media handle.

3.3 Voice Recordings — SpeakIt Scoring Flow

Bloomland includes a speaking-exercise feature ("SpeakIt") that listens to your child say a word or phrase and scores their pronunciation. Here is exactly what happens:

  1. Your child taps the microphone button and speaks.
  2. The recording (a short audio clip, typically 1–5 seconds) is sent over HTTPS to a Cloudflare Worker endpoint operated by Akshana Enterprises LLC (sproutopolis-speakit.cvsprintmerch.workers.dev — this is an internal-only legacy URL; the infrastructure is ours).
  3. The Worker submits the audio bytes to Cloudflare Workers AI (Whisper model) for transcription. The result (text) is returned to the app.
  4. The audio bytes are not retained by the Worker or by Cloudflare Workers AI after inference completes. No audio file is written to disk or stored in any database.
  5. The returned transcription text is compared to the expected phrase inside the app. The score (pass/fail + accuracy percentage) is stored on-device and synced to our backend as lesson progress data only — not the transcription text or the audio.

*(Sarah Martinez, §2.3 and §3, Privacy Policy outline: this section is the explicit voice-handling disclosure she required.)*

Mic permission copy: "Bloomland records your voice so it can listen and help you say words right. Recordings are sent securely to our scoring service and deleted right after." No other use is made of the recording.

On-device name recording (optional): A child may optionally record their own name for playback in celebratory moments. This recording is stored exclusively on the device (AsyncStorage) and is never transmitted to our servers or any third party.

3.4 App Usage Information

We collect:

We do not collect page-level analytics, session replays, heatmaps, or any data that feeds a third-party analytics platform. There is no Mixpanel, PostHog, Sentry, Amplitude, or equivalent SDK in Bloomland. This is a deliberate design decision, not an oversight.

3.5 What We Do Not Collect

To be explicit:


4. How We Use Your Information

We use the information we collect for the following purposes only:

We do not use your information or your child's information to:


5. Information Sharing

We do not sell, rent, or trade personal information. We share information only with the following service providers, strictly to operate the Service:

ProcessorRoleChild data involved?Retention
Cloudflare (CDN + Workers AI)Serves lesson audio/content files (auth-gated CDN); runs the SpeakIt Whisper WorkerVoice audio bytes during SpeakIt scoring onlyAudio bytes discarded post-inference; CDN logs standard (IP + request) per Cloudflare's policy
Google Cloud (TTS)Generates narration audio for lesson content — server-side, backend pipeline onlyNo kid data (phrases are curriculum text, not child-specific)Not applicable; Google processes curriculum text, not user data
Expo / EASBuild infrastructure and over-the-air app updatesNoNot applicable
StripePayment processing for web subscriptions purchased at bloomland.appParent email + billing address for receipt and tax recordsRetained per Stripe's policy; we retain the subscription-status flag + Stripe customer ID for the life of the account, plus 7 years for tax/accounting after account deletion
Apple (App Store)App distribution only (mobile app download) — no purchase processing runs through Apple at launchNoPer Apple's privacy policy

*(Sarah Martinez, §2.8: DPAs with Google Cloud, Cloudflare, and Expo are available via each provider's online DPA click-through — Akshana Enterprises LLC is covered under these standard DPAs. A separate EU-region DPA package will be executed before any EU availability is enabled.)*

Legal disclosures: We will disclose information if required by a valid court order, subpoena, or applicable law. We will notify you of such requests where legally permitted.

No advertising networks. No data brokers. No analytics services. No third-party trackers of any kind.


6. Children's Privacy — COPPA Compliance

*(Sarah Martinez, §2.2, §3 Privacy Policy outline: this section is the COPPA-specific disclosure she required.)*

Bloomland is a dedicated children's app under COPPA (16 CFR Part 312). This means stricter obligations apply than for general-audience apps.

What COPPA requires of us:

How Bloomland satisfies these requirements:

Parents have the right to:


7. Verifiable Parental Consent

*(Sarah Martinez, §2.2, required section: "Verifiable Parental Consent — explain mechanism exactly.")*

For paid subscribers: Purchase is made through Stripe at bloomland.app. Stripe requires the account holder to authenticate their payment method (credit card or supported alternative) during checkout. This purchase step — controlled by the adult account holder — serves as the parental authorization gate for access to paid content. This mechanism is consistent with FTC guidance that a credit-card transaction constitutes verifiable parental consent for information collection in a paid children's product.

For free-preview users (3 lessons before subscribing): Account creation requires the parent's email address. Upon registration, we send a confirmation email to that address. The child's profile cannot be activated until the parent clicks the confirmation link in that email. This email-confirmation step documents that an adult controls the email account and is the account holder. This satisfies the COPPA "email plus" consent mechanism for the limited personal information collected during the free preview (first name and birth year only; SpeakIt voice recording remains available in the free preview since voice consent is a separate, per-child tickbox that we ask the parent to complete at profile creation — see Section 3.3).

Shared parent identity with KidSprout. If you also use KidSprout (an after-school-activity planner operated by Akshana Enterprises LLC), the two apps recognize the same parent email — sign in once, use either app. Only standard parent-account fields (email, hashed password or OAuth identity, session token) are shared for this cross-app recognition. No child profile, lesson progress, subscription entitlement, or audio data is shared between the two products.


8. Data Security

We implement the following technical measures to protect your information:

No system is 100% secure. If we become aware of a data breach that affects your information, we will notify you promptly via the email address on your account.


9. Data Retention and Deletion

Data typeRetention period
Parent email + hashed passwordUntil account deleted
Child first name, birth year, avatarUntil account deleted
Lesson progress, XP, streaksUntil account deleted
Voice bytes (SpeakIt)Discarded within seconds of Whisper inference completing — not stored
On-device name recordingOn device only; deleted when app is uninstalled or user deletes the profile
Push notification tokenDeleted from our servers immediately upon disabling notifications or deleting account
Payment records (Stripe transaction records)Retained 7 years as required for tax and accounting purposes

Account deletion: When you delete your account (see Section 11), all identifiable data is removed from our active systems immediately. Residual copies in backup systems are purged within 30 days.


10. Affiliated Products and KidSprout Integration

Akshana Enterprises LLC also operates KidSprout (kidsprout.app), a separate app for parents to discover and manage kids' extracurricular activities. Bloomland and KidSprout are separate products and separate apps with separate data stores.

Cross-app parent sign-in. A parent who uses both Bloomland and KidSprout signs in with the same email (or Google account) and the second app recognizes the same parent identity. What is shared across the two products for this recognition: the parent's email address and account session. What is not shared: child profile data, lesson progress, voice recordings, sticker/trophy collections, or subscription entitlements — each product manages its own child-side data and its own paid entitlement.

The cross-app identity layer is hosted by Supabase (a Delaware C-corp; standard DPA in place) on the parent's behalf under Akshana Enterprises LLC. Standard parent-side credential security applies (encryption in transit + at rest; hashed passwords; OAuth tokens stored only in the device's secure session storage). *(Sarah Martinez, §2.9: "Consent flow is the same as a single-product sign-in — the parent is the account holder, no parental consent is implied across products without an explicit grant.")*


11. Your Rights and Account Deletion

To delete your account and all child data:

  1. Open the Bloomland app → Settings → Account → Delete Account, or
  2. Email [email protected] with the subject line "Delete my account."

Upon deletion request:

To export your data: Email [email protected] with the subject "Data export request." We will provide a machine-readable copy of your account data within 10 business days.

To correct data: Update child profile information directly in the app (Settings → Kids → Edit Profile), or email [email protected].

To opt out of notifications: Toggle off in the app's Settings screen or via your device's system notification settings.


12. Cookies and Local Storage

The Bloomland mobile app does not use advertising cookies or third-party tracking cookies. We use:

If you use the bloomland.app website (legal pages, account management), we use a single session cookie for authentication only. No advertising cookies, no third-party tracking scripts.


13. Changes to This Policy

We will update this Privacy Policy from time to time. For material changes (changes that affect what data we collect, who we share it with, or how long we retain it), we will:

  1. Post the updated policy at bloomland.app/privacy with a new "Last Updated" date.
  2. Send an email notification to the parent's email address on file at least 30 days before the change takes effect.
  3. Display an in-app notice upon your next login.

Continued use of the Service after the effective date of a material change constitutes acceptance of the updated policy.


14. Contact, Complaints, and Regulatory Links

For privacy questions or data requests: [email protected]

For general support: [email protected]

For legal and compliance matters: [email protected]

Regulatory resources:

We take every privacy inquiry seriously and will respond within 10 business days.