Privacy Policy

1. Introduction

BrightMinds Academy ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website your-domain.com and use our educational services.

By accessing or using our website, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, profile picture, educational preferences
• Student Information: Age, grade level, learning history, academic progress
• Payment Information: Billing address, credit card details (processed securely through third-party payment processors)
• Communication Data: Messages, feedback, support inquiries, and correspondence

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Usage Data: Pages viewed, time spent on pages, click patterns, navigation paths
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: General geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information from educational partners, social media platforms (if you connect your account), and analytics providers to enhance our services.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve our educational services and platform
• Personalization: Customize learning experiences, recommendations, and content
• Communication: Send administrative information, updates, newsletters, and promotional materials
• Payment Processing: Process transactions and manage billing
• Customer Support: Respond to inquiries, provide technical assistance, and resolve issues
• Analytics: Analyze usage patterns, monitor performance, and improve user experience
• Security: Protect against fraud, unauthorized access, and security threats
• Legal Compliance: Comply with legal obligations and enforce our terms of service
• Research: Conduct educational research and develop new features (anonymized data only)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Consent: You have given explicit consent for specific processing activities
• Contract Performance: Processing is necessary to fulfill our contractual obligations
• Legal Obligation: Processing is required to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights are not overridden

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Collect anonymous data about website usage and performance
• Functional Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Track your activity to deliver relevant advertisements

5.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit website functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may affect functionality)
• Receive notifications when cookies are set

6. Data Sharing and Disclosure

We may share your information with the following categories of third parties:

6.1 Service Providers

• Cloud hosting and storage providers
• Payment processors (Stripe, PayPal)
• Email service providers
• Analytics services (Google Analytics)
• Customer support platforms
• Marketing and advertising partners

6.2 Educational Partners

We may share limited information with educational institutions, tutors, and content providers to facilitate services.

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, safety, and property.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

7. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield Framework compliance (where applicable)
• Adequacy decisions by relevant data protection authorities

8. Data Security

We implement industry-standard security measures to protect your information:

• SSL/TLS encryption for data transmission
• Encrypted storage of sensitive information
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Active Accounts: Retained while your account is active
• Inactive Accounts: Deleted after 3 years of inactivity (with prior notice)
• Financial Records: Retained for 7 years for tax and legal compliance
• Marketing Data: Retained until you withdraw consent
• Legal Claims: Retained as necessary for legal purposes

10. Your Rights and Choices

Under GDPR and other privacy laws, you have the following rights:

10.1 Access and Portability

• Right to Access: Request a copy of your personal data
• Right to Portability: Receive your data in a structured, machine-readable format

10.2 Correction and Deletion

• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")

10.3 Processing Limitations

• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to processing based on legitimate interests or for direct marketing

10.4 Consent Management

• Right to Withdraw Consent: Withdraw previously given consent at any time
• Marketing Opt-Out: Unsubscribe from marketing communications

10.5 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

10.6 Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise your rights, contact us at: [email protected]

11. Children's Privacy

BrightMinds Academy provides educational services to children under 18. We comply with the Children's Online Privacy Protection Act (COPPA) and similar regulations:

• Parental Consent: We require verifiable parental consent before collecting information from children under 13
• Limited Collection: We collect only information reasonably necessary for educational purposes
• Parental Rights: Parents can review, modify, or delete their child's information
• No Marketing: We do not use children's data for targeted advertising
• Third-Party Restrictions: We ensure service providers comply with child privacy standards

Parents can contact us at [email protected] to exercise rights regarding their child's information.

12. Third-Party Links and Services

Our website may contain links to third-party websites, educational resources, or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and sharing practices
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To submit a request, email [email protected] or call our toll-free number.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending email notifications to registered users
• Displaying prominent notices on our website

We encourage you to review this Privacy Policy regularly. Your continued use of our services after changes indicates acceptance of the updated policy.