Privacy Policy

INTRODUCTION AND OVERVIEW

Bright Futures Early Learning Academy doing business as BrightSteam (“BrightSteam,” “we,” “us,” or “our”) values your trust and is committed to protecting your privacy and the personal information of all users of our services. This Privacy Policy outlines in detail the types of information we collect, how we use it, how we safeguard it, and your rights with respect to that information. Our services are designed to support early childhood education through interactive technology, mailed curriculum kits, and digital content. We understand that privacy is particularly critical when services are used by or on behalf of young children, and we take additional measures to comply with all applicable regulations including COPPA and FERPA. By using our website, platform, devices, curriculum kits, and related services (collectively, “Services”), you agree to the collection and use of information in accordance with this Policy. This Privacy Policy forms an integral part of our Terms and Conditions and End User License Agreement (EULA), which also govern your use of our Services. If you do not agree with any provision in this Privacy Policy, you must discontinue your use of the Services immediately.

We reserve the right to modify this Privacy Policy at any time. Any updates will be posted on our website with the date of the last revision indicated at the top of the page. Your continued use of the Services following any changes constitutes your acceptance of the modified policy. It is your responsibility to periodically review this Privacy Policy. If you have any questions or concerns regarding this Privacy Policy or our data practices, you may contact us using the information provided above.

1. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to all data collected by BrightSteam through any of its platforms, websites, applications, or devices used by enrolled families and their children. Whether you are visiting our public website, enrolling in a program, using a touchscreen desktop device provided by BrightSteam, or participating in live or recorded classes, this policy applies to you. It governs both online and offline interactions, including those conducted through phone, email, chat, or written correspondence. This policy applies to all parents, legal guardians, children under supervision, teachers, administrative users, and support personnel who interact with the platform. It also applies to data collected during registration, curriculum fulfillment, customer service, and surveys.

The Privacy Policy does not extend to third-party websites, tools, or applications that may be linked through our platform but are not under our control. Any such third-party site or service is governed by its own privacy practices, and BrightSteam is not responsible for their policies or activities. This Policy also does not apply to anonymous or de-identified information that cannot reasonably be used to identify an individual. However, if such data is re-linked to personal identifiers, it becomes subject to this Privacy Policy.

In addition, this Privacy Policy is aligned with federal and state privacy laws applicable to educational platforms, including the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA), where applicable. Our approach to data privacy is holistic, transparent, and continuously evaluated to ensure that user trust is upheld and children’s learning is protected. By defining the scope clearly, we help users understand when, where, and how this Policy applies and what they can expect from BrightSteam in return for their trust.

2. TYPES OF INFORMATION WE COLLECT

Overview:

We collect information necessary to operate our educational program, personalize learning experiences, fulfill customer requests, and comply with legal obligations. This includes information provided directly by users, information collected automatically through technology, and information generated through use of our services. The data we collect varies depending on the user’s role (parent, guardian, child, teacher) and the features accessed. We differentiate between personal information (such as names and contact information), device and technical data, and behavioral and usage data that reflects educational activity and performance. Some information is required for enrollment and account management, while other information is optional and used to enhance user experience. Any data collected on children is handled with heightened security and subject to additional parental controls. We do not collect more data than necessary, and we provide choices wherever possible. Transparency about what we collect helps our users make informed decisions about their engagement with BrightSteam.

2.1. Information You Provide Directly

We collect the following personal information when it is voluntarily submitted:

  • Parent or guardian’s full name

  • Child’s full name and date of birth or age

  • Email address and phone number

  • Shipping and billing addresses

  • Payment information (collected and processed via secure third-party gateways)

  • Account credentials (username and password)

  • Consent forms and enrollment documentation

  • Survey responses, feedback, and correspondence

  • Requests for support or returns

2.2. Information Collected Automatically

We may collect the following information automatically through your interaction with our websites, platforms, and devices:

  • IP address and general geolocation data

  • Device type, operating system, and browser version

  • Log data including dates/times of use, session duration, and interaction patterns

  • Referring and exit pages

  • Error reporting and diagnostic information

  • Usage analytics related to lessons, modules, and video content

2.3. Child-Specific Learning Data

When a child interacts with BrightSteam content, we may collect:

  • Lesson start/end times

  • Quiz scores and completion rates

  • Assignment results and project participation

  • Video playback and interaction history

  • Activity tracking for curriculum kits

  • Behavioral data including frequency, duration, and consistency of engagement

2.4. Cookies and Tracking Technologies

BrightSteam uses cookies and similar technologies for authentication, session continuity, personalization, and analytics. Cookies do not store sensitive data such as passwords or payment information. We may use:

  • Session cookies (expire when you close your browser)

  • Persistent cookies (remain for a limited duration to remember preferences)

  • Tracking pixels for email engagement

  • Analytics tools like Google Analytics or internal dashboards

Users may configure browser settings to decline cookies; however, some services may become inaccessible or less functional.

3. HOW WE USE YOUR INFORMATION

BrightSteam collects and uses personal data only for lawful, transparent, and educational purposes that serve the best interest of enrolled families and ensure the effective operation of our learning programs. Each category of information is collected for a specific reason and is never used for purposes that are inconsistent with our mission to provide quality early childhood education. We process information under several lawful bases, including performance of a contract, compliance with legal obligations, protection of legitimate interests, and—where appropriate—your consent. Our usage of data is proportional, meaning we collect only what is necessary to provide a secure, engaging, and developmentally appropriate experience for each user. Information may also be used to protect the rights, property, and safety of our users and our organization. In no case do we use your or your child’s personal information for advertising, behavioral profiling, or third-party sales. We are fully committed to operating in a manner that exceeds minimum legal compliance and respects your family’s expectations of privacy and dignity.

3.1. Educational Use

We use collected data to:

  • Deliver personalized and adaptive learning content

  • Monitor lesson engagement and progress

  • Recommend next-step activities or support

  • Provide teachers with activity logs or learning dashboards (if applicable)

  • Evaluate curriculum effectiveness

  • Improve student outcomes and skill retention

3.2. Operational and Logistical Use

We use your data to:

  • Register and manage user accounts

  • Fulfill and track shipments of curriculum kits and devices

  • Verify identity and prevent unauthorized access

  • Process payments and provide billing documentation

  • Respond to support requests or troubleshooting inquiries

3.3. Communication and Notifications

We may use contact details to:

  • Send account updates, shipping notices, and curriculum alerts

  • Notify you of product changes, maintenance, or service outages

  • Offer training or usage tips for BrightSteam tools

  • Invite feedback and survey responses

  • Provide legal disclosures and terms updates

3.4. Security and Fraud Prevention

We process data to:

  • Detect, investigate, and prevent fraud or abuse

  • Ensure the integrity and safety of our digital infrastructure

  • Enforce terms of use and applicable laws

  • Respond to court orders, subpoenas, or government inquiries (where permitted)

3.5. Legal Compliance

We retain and use information as needed to:

  • Comply with U.S. laws such as FERPA, COPPA, and state regulations

  • Respond to legal claims, investigations, and law enforcement requests

  • Maintain business records for tax and reporting purposes

4. HOW WE SHARE AND DISCLOSE INFORMATION

BrightSteam shares personal data only when necessary and with entities that are bound by strict contractual and legal requirements to protect your information. We do not sell or trade user data to marketers, advertisers, or external data brokers. Any disclosure of information is done with transparency and limited to the purpose for which it was collected. When data is shared, it is always done securely, with clear documentation, and only with organizations that are essential to delivering the BrightSteam experience. We retain control over how such data may be used and require all vendors and third-party service providers to comply with confidentiality obligations equal to or greater than our own standards. We disclose data only when absolutely necessary and always in accordance with applicable law. The safety and dignity of children remain our first priority in any sharing relationship.

4.1. With Service Providers

We partner with trusted vendors to support the following functions:

  • Payment processing (e.g., Stripe, PayPal)

  • Shipping and logistics (e.g., USPS, UPS)

  • Learning management hosting and cloud storage

  • Data analytics and performance monitoring

  • Email and communication services (e.g., Mailchimp, SendGrid)

All third-party providers are required to enter into written data protection agreements with BrightSteam, specifying that they may not use personal data for any purpose other than to provide services to us.

4.2. With Educational Administrators

In cases where BrightSteam partners with institutions or educators:

  • Teachers may be granted access to limited student progress data

  • Administrators may receive aggregated engagement or enrollment reports

  • Shared data is limited to that necessary for academic support and must be used in compliance with FERPA or state laws

4.3. For Legal Obligations

We may disclose your information:

  • To comply with court orders or legal investigations

  • To enforce our Terms of Use and EULA

  • To respond to claims of intellectual property infringement or contractual breaches

  • To cooperate with federal, state, or local regulatory authorities

4.4. In Corporate Transactions

If BrightSteam merges, is acquired, or sells all or part of its assets:

  • User information may be transferred to the acquiring entity

  • We will notify you before your personal data is subject to a new privacy policy

  • The new entity will be required to honor all prior privacy obligations unless you opt out

5. WAIVER OF LIABILITY AND LIMITATION OF CLAIMS

This section addresses the legal limitations of our responsibility in the collection and use of personal information. While BrightSteam takes every reasonable and industry-standard precaution to protect your privacy, no system is impenetrable. As such, we must explicitly state our liability limits to ensure clarity and fairness between BrightSteam and its users. The educational services we provide involve the integration of third-party services, internet access, and the physical shipment of educational materials—each of which introduces external variables beyond our direct control. While we monitor and screen our service providers, we cannot be held liable for actions outside the scope of our service agreements or those resulting from user negligence. By using the Services, you agree that your use is at your own risk and that BrightSteam is not responsible for any incidental, indirect, or consequential damages that may result from your use or inability to use the Services, even if we have been advised of the possibility of such damages.

5.1. General Waiver

To the fullest extent permitted by law:

  • You agree that BrightSteam shall not be liable for any damages resulting from unauthorized access, use, or disclosure of your personal data

  • You acknowledge and accept all risks associated with transmitting information over the internet

  • You release BrightSteam from any claim or liability arising from the misuse of information by unauthorized third parties or your failure to safeguard credentials

5.2. No Guarantee of Error-Free Operation

We do not warrant that the Services:

  • Will be uninterrupted or error-free

  • Will meet your specific requirements or expectations

  • Are immune to technical failures, breaches, or downtime

While we use best-in-class infrastructure and protocols, you agree that BrightSteam will not be liable for any service interruptions or data loss unless caused by willful misconduct or gross negligence.

5.3. Limitation of Damages

In no event shall BrightSteam’s total cumulative liability to you exceed the amount you paid (if any) for Services during the 12 months preceding the event that gave rise to the claim.

5.4. Indemnification

You agree to defend, indemnify, and hold harmless BrightSteam, its officers, directors, employees, agents, and licensors from and against any claims, damages, obligations, losses, liabilities, costs, or expenses (including attorney’s fees) arising out of:

  • Your violation of this Privacy Policy

  • Your use or misuse of the Services

  • Your violation of any law or rights of a third party

7. YOUR RIGHTS AND DATA CHOICES

BrightSteam believes that privacy is not just a legal obligation but a fundamental user right. We empower families with clear, accessible ways to manage their data, control preferences, and exercise meaningful privacy rights. Depending on your jurisdiction, you may have legal rights under state or federal laws—including access to data, correction, deletion, portability, and the right to object to certain types of processing. We make it easy to submit a request or exercise your rights by contacting our privacy team directly. Additionally, we provide user-facing tools (such as account dashboards and opt-in preferences) to support autonomy in managing your child’s learning experience. BrightSteam does not retaliate against users who exercise their privacy rights, and we will never deny access to educational services on the basis of a privacy request. For children under 13, all rights must be exercised by a verified parent or guardian. We take every request seriously and aim to resolve most privacy inquiries within 30 days.

7.1. Access and Correction

You may:

  • Request a copy of the personal data we hold about you or your child

  • Correct inaccuracies in account information or learning records

  • Review account activity logs (if applicable)

7.2. Deletion and Data Portability

You have the right to:

  • Request the permanent deletion of personal information

  • Receive a portable copy of your data in machine-readable format

  • Close your account and terminate enrollment

7.3. Right to Object

You may object to:

  • Unnecessary data processing unrelated to service delivery

  • Receiving promotional communications

  • Sharing of data with institutional partners or third-party providers (unless contractually required)

7.4. Submitting a Request

All privacy requests may be submitted to:
info@brightsteam.com
You must verify your identity or relationship to the child before we can process your request.

7.5. Waiver of Damages

By using BrightSteam Services, you waive the right to claim indirect or consequential damages resulting from a denial, delay, or limitation of a privacy request unless such denial constitutes willful violation of applicable privacy law.

8. CHILDREN’S PRIVACY AND COPPA COMPLIANCE

Protecting the privacy of children is at the core of BrightSteam’s mission. We adhere to the Children’s Online Privacy Protection Act (COPPA) and other relevant laws by obtaining verifiable parental consent prior to collecting any personal information from children under the age of 13. We collect only the information that is necessary to provide a meaningful educational experience and ensure developmental progress. All children’s data is collected, stored, and processed within secure, access-controlled systems that are isolated from external marketing and commercial data flows. Parents and legal guardians have the right to review, delete, or modify their child’s information at any time. We do not allow children to make purchases, post publicly, or share content with others unless such features are explicitly consented to by a parent. All content is moderated, age-appropriate, and designed to prevent collection of unnecessary sensitive data. BrightSteam will never condition participation in our programs on the provision of more information than is necessary to complete a learning objective.

8.1. Parental Rights Under COPPA

Parents and guardians may:

  • Request a full list of information collected about their child

  • Request deletion of their child’s record

  • Refuse future data collection and withdraw consent

  • Review all data, audio, or video content associated with their child’s profile

  • Consent to specific data uses while refusing others (where technologically feasible)

8.2. Verification and Consent

We obtain consent via:

  • Email verification

  • Signed paper or electronic enrollment forms

  • Phone verification or video identification

  • Secure parent portals that provide access to all activity

8.3. Content Safeguards

To protect child privacy:

  • Children cannot post messages or user-generated content

  • All sessions are recorded and reviewed for safety

  • Devices are pre-configured to limit web access to BrightSteam content only

9. DATA RETENTION AND DELETION POLICY

BrightSteam retains personal information only for as long as necessary to fulfill educational, contractual, and legal requirements. Once retention requirements are met, we either delete the data securely or de-identify it in accordance with industry best practices. Data from inactive accounts is reviewed periodically and removed after a minimum retention threshold, unless subject to audit, legal hold, or regulatory exception. We maintain internal records of data deletions for transparency and accountability. If a parent or guardian requests deletion of a child’s data, we will promptly comply, subject to identity verification and confirmation that no legal obligation prevents the deletion. Data from anonymous users or unregistered sessions is retained only for system diagnostics and then discarded. Certain operational data such as shipping records and financial transactions may be retained longer to meet tax, payment reconciliation, or auditing purposes.

9.1. Retention Timelines

We retain:

  • Active enrollment data: for the duration of enrollment + 12 months

  • Shipping, billing, and customer service records: 7 years

  • Anonymous analytics: up to 12 months

  • Legal claims and audit logs: minimum 5 years

9.2. Deletion Procedures

Deletion includes:

  • Removing personal identifiers from learning records

  • Erasing user credentials and login history

  • Confirming deletion via internal log entry

  • Informing requesting parties that deletion has been completed

10. INTERNATIONAL TRANSFERS AND JURISDICTION

While BrightSteam primarily serves U.S.-based families, it is possible for users outside the U.S. to access our Services. In such cases, you acknowledge and consent that your information will be transferred to, stored in, and processed in the United States. U.S. data protection laws may differ from those in your country, and by using our Services, you agree to the application of U.S. law with respect to your data. If you are accessing BrightSteam from a jurisdiction with its own data protection rules, you are responsible for compliance with local laws and ensuring that your use of our platform is legally permissible. We make no warranties that our Services are appropriate or lawful for use outside the United States.

10.1. Transfer Safeguards

Where international transfers occur, we:

  • Use standard contractual clauses where required

  • Limit transfers to U.S.-based cloud services and payment processors

  • Apply the same encryption and access policies to international users

10.2. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Pennsylvania, without regard to its conflict of laws rules. Any disputes arising from this policy shall be handled under the dispute resolution provisions in our Terms and Conditions.

11. THIRD-PARTY SERVICES AND EXTERNAL CONTENT

BrightSteam uses third-party services to support key features such as payment processing, content hosting, shipping logistics, and analytics. These services are necessary for delivering a functional and high-quality educational experience, but they operate under their own privacy policies and terms. Whenever we integrate a third-party provider into our system, we review their privacy practices, require signed data processing agreements, and limit the scope of shared information to what is necessary. Despite these precautions, BrightSteam does not control how third parties operate once data is transferred, and we cannot guarantee the privacy practices of external services. Users are encouraged to review third-party privacy policies before engaging with embedded services or outbound links. In some cases, external tools (e.g., video conferencing platforms or cloud-hosted learning modules) may collect additional metadata, session data, or usage analytics. We always disclose such third-party relationships and require user opt-in when sensitive data is involved.

11.1. Examples of Third-Party Services Used

We may partner with:

  • Payment gateways (e.g., Stripe, PayPal)

  • Logistics and shipping platforms (e.g., ShipStation, USPS)

  • Video delivery platforms (e.g., Vimeo, YouTube with restricted modes)

  • Analytics providers (e.g., Google Analytics, Segment)

  • Email communication platforms (e.g., Mailchimp, Twilio SendGrid)

  • Cloud-based hosting (e.g., Amazon Web Services)

11.2. Limitations of Responsibility

BrightSteam is not liable for:

  • The content, availability, or accuracy of third-party websites

  • Unauthorized actions of external service providers once data is transferred

  • The policies or operations of links to government agencies, vendors, or community resources

11.3. User Responsibility

Before clicking outbound links:

  • Review the third party’s privacy policy

  • Check your browser security settings

  • Avoid sharing unnecessary personal information on external platforms

12. DO NOT TRACK AND COOKIE CONTROLS

Modern browsers and operating systems allow users to express privacy preferences via tools like Do Not Track (DNT) headers, cookie management interfaces, and tracking protection features. While BrightSteam respects the intent of these tools, there is currently no consensus on how websites should interpret DNT signals. As such, our systems may not respond to DNT headers. However, we offer other ways to control your data, including disabling cookies, opting out of marketing communications, and using privacy-focused browser settings. BrightSteam primarily uses cookies for session integrity, user authentication, platform customization, and performance tracking. We do not use cookies to engage in cross-site tracking, behavioral profiling, or interest-based advertising. Cookies can be cleared or blocked using your browser settings, though some platform features may become inaccessible as a result.

12.1. Types of Cookies Used

We use:

  • Essential Cookies – for login, session continuity, and security

  • Performance Cookies – to monitor uptime and diagnose errors

  • Preference Cookies – to store language, accessibility, or layout options

  • Analytics Cookies – to understand engagement with lessons and resources

12.2. Your Options

You can:

  • Block all cookies via browser settings

  • Set your browser to alert you before cookies are placed

  • Use browser extensions for enhanced privacy

  • Delete stored cookies at any time

12.3. Limitations

Disabling cookies may:

  • Prevent login or cause session timeout

  • Limit ability to access content

  • Disable persistent preferences such as font size or interface theme

13. UPDATES TO THIS PRIVACY POLICY

Our Privacy Policy may evolve to reflect changes in the law, changes to our services, or new technologies. We are committed to providing transparency and will always communicate substantive changes before they take effect. When updates are made, we revise the “Last Updated” date at the top of the policy and may notify users via email, on-screen banner, or in-app notification. If we introduce new types of data collection or change the purpose of existing data use, we will seek renewed consent where legally required. By continuing to use our Services after changes are published, you agree to the revised policy unless you notify us and discontinue usage. If at any time you disagree with the terms of this Privacy Policy or future revisions, you may deactivate your account and request deletion of your data.

13.1. Reasons for Update

This policy may be updated to:

  • Comply with new state, federal, or international privacy laws

  • Reflect changes in BrightSteam products, services, or partnerships

  • Add clarity or improve formatting and transparency

  • Address emerging security or ethical concerns

13.2. Version Control

We maintain a changelog and archive of prior Privacy Policy versions. If required, we can provide earlier versions for review.

14. CONTACT AND COMPLAINTS PROCESS

BrightSteam is committed to resolving all privacy-related inquiries, concerns, or complaints in a timely and respectful manner. If you believe your personal information has been used inconsistently with this Privacy Policy, or if you would like to assert any of your privacy rights, you may contact us using the methods below. Our internal privacy team will acknowledge all valid complaints within 5 business days and aim to respond with resolution or next steps within 30 calendar days. If a dispute cannot be resolved through our internal process, you may escalate the matter to your state or federal regulatory agency. We do not tolerate retaliation against users who file good-faith complaints. All privacy disputes are governed by the terms and dispute resolution procedures outlined in our Terms and Conditions and EULA.

14.1. Contact Methods

To make a privacy inquiry, you may reach us at:

Bright Futures Early Learning Academy d/b/a BrightSteam
Attn: Privacy Officer
1745 N. Cameron Street
Harrisburg, PA 17103
Email: info@brightsteam.com
Phone: +1 (888) 995-3692

14.2. What to Include in Your Complaint

Please include:

  • Full name and account email

  • Nature of the complaint (access, deletion, correction, breach, etc.)

  • Relevant dates and copies of prior communications

  • Supporting documentation if applicable

14.3. Non-Retaliation Statement

We will not penalize, deny service to, or take adverse action against users who file privacy-related complaints in good faith.

15. RESERVATION OF RIGHTS AND POLICY SURVIVABILITY

BrightSteam reserves the right to enforce all provisions of this Privacy Policy to the maximum extent permitted by law. This includes the right to investigate and prosecute violations, seek damages or equitable relief, and cooperate with law enforcement or regulatory agencies as necessary. Nothing in this Privacy Policy shall be interpreted to limit our legal rights, remedies, or claims in any jurisdiction. Provisions of this Policy relating to data retention, liability waivers, indemnity, and dispute resolution shall survive the termination of your relationship with BrightSteam. If any part of this Privacy Policy is held unenforceable, the remaining provisions shall remain in full effect. By accessing our Services, you acknowledge that BrightSteam may assert defenses based on this Privacy Policy in any legal dispute involving data privacy, platform use, or compliance.

15.1. Reservation of Rights Includes

  • Right to modify, restrict, or terminate access to Services

  • Right to defend against claims or investigations

  • Right to retain data necessary for audits or legal proceedings

  • Right to update this Privacy Policy as needed

  • Right to limit international use of Services based on applicable laws

15.2. Severability Clause

If any provision of this Policy is deemed invalid, unlawful, or unenforceable by a court of competent jurisdiction, such provision shall be severed from the Policy, and the remaining provisions shall continue in full force and effect.

Effective Date: 07-04-2025
Last Updated: 07-04-2025
Operated by: Bright Futures Early Learning Academy d/b/a BrightSteam
Business Address: 1745 N. Cameron Street, Harrisburg, PA 17103
Phone: +1 (888) 995-3692
Email: info@brightsteam.com