Last updated: May 2026
Bright After School is operated by BrightGrades Inc. ("we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect information when you use Bright After School, including our website, mobile applications, and web dashboard.
Bright After School is designed for after-school care programs. Because children are enrolled in these programs, we take children's privacy with the utmost seriousness and comply fully with the Children's Online Privacy Protection Act (COPPA).
Bright After School does not collect personal information directly from children under 13. Children's information (name, grade, photo, attendance records) is provided solely by the program operator or the child's parent or legal guardian. We treat all children's data with heightened protections.
Parents have the right to review the personal information we have collected about their child, to request that it be corrected or deleted, and to refuse any further collection. To exercise these rights, contact us at privacy@brightgrades.com.
We collect information you provide directly: name, email address, phone number, government-issued ID images (for identity verification), selfie images, program details, student roster information, and payment information. We also collect usage data such as check-in/check-out events, device identifiers, and app usage logs for the purpose of providing the service.
Bright After School requires parents and authorized pickup persons to verify their identity using a government-issued ID and a selfie. This information is used solely to create and maintain a verified identity profile for child safety purposes. We do not use identity documents for marketing, profiling, or any purpose other than verifying who is authorized to pick up a child.
Identity documents and biometric data are encrypted using AES-256 encryption at rest. Access is strictly limited to authorized systems and never shared with third parties except as required to operate the verification service.
All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. We use role-based access controls so that only authorized staff at your program can access your program's data. We conduct regular security reviews and maintain security incident response procedures.
Program data is retained for as long as your program account is active. When you close your account, data is deleted within 90 days, except where we are required by law to retain it. You may request early deletion of your data by contacting privacy@brightgrades.com. Identity verification documents are deleted within 30 days of account closure.
If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@brightgrades.com or write to BrightGrades Inc., Privacy Team. We respond to all privacy inquiries within 5 business days.