Legal

Privacy Policy

We believe you deserve to know exactly how your data — and your children's data — is handled. This policy is written to be clear, not just comprehensive.

Last updated: May 2026 · Effective: May 2026

Contents
  1. Overview
  2. Who This Policy Applies To
  3. Information We Collect
  4. How We Use Your Information
  5. Identity Verification & Biometric Data
  6. Children's Data
  7. How We Share Information
  8. Data Security
  9. Data Retention & Deletion
  10. Your Rights & Choices
  11. Cookies & Tracking
  12. Changes to This Policy
  13. Contact Us

1. Overview

Bright After School is operated by BrightGrades Inc. ("we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use Bright After School — including our website, mobile applications, and web dashboard (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, do not use the Service.

2. Who This Policy Applies To

This policy applies to three types of users:

  • Program Operators — Schools, after-school programs, YMCAs, and other organizations that create a program account and use Bright After School to manage their program.
  • Parents & Guardians — Adults who create a parent account to manage pickups for their enrolled children.
  • Authorized Pickup Persons — Adults who are added by a parent or program operator as authorized to pick up a child.

Children do not have accounts. Children's information is provided by program operators and parents, not by the children themselves. Children do not interact directly with our Service.

3. Information We Collect

Information you provide directly:

  • Account registration information: name, email address, phone number, role
  • Program details: program name, school name, address, enrollment information
  • Student roster information: student first and last name, grade, program enrollment
  • Identity verification documents: government-issued ID photo, selfie photograph
  • Payment information: credit card details (processed by Stripe; we do not store raw card numbers)
  • Communications: messages you send us through the contact form or email

Information collected automatically:

  • Check-in and check-out event logs: who was picked up, who picked them up, timestamp, and confirming staff member
  • Device information: device type, operating system, browser type
  • Usage data: pages visited, features used, session duration
  • IP address and approximate location (city/region level)

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Verify the identity of parents and authorized pickup persons
  • Enable safe, verified child pickups
  • Send push notifications and alerts to parents about their child's check-in and check-out status
  • Process payments and manage billing
  • Respond to support inquiries and troubleshoot issues
  • Improve and develop the Service
  • Comply with legal obligations

We do not use your information for advertising, sell it to third parties, or use children's data for any purpose other than operating the Service.

5. Identity Verification & Biometric Data

Bright After School requires parents and authorized pickup persons to verify their identity using a government-issued photo ID and a selfie. This process may involve comparing facial features between the ID photo and the selfie, which may constitute biometric data processing under certain state laws.

How we handle identity documents:

  • ID photos and selfies are encrypted using AES-256 encryption at rest
  • They are accessible only to authorized program administrators for verification purposes
  • They are never shared with advertisers, data brokers, or unaffiliated third parties
  • They are deleted within 30 days of account closure
  • We do not use identity data to build profiles for marketing or sell derived data

If you are located in a state with a Biometric Information Privacy Act (such as Illinois), you consent to the collection and use of biometric identifiers as described here by creating an account and submitting verification documents.

6. Children's Data

We are committed to protecting the privacy of children. Please review our dedicated COPPA Policy for full details on how we handle information about children under 13.

In summary: we do not collect personal information directly from children. All student data is provided by program operators (schools/programs) and parents. We do not use children's data for advertising, profiling, or any purpose beyond operating the Service for the program that enrolled them.

Parents have the right to review, correct, and request deletion of their child's information at any time. Contact us at privacy@brightgrades.com.

7. How We Share Information

We do not sell personal information. We share information only in these circumstances:

  • With your program: Program administrators can see the information of parents and students enrolled in their program, including verified identity status.
  • Service providers: We use trusted third-party services to operate the platform (e.g., Stripe for payments, Clerk for authentication, Neon for database hosting). These vendors are contractually bound to use your data only to provide services to us.
  • Legal compliance: We may disclose information if required by law, court order, or government request, or to protect the safety of any person.
  • Business transfers: If BrightGrades Inc. is acquired or merges, your data may transfer to the new entity, subject to this same privacy policy.

8. Data Security

We implement industry-standard security measures including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls — staff only see data for their own program
  • Regular security reviews and vulnerability assessments
  • Multi-factor authentication available for all accounts

No system is completely secure. If you believe your account has been compromised, contact us immediately at security@brightgrades.com.

9. Data Retention & Deletion

We retain your data for as long as your account is active. When you close your account:

  • Student records and attendance logs are deleted within 90 days
  • Identity verification documents are deleted within 30 days
  • Payment transaction records are retained for 7 years as required by law
  • Anonymized, aggregated usage statistics may be retained indefinitely

You may request early deletion of specific data at any time by emailing privacy@brightgrades.com.

10. Your Rights & Choices

Depending on where you live, you may have rights including:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a structured, machine-readable format
  • Opt-out of communications: Unsubscribe from marketing emails at any time using the link in any email we send

California residents have additional rights under the CCPA/CPRA. To exercise any of these rights, contact us at privacy@brightgrades.com. We will respond within 30 days.

11. Cookies & Tracking

We use essential cookies required to operate the Service (session management, authentication). We do not use third-party advertising cookies or behavioral tracking cookies. Our analytics use privacy-preserving, aggregated data only.

You can disable cookies in your browser settings, but doing so may prevent certain features from working correctly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a notice in your dashboard at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

BrightGrades Inc. — Privacy Team
Email: privacy@brightgrades.com
We respond to all privacy inquiries within 5 business days.