Privacy Policy

Last updated on November 05, 2025

This Privacy Policy describes how Bloom Software, Inc., doing business as Thrively ("Thrively", "we", "our" or "us") collects, uses and protects information from parents, children, schools and school districts when you use our online services, websites and applications (collectively, the "Services").

By creating an account or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please discontinue use of the Services.

This Privacy Policy and our Terms of Service form part of the agreement between you and Thrively. In the event of any inconsistency between them, this Privacy Policy will control with respect to personal information.

1. Thrively is both COPPA and FERPA compliant.

We comply with the Children's Online Privacy Protection Act (COPPA) and the Federal Educational Rights and Privacy Act (FERPA). We are required under the Children's Online Privacy Protection Act (COPPA), with limited exceptions, to obtain verifiable parental consent in order to collect, use or disclose personal information from children under the age of 13. We are required under Federal Educational Rights and Privacy Act (FERPA) to provide parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. When we provide services to schools or districts, we do so under written agreements that require compliance with FERPA and limit our use of student information to authorized educational purposes. Any use of "parent" in this Privacy Policy shall mean parent or legal guardian, unless in the context of FERPA in which case "parent" shall have the meaning defined in FERPA.

2. Information We Collect

We collect information from or about:

Children (Students): Information about students from schools and school districts under written Student Data Privacy Agreements, such as student ID, first name, last name, school, grade and class information. We also collect information students provide when creating an account or during assessments. This may include student's name, email address, assessment responses and progress data. Student accounts must be connected to a teacher or parent account. If a student is under 13 years of age, only a teacher or parent may instruct us to activate the student's account. Further, when we are informed that an account holder is under thirteen (13) years of age, we will only request a user's first name and last initial, and not other personally identifying information such as email address or mailing address. We may also collect certain information, as set forth in the below Section titled "INFORMATION FOR PARENTS OF CHILDREN UNDER 13 YEARS OF AGE."

Parents: Information about parents from schools and school districts under written Student Data Privacy Agreements. We also collect information parents provide when creating an account or purchasing Services. This may include parent's name, email address and payment information (processed securely by our authorized third-party payment processor, Stripe).

Schools or School Districts: Information about schools and school districts under written Student Data Privacy Agreements. We also collect information educators provide when creating an account or purchasing Services. This may include school's, school district's or educator's name, email address and payment information (wire or ACH, or payment information processed securely by our authorized third-party payment processor, Stripe).

We also collect limited technical information through analytics tools, such as:

  • Browser type and version
  • Device type and operating system
  • IP address and approximate location
  • Pages visited, time spent, and referring websites

This information helps us improve our Services and is not shared outside of Thrively.

3. How We Collect Information

We collect information in three main ways:

  • Directly from users: when a parent, student or educator creates an account, purchases or uses Services, or communicates with us.
  • From schools or school districts: pursuant to Student Data Privacy Agreements that restrict how we use the student information.
  • Automatically: through limited analytics tools to improve our Services.

We do not permit third parties to collect information for their own use. We do not acquire personal information about you from third parties, except from schools or school districts that provide student information to us pursuant to Student Data Privacy Agreements. We do not combine personal information about you with data from third party sources.

We may use trusted service providers (such as Google Analytics and Microsoft Clarity), solely to collect aggregated usage data on our behalf to maintain and improve our Services. These providers are contractually restricted from using such information for their own commercial purposes.

You can disable cookies through your browser settings, but some features of the Services may not function properly.

4. How We Use the Information

We use collected information to:

  • Provide you with Services and validate your user rights;
  • Process payments and manage accounts;
  • Contact and communicate with you;
  • Send parents educational content, account updates, and product information;
  • Improve and personalize our Services;
  • Filter information to ensure age appropriateness;
  • Comply with applicable legal obligations.

We do not track users' activities across different apps or websites for any purpose. We do not build profiles of users for commercial purposes such as marketing or advertising.

Analytics data is used only as necessary to operate and improve the Services, not to target or profile individual users.

We do not use personal information to deliver targeted or interest-based advertisements, whether on our Services or on third party websites or apps, and we do not allow others to do so on our behalf. However, we may use a parent's contact information to send direct communications about our own programs or services. Parents can opt out of these emails at any time.

We do not use, disclose or target student data for any advertising or marketing purpose.

5. Communications with Parents

Thrively may use parent email addresses to:

  • Send assessment results, reports or updates about a child's progress;
  • Provide information about account activity or purchases; and
  • Send promotional communications about our Services.

We do not use parent email addresses for advertising on social media or other third-party platforms.

Parents can opt out of non-essential emails at any time by clicking the "unsubscribe" link in any message or by contacting us at support@thrively.com

6. How We Share Information

We may share limited information only with:

  • Service providers that help us operate our Services (e.g. hosting, analytics, customer support, payment processing). These providers act on our behalf and are contractually bound not to use personal information for their own purposes.
  • Schools or school districts, in accordance with the governing Student Data Privacy Agreement.
  • Legal authorities, if required by law or to protect our rights and users' safety. If we receive a legal request (such as a subpoena, court order, or law enforcement demand) for user information, we will notify the affected user or institution before disclosing the data, unless prohibited by law or court order.

We may share or transfer personal information in connection with a merger, sale, financing, reorganization, or acquisition of all or part of our business. If such a transfer occurs, we will provide notice to affected users and require the successor organization to honor this Privacy Policy or maintain equivalent protections. Before any transfer, parents or users may request deletion of their personal information. We will honor such requests unless the information must be retained to continue providing services or comply with legal obligations.

We do not sell, rent, trade or share any personal information with third parties for monetary or other valuable consideration. We do not share Personal Information with third parties for their own marketing or promotional purposes.

We may hire social media companies such as Facebook or Instagram to display ads promoting our Services. These companies do not receive personal information from us for this purpose. Any data collected by those platforms while you interact with their services is governed by their own privacy policies.

7. INFORMATION FOR PARENTS OF CHILDREN UNDER 13 YEARS OF AGE

Under authorization from a school or school district under a Student Data Privacy Agreement, we collect certain information from children under 13 years of age, whose accounts are created upon their teacher or guardian instructing us to activate their access to our Services. The information that we collect in this way is:

  • First name and last initial;
  • Gender
  • Grade
  • Date of Birth (used only to screen for age appropriate assessments and content)
  • School
  • Account credentials (created by or at the request of a teacher or guardian; we strongly advise teachers and guardians never to provide any personal information in account credentials of a child); and
  • Content generated by a student, such as assessments and other student work ("Student Content").

The above information is principally used to support the internal operations of our Service, which may include, for instance, various activities necessary for the site or service to permit access or maintain or analyze its functioning; perform network communications; authenticate users or customize content and experiences; protect the security or integrity of the user, website, or online service; ensure legal or regulatory compliance; or fulfill a request of a child under 13.

We do not send marketing communications to children or students. We do not share information collected from children for direct marketing purposes.

We will retain information collected from a child only so long as reasonably necessary to ensure the security of our users and our Services, or as required by law. We will also retain information if requested by a parent or by a school for that school's educational purposes.

At any time, schools and parents can request that we delete any of the above information we have collected. Please keep in mind that a request to delete records may lead to termination of your child's account with us. To make a request, please contact us through the contact information listed in the "How to Contact Us or File a Complaint" section, below.

8. Payment Information

All payments are securely processed by Stripe, which complies with PCI-DSS security standards.Thrively does not store or have access to full credit card numbers or sensitive payment details.

9. Third Parties

Our Services may be integrated with and/or contain links to third party websites and content. Thrively does not control these third parties' privacy policies or how they use user information.

If you choose to use these separate products or services, disclose information to the providers, and/or grant them permission to collect information about you, then their use of your information is governed by their privacy policy. You should evaluate their practices before deciding to use their services.

You access linked websites or third party content at your own risk.

10. Security

Any information collected by Thrively is stored using standard security and encryption procedures and practices that we believe are appropriate to the nature of the information. However, no data transmission over the Internet or online storage can be guaranteed to be 100% secure and as a result, Thrively cannot guarantee the security of any information you transmit on or through our Services.

Access to personal information is role-based and limited to authorized personnel who require it to perform their job duties. Administrative tools allow schools or organizations to assign permissions that restrict access to data.

We offer optional two-factor authentication to help secure user accounts against unauthorized access.

Access to user information is limited to authorized employees who have signed confidentiality agreements. Physical facilities and systems are protected by access controls, surveillance, and secure authentication measures.

All personal information is encrypted in transit using industry-standard encryption protocols (e.g., TLS/SSL) and stored securely in accordance with best practices.

We conduct periodic data-privacy and security-compliance audits to evaluate and improve our data protection measures.

11. Data Retention and Accuracy

We retain personal information only as long as necessary to provide our Services or as required by law.

We take reasonable steps to ensure the personal information we collect is accurate, complete, and up to date, and we correct inaccuracies promptly upon verification.

12. Security Incidents and Breach Notification

If a data breach or unauthorized access occurs that compromises personal information, we will notify affected users, parents, or institutions without undue delay and in compliance with applicable law.

13. Foreign Countries

Our Services are provided from facilities based in the United States, and we store and process your information in the United States. If you use our Services from outside the United States, your personal information will be transferred to and maintained on servers or databases located outside your country. Your use of our Services constitutes your consent to and understanding of this processing.

14. Changes

We may update this Privacy Policy from time to time. If we make any material changes to how we collect, use, or share personal information from children or students, we will notify parents, guardians, or educational institutions in advance of those changes and, where required, obtain verifiable consent before the new practices take effect. If we make material changes affecting parent or other adult user information, we will provide reasonable advance notice (for example, by email notification) before the changes become effective.

Non-material updates (such as clarifications or administrative changes) will take effect upon posting, as indicated by the "Last Updated" date.

We encourage parents, guardians, and educational institutions to review this Privacy Policy periodically to stay informed about how we protect children's and students' information.

15. Copyright Complaints and Content Removal

If your content is removed or disabled in response to a copyright notice under the Digital Millennium Copyright Act (DMCA), we will notify you and provide information about how to submit a counter-notice, as permitted by law.

16. Parents' Rights

Parents may:

  • Request access to their or their child's information;
  • Request correction or deletion of personal information;
  • Withdraw consent for future data collection (subject to service limitations); and
  • Opt out of optional communications.

To exercise these rights, contact us at support@thrively.com

17. How to Contact Us or File a Complaint

If you have a concern or complaint about our privacy practices, please contact us at support@thrively.com.

You can also contact us by mail at 611 N Brand Blvd Suite 1300, Glendale, CA 91203.We will acknowledge receipt of your complaint and work to resolve it promptly. California residents may also contact the California Privacy Protection Agency if concerns remain unresolved.

You may authorize another individual (such as a parent, guardian, or school administrator) to manage your account or data by submitting a verified request to support@thrively.com.

18. California Privacy Rights (CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used;
  • Request deletion or correction of your personal information;
  • Opt out of certain uses of your information (though Thrively does not sell personal data).

Thrively will not discriminate against you for exercising these rights.