BabyBloom

Baby Bloom — Biometric Data Collection Notice

Version 1.0 | Last reviewed: 14 March 2026 | Next review: 14 March 2027 (or upon change of AI provider)

How We Verify Your Identity

Before you can be connected with families on Baby Bloom, we need to verify that you are who you say you are. This notice explains how we use your biometric data during the verification process.

Please read this notice carefully before consenting.

What Data We Collect

During the verification process, we collect:

  • Facial geometry: We extract measurements of your facial features from the selfie photograph you take during verification.
  • ID document data: We extract information from your uploaded passport or government-issued ID (name, photo, document number, expiry date).
  • WWCC card data: We extract information from your uploaded Working With Children Check card.

What We Compare

Your selfie photograph is compared against the photograph on your identity document using AI facial recognition technology. This confirms that the person creating the account is the same person shown on the ID document.

Overseas Processing and Your Risks

OpenAI (United States): Your biometric data (facial geometry and identity document images) is transmitted to and processed by OpenAI's servers located in the United States (specifically, AWS US-East region).

Data Agreement: Baby Bloom has executed a Data Processing Agreement with OpenAI that requires:

  • OpenAI to process your biometric data only as instructed by Baby Bloom.
  • OpenAI to implement security measures to protect your data.
  • OpenAI to not share your biometric data with third parties without Baby Bloom's consent.
  • OpenAI to delete your data upon Baby Bloom's instruction.

OpenAI's Privacy Policy: OpenAI has its own privacy policy available at https://openai.com/privacy. You should read it to understand how OpenAI handles data.

US Government Access: Because your biometric data is processed in the United States:

  • US law enforcement may access your data under court order or warrant.
  • US intelligence agencies may access your data under FISA (Foreign Intelligence Surveillance Act) Section 702, which allows bulk surveillance of non-US persons' international communications. Unlike Australian law, FISA does not require a warrant or showing of probable cause for foreign persons.
  • Baby Bloom has no ability to prevent or disclose such access to you — US law prohibits companies from disclosing FISA requests.
  • The US does not provide the same legal protections as Australian privacy law. Australian Privacy Principles do not apply to US government access.
  • You have limited recourse if your data is accessed by US authorities. You cannot sue the US government for damages, and you may never know if your data was accessed.

Your Choice: You must consent to overseas processing to use Baby Bloom. If you do not consent to your data being processed in the United States, you cannot create an account with Baby Bloom.

Data Retention at OpenAI: Your biometric data is retained by OpenAI for 7 days after Baby Bloom receives the verification result, then deleted from OpenAI's systems.

Potential Changes to AI Provider: If Baby Bloom changes the AI provider used for facial verification, Baby Bloom will:

  1. Notify all professionals via email of the change.
  2. Provide a new Biometric Data Collection Notice specific to the new provider.
  3. Require affirmative consent to the new provider before using their data.

Until you affirmatively consent to the new provider, your account will be suspended (you will not be able to accept new matches). If you do not consent within 30 days, Baby Bloom may close your account and refund any unused EdTech subscription fees on a pro-rata basis.

How AI and Human Review Work Together

AI Facial Matching: Baby Bloom uses OpenAI facial recognition (GPT-4o or similar) to compare your selfie against your ID photo. The AI produces a “match score” (0-100%, indicating confidence that the selfie matches the ID photo).

Flagging Threshold: Cases with a match score below 85% are flagged for human review. This threshold was chosen to ensure high confidence matches bypass manual review, while borderline cases receive human assessment.

Human Review: A Baby Bloom staff member reviews flagged cases manually. The human reviewer:

  • Compares your selfie and ID photo themselves.
  • Considers factors the AI may have missed (lighting, angle, facial hair, age, natural aging, makeup, etc.).
  • Makes the final VERIFICATION DECISION (approved or rejected).
  • Is not bound by the AI's match score; human judgment overrides AI.
  • If a case is approved despite AI match score below 85%, the human reviewer documents their reasoning.

No Automatic Bias: Baby Bloom does not use AI match score alone to reject applicants. If your case shows a lower match score due to age, gender, ethnicity, or other factors, it will receive manual human review before rejection.

Audit Trail: Baby Bloom records:

  • The date of your verification.
  • The AI match score and flagging decision.
  • Whether your case was manually reviewed.
  • The human reviewer's name (or ID) and decision.
  • The date and time of all decisions.
  • Any notes or reasons for rejection or approval.

Access to Your Records: You can request a copy of your verification audit trail (including the AI match score, flagging decision, and human reviewer's notes) at any time by contacting compliance@babybloomsydney.com.au. Baby Bloom will respond within 10 business days.

Appeal Process: If your verification is rejected, you can contact Baby Bloom within 14 days to request:

  • A detailed explanation of why you were rejected, including the AI match score and reviewer notes.
  • A manual review by a different staff member (senior to the original reviewer).
  • A copy of your AI match score and any notes made by reviewers.
  • Baby Bloom will provide a written response within 7 business days of receiving your appeal request.

System Performance: Baby Bloom's AI system achieves approximately 99.5% accuracy on facial matching. The system is reviewed regularly for bias and accuracy across different age groups, genders, and ethnicities. We publish a bias and accuracy report annually.

How Long We Keep Your Identity Verification Data

Your Biometric Data (Facial Geometry):

  • While your account is active: Retained permanently.
  • After account closure: Permanently deleted 90 days after closure.

Your Identity Documents (Passport, Driver's License, WWCC Card):

  • While your account is active: Retained permanently.
  • After account closure: Permanently deleted 90 days after closure.

Your Verification Result (What Baby Bloom Keeps Permanently):

Baby Bloom retains the following information permanently, even after account closure, in de-identified form (meaning it is not linked to your name or personal account):

  • Document type verified (e.g., “Australian Passport”)
  • Document number (last 4 digits only, no full number)
  • Verification outcome (approved/rejected, not name-linked)
  • Verification date
  • AI match score (but not linked to your identity)

Purpose of Permanent Retention: This information is retained for:

  1. Fraud prevention: To identify patterns of document reuse across multiple accounts, without identifying the individuals.
  2. Regulatory compliance: To maintain records in case of government childcare regulator inquiries about our verification procedures.
  3. System improvement: To measure AI system accuracy and bias across different demographics.
  4. Dispute resolution: To resolve disputes about whether a verification decision was made fairly (if needed, we can re-identify the record only with your explicit consent).

What “De-identified” Means: Your verification result is stored separately from your account and personal information. It cannot be used to identify you without additional information. However, if you request access to your results or appeal a verification decision, we can match the result back to your account for that purpose.

Deletion Request: You can request deletion of your verification result by contacting compliance@babybloomsydney.com.au.

  • If the result is still linked to your account, we will delete it upon request.
  • If the result has been de-identified and separated from your account, deletion may not be possible, but we will explain why and offer alternatives (such as requesting we do not use it for any purpose).
  • Deletion does not affect your ability to reapply for verification using new documents.

Relationship to Your Account: Your verification result is linked to your account. If your account is closed, the verification result remains linked to your account record, even though your biometric data and documents are deleted.

Sharing with Third Parties: Baby Bloom does not share verification results with third parties, except:

  • Government agencies (NSW DCJ, law enforcement) if required by law or court order.
  • Childcare regulators (if Baby Bloom is asked to verify your suitability).
  • Law enforcement, upon warrant or subpoena.

Your Rights and Consequences of Withdrawing Biometric Consent

You have the right to:

  • Access: Request access to the biometric data we hold about you at any time.
  • Deletion: Request deletion of your biometric data. Please note that if your biometric data is deleted, you may need to complete the verification process again to continue using the Platform.
  • Withdraw consent: You may withdraw your consent for biometric data processing at any time.

However, withdrawing consent means:

  1. Your account will be immediately suspended. You will not be able to:
    • Create new matches with families.
    • Accept babysitting jobs.
    • Access the EdTech tools.
    • View or communicate with existing clients.
  2. Active care arrangements are NOT affected. If you are already working for a family, withdrawal of biometric consent does not terminate your care arrangement with that family. Baby Bloom does not manage or control active care arrangements — those are separate contracts between you and the family.
  3. Your account can be reactivated. If you withdraw consent and later change your mind, you can request reactivation. Baby Bloom will re-verify your identity and you must re-consent to biometric processing before your account is reactivated.
  4. Data deletion upon withdrawal. If you withdraw consent, your biometric data is deleted immediately. Your verification results remain in de-identified form.
  5. Timeline: Withdrawal takes effect immediately upon request. Any pending verification requests are cancelled.

To exercise any of these rights, contact:

Baby Bloom will respond within 30 days.

What If Your Verification Is Rejected?

If Baby Bloom notifies you that your verification has been rejected, you have the right to:

  1. Request a detailed explanation within 7 days. Baby Bloom will provide:
    • The reason for rejection (e.g., “facial geometry did not match ID photo,” “document was not authentic,” “verification flagged as suspicious”).
    • The AI match score (if applicable).
    • Notes made by any human reviewers.
  2. Request re-verification at any time:
    • You can submit a new selfie and/or new identity documents.
    • Re-verification is free (no additional charge).
    • Re-verification uses the same process as your original verification.
    • Re-verification can be requested up to 3 times. After 3 rejections, contact Baby Bloom support to discuss further options.
  3. Request manual escalation if you believe the rejection was unfair:
    • Contact compliance@babybloomsydney.com.au with the subject “Verification Appeal.”
    • A senior Baby Bloom staff member (not the original reviewer) will review your case.
    • This escalation should take no more than 7 business days.
    • You can submit additional documents or evidence supporting your appeal.
  4. Lodge a complaint if you are not satisfied with the appeal outcome:
    • Contact the OAIC at www.oaic.gov.au (if you believe your privacy has been breached).
    • Contact ACCC (if you believe you have been treated unfairly or misled).

Security of Your Biometric Data

In Transit: Your biometric data (selfie and ID photos) are encrypted using TLS 1.2+ when transmitted to OpenAI's servers.

At Rest: Your biometric data is encrypted in Baby Bloom's and OpenAI's databases using AES-256 encryption.

Access Controls: Only authorised Baby Bloom staff with a specific business need (e.g., fraud investigation, verification review) can access your biometric data. Access is logged and audited.

Incident Response: If Baby Bloom discovers a security breach involving biometric data, Baby Bloom will:

  1. Notify affected professionals within 30 days.
  2. Provide free credit monitoring or identity theft protection services.
  3. Cooperate with law enforcement and the OAIC.

Legal Basis for Biometric Verification

Baby Bloom requires biometric verification because NSW childcare regulations and the Working With Children Check scheme require identity verification for anyone providing childcare services to children they do not know.

Biometric verification (facial recognition) is Baby Bloom's chosen method of ensuring that the person providing childcare is the same person who has been cleared by NSW authorities.

This is not optional — if you do not consent to biometric verification, you cannot be connected with families through Baby Bloom for childcare services.

Liveness Detection and Spoofing Prevention

When you submit your selfie, Baby Bloom uses “liveness detection” to confirm that the selfie is of a real, live person (not a printed photo, video, or mask).

Your selfie must be taken in real-time using your device's camera during the verification process. You cannot use a stored photo from your phone.

Liveness detection checks for:

  • Eye movement and blinking.
  • Facial expressions.
  • Head movement (you may be asked to turn your head or move your lips).

If liveness detection fails (e.g., if you try to use a printed photo), the verification will be rejected and you will be asked to re-submit a new selfie.

What Is Facial Geometry?

“Facial geometry” is a mathematical representation of your face — specifically, the measurements and positions of key facial features such as:

  • Distance between your eyes.
  • Shape and size of your nose.
  • Shape of your jawline.
  • Distance from your chin to your forehead.

Facial geometry is NOT a photograph. It is a set of numbers and measurements. This is important because:

  • The AI cannot use facial geometry to create a new photo of your face.
  • Facial geometry is smaller and faster to process than a full photograph.
  • Facial geometry is more resistant to changes in lighting or angle.

Your Explicit Consent (Required to Use This Platform)

IMPORTANT: Before you can use Baby Bloom's connection and matching features, you must explicitly consent to biometric data processing. This is mandatory — you cannot use the platform without this consent.

Please read and confirm your understanding of each statement below. You will need to check each checkbox in the UI before you can proceed.

What Biometric Data Means:

I understand that “biometric data” includes:

  • Facial geometry: mathematical measurements of my face (distance between eyes, nose shape, jawline, etc.)
  • Liveness detection: a check that my selfie is of a real, live person (not a photo or video)
  • These are extracted from a selfie photo that I take in real-time during verification

What Baby Bloom Does With Your Biometric Data:

I understand that Baby Bloom will:

  • Compare my facial geometry against the photo on my identity document using artificial intelligence to verify that I am the same person
  • Send my biometric data and identity documents to OpenAI (a US company) for processing
  • Retain my biometric data until 90 days after I close my account, then permanently delete it
  • Retain my verification result (pass/fail, date, AI match score, document type) permanently in de-identified form

Overseas Processing and Risks:

I understand that my biometric data will be processed by OpenAI, a company located in the United States. This means:

  • My data will be transferred outside Australia and stored on US servers
  • US law enforcement may access my data under court order or US national security laws
  • The US does not provide the same legal protections as Australian privacy law
  • I have limited recourse if my data is accessed by US authorities
  • Baby Bloom has limited ability to prevent or disclose such access

How AI and Human Review Work:

I understand that:

  • An AI system will produce a “match score” (0-100%) comparing my selfie to my ID photo
  • Cases with a match score below 85% are flagged for manual review by a Baby Bloom staff member
  • A human reviewer will make the final verification decision and is not bound by the AI's score
  • If I am rejected, I can request a detailed explanation and manual review by a different staff member within 14 days
  • Baby Bloom maintains records of the AI match score and human reviewer's decision

Data Retention and Your Rights:

I understand that:

  • My facial biometric data will be deleted 90 days after I close my account
  • The verification result will be retained permanently in de-identified form for fraud prevention and regulatory purposes
  • I can request access to my biometric data and the AI match score at any time
  • I can request deletion of my verification results (Baby Bloom may refuse if required by law)
  • If I withdraw consent, I cannot use Baby Bloom's connection features, but my active care arrangements are not affected

No Cooling-Off Period for Biometric Processing:

I understand that:

  • Biometric processing is mandatory to use Baby Bloom
  • I cannot partially consent (e.g., I cannot consent to identity verification without consenting to AI processing)
  • If I withdraw consent, I must re-consent and re-verify to use the platform again

Final Explicit Consent:

By checking the final consent box in the UI, I confirm that:

I have read and fully understand this entire Biometric Data Collection Notice. I voluntarily consent to Baby Bloom collecting my facial biometric data, facial geometry, and identity documents, and processing them via OpenAI for the sole purpose of verifying my identity. I understand that:

  • This consent is mandatory for platform access.
  • This consent is separate from my agreement to Baby Bloom's Terms of Service and Privacy Policy.
  • I can withdraw this consent at any time by contacting compliance@babybloomsydney.com.au, but withdrawal means I cannot use Baby Bloom's connection features.
  • I have the right to access my biometric data and AI match score.
  • OAIC contact details are provided at the end of this notice if I have privacy concerns.

Complaints About Your Privacy Rights

If you believe Baby Bloom has breached your privacy rights under the Privacy Act 1988, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

The OAIC can investigate complaints about:

  • Breaches of Australian Privacy Principles (APPs).
  • Mishandling of sensitive information (biometric data).
  • Denial of access to personal information.
  • Failure to respond to privacy complaints.

Baby Bloom, Sydney
ABN: 17 463 812 867
Compliance: compliance@babybloomsydney.com.au
Website: https://babybloomsydney.com.au

This document should be reviewed by a qualified legal professional before publication.

AboutPrivacyTerms