Privacy Policy | Baby Bloom

1. About Baby Bloom

This Privacy Policy describes how Baby Bloom, Sydney (“Baby Bloom”, “we”, “us”, “our”), ABN 17 463 812 867, collects, uses, discloses, and protects your personal information when you use the Baby Bloom platform (“Platform”).

Baby Bloom is a digital facilitator and educational technology platform operating exclusively in New South Wales, Australia. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you have any questions about this Privacy Policy, contact us at contact@babybloomsydney.com.au.

2. What Personal Information We Collect

We collect the following categories of personal information:

Identity data: Your name, email address, phone number, residential address, date of birth, and suburb or postcode.

Children's data: Your children's names, ages, developmental milestones, special needs, allergies, medical conditions, and dietary requirements. This data is collected via registration forms and through the EdTech SaaS tools.

Verification data: Passport or government-issued ID scans, Working With Children Check (WWCC) card images, and selfie photographs. This data is collected from Childcare Professionals during the identity verification process.

Biometric data: Facial geometry extracted from selfie photographs for the purpose of identity matching against uploaded ID documents. This is classified as “sensitive information” under the Privacy Act 1988. See Section 5 for details.

Profile data: AI-generated professional bios, listed qualifications, experience, and uploaded profile photographs (Childcare Professionals only).

Usage data: Platform activity, booking history, match history, and connection records.

Communication data: Messages sent through the Platform, form submissions, and incident reports.

Facebook screenshots: Screenshots uploaded by Childcare Professionals for babysitting feature verification. See Section 10 for retention details.

Cookie data: Information collected through essential, analytics, and marketing cookies. See Section 15 and our Cookie Policy for details.

3. How We Collect Personal Information

We collect personal information:

Directly from you: When you create an account, complete registration forms, build a profile, upload documents for verification, submit forms, send messages, or contact our support team.

Generated by AI: When our AI tools generate professional bios, developmental insights, activity suggestions, or assist in identity verification decisions.

From third-party databases: When we verify your Working With Children Check against the relevant NSW government database, or verify your identity through the Document Verification Service (DVS).

Automatically: Through cookies and analytics tools when you browse our website. See Section 15 and our Cookie Policy.

4. Why We Collect Personal Information

We collect and use each category of personal information for specific, legitimate purposes:

Identity data: To create and manage your account, verify your identity, facilitate connections, send legal documents, and communicate with you about the Platform.

Children's data: Solely for the purpose of providing the EdTech SaaS developmental tools (activity suggestions, milestone logging, developmental insights). Children's data is never used for marketing purposes.

Verification data: To verify the identity and WWCC status of Childcare Professionals, and to maintain audit trails of verification decisions.

Biometric data: To confirm that the person creating a Professional account is the same person shown on their identity document. See Section 5.

Profile data: To display Professional profiles to Clients for the purpose of facilitating matchmaking and babysitting connections.

Usage data: To operate and improve the Platform, and to notify you of material changes to your status.

Communication data: To facilitate communication between users, process incident reports, and provide support.

We only use your personal information for the purpose for which it was collected, or a directly related purpose, in accordance with APP 6.

5. Sensitive Information

The Privacy Act 1988 classifies biometric information as “sensitive information” under section 6(1). Australian Privacy Principle 3.3 requires that sensitive information can only be collected with the individual's informed, specific consent.

Biometric data: During the Childcare Professional verification process, we extract facial geometry from a selfie photograph and compare it to an uploaded identity document using AI facial recognition. Consent for this processing is obtained through a standalone Biometric Data Collection Notice, which is presented separately from and in addition to general Terms of Service acceptance.

The Biometric Data Collection Notice explains:

What biometric data are we collecting? (selfie photograph and facial geometry)
Why? (to confirm identity document ownership)
Who processes this data? (OpenAI GPT-4o, processing location: United States)
How long is it retained? (for the life of your active account; deleted 90 days after account closure)
What are your rights? (right to request deletion; right to refuse biometric processing and use alternative verification methods)
Explicit consent checkbox: You must tick the consent box to proceed with biometric verification.

Your right to refuse biometric data: You may refuse to provide biometric data, which will prevent you from registering as a Professional via facial recognition, but you can still register as a Client or use alternative Professional verification methods.

Children's health and medical data: Information about children's medical conditions, allergies, special needs, and dietary requirements is also sensitive. This data is collected only with the Legal Guardian's explicit, specific consent obtained through a standalone Children's Sensitive Information Consent Form presented at the time of Hire confirmation (not embedded in general Terms).

The Consent Form explains:

What sensitive information is being collected? (medical conditions, allergies, dietary requirements, special needs, medications, emergency procedures)
Why? (to ensure your child receives safe, appropriate care)
Who processes this data? (Baby Bloom staff and the matched Childcare Professional)
How long will it be kept? (during the care arrangement plus 90 days after arrangement ends or account closes)
What are your rights? (right to access, correct, or delete; right to consent to specific categories only)
Explicit consent checkboxes: You must tick to consent to each category of sensitive information you wish to disclose.

Parents consent to specific categories of information, not all-or-nothing.

6. Children's Data Minimisation

In accordance with APP 3, we collect and share only the minimum personal information necessary for each purpose.

When a Client posts a babysitting request, the broadcast sent to potential Childcare Professionals includes only the number of children and their age ranges. Detailed information about special needs, medical conditions, allergies, and dietary requirements is shared only with the Childcare Professional who is matched and approved for the specific booking.

7. AI Data Processing

7.1 EdTech AI

Baby Bloom uses third-party AI providers (including but not limited to Google Gemini and Anthropic Claude) to power the EdTech SaaS tools. These tools process children's developmental milestones and activity history to generate activity suggestions, lesson plans, and developmental insights.

Baby Bloom retains only the right to use genuinely anonymised, aggregated data to improve its AI models. “Anonymised” means that no individual child can be re-identified from the data used, in accordance with the Office of the Australian Information Commissioner's (OAIC) guidance on de-identification.

7.2 Verification AI

Baby Bloom uses a third-party AI provider (currently OpenAI GPT-4o) to assist in identity verification, including passport and ID document reading, selfie-to-ID facial matching, and WWCC card image extraction.

AI-assisted verification is one layer of a multi-step process. AI is not the sole decision-maker. Cases flagged by the AI undergo human review by authorised Baby Bloom staff. Baby Bloom maintains audit trails of all AI-assisted verification decisions, recording the date, outcome, and basis for each decision.

8. Disclosure of Personal Information

We may disclose your personal information to:

The other party in a Connection: Upon a Connection being made (and with your explicit, per-connection consent), contact information is shared as follows:

Matchmaking Connections:

Professional's phone number is shared with the Client immediately after the Professional has consented through the Connection Agreement
Client's phone number is NOT shared with the Professional; the Professional initiates contact using the phone number provided by the Client
No address information is shared

Babysitting Connections:

Professional's phone number is shared with the Client upon booking confirmation
Client's home address is shared with the Professional immediately after the Client has consented through the Connection Agreement
Professional's address is NOT shared with the Client
Only children's ages are shared during the babysitting request broadcast; detailed information (medical conditions, allergies, special needs) is shared only after the Professional is matched and has consented

Timing: All data sharing occurs immediately after the respective party has provided explicit consent through the applicable Connection Agreement. Both parties receive notification of the data that has been shared.

Third-party data processors: We share personal data with service providers who process data on our behalf. See Section 9.

Government bodies: We may disclose information to the NSW WWCC registry, the Document Verification Service, the NSW Department of Communities and Justice (for mandatory reporting), the eSafety Commissioner, or law enforcement agencies where required or authorised by law.

Authorised Baby Bloom staff: Your personal information may be accessed by authorised Baby Bloom staff for the purposes of platform operations, verification review, support, and incident management. Staff access is subject to internal access controls and all sensitive actions are logged.

9. Third-Party Data Processors

We share personal data with the following third-party processors under signed Data Processing Agreements in accordance with APP 8:

Supabase (Supabase Inc.)

Function: Database and file storage
Data shared: all user data including identity documents, biometric data, and children's data
Processing location: Tokyo, Japan (AWS ap-northeast-1)
APP 8 Compliance Basis: Under Australian Privacy Principle (APP) 8, overseas disclosure of personal information is permitted if Baby Bloom takes reasonable steps to ensure the overseas recipient complies with the APPs. Important: Japan has not been prescribed as an adequate country under APP 8.3. Baby Bloom relies on APP 8.1 “reasonable steps” which include: (a) Executed Data Processing Agreement, (b) Due diligence assessment of Supabase's privacy and security practices, (c) Contractual commitments to APP compliance, and (d) Audit rights to verify compliance.
Data Residency Risk: Your personal information is processed in Japan under Japanese law. While Baby Bloom has taken steps to protect your data, Japanese privacy laws may differ from Australian law. You should be aware that data processed overseas may be subject to different legal frameworks and government access requests.
DPA Status: Pending execution via PandaDoc — must be completed before launch
DPA link: https://supabase.com/legal/dpa

OpenAI (OpenAI, L.L.C.)

Function: AI processing for verification pipeline and EdTech features
Data shared: verification images (passport, ID, selfie, WWCC card), children's developmental data, profile text for bio generation
Processing location: United States
Data Retention: OpenAI retains API request data for 30 days and may use de-identified data to improve models. Training data is not used unless you explicitly opt in. See OpenAI's privacy policy at https://openai.com/privacy
US Government Access Risk: Data processed in the United States may be subject to US laws allowing government access (e.g., under the Electronic Communications Privacy Act). Baby Bloom has obtained OpenAI's EU Data Processing Addendum which provides data protection assurances.
DPA Status: Pending execution — must be completed before launch
DPA link: https://openai.com/policies/data-processing-addendum

Anthropic (Anthropic, PBC)

Function: AI processing for verification pipeline and EdTech features
Data shared: verification images, children's developmental data, profile text for bio generation
Processing location: United States
Data Retention: Anthropic does not retain training copies of API requests. See Anthropic's privacy policy at https://www.anthropic.com/privacy
DPA Status: Automatically incorporated into Anthropic's Commercial Terms of Service upon API usage
DPA link: https://www.anthropic.com/terms

Resend (Plus Five Five, Inc.)

Function: Email delivery
Data shared: email addresses and email content (including Hire PDFs as attachments)
Processing location: United States
DPA Status: Pending execution via dashboard — must be completed before launch
DPA link: https://resend.com/legal/dpa

Stripe (Stripe Payments Australia Pty Ltd)

Function: Payment processing (SaaS subscription billing, refunds, chargebacks)
Data shared: cardholder name, card number (tokenised — Baby Bloom never stores raw card numbers), billing address, email address, transaction amounts, transaction history, IP address, device fingerprint (for fraud detection)
Processing location: Australia (primary, via Stripe's Australian entity) and United States (Stripe Inc., for fraud detection, analytics, and backup processing)
PCI DSS Compliance: Stripe is a certified PCI DSS Level 1 Service Provider — the highest level of payment security certification. Baby Bloom does not store, process, or transmit raw card numbers; all card data is tokenised by Stripe before reaching Baby Bloom's systems.
Data Baby Bloom receives from Stripe: Baby Bloom receives only: (a) a payment token (not the full card number), (b) last four digits of the card, (c) card brand (Visa, Mastercard, etc.), (d) transaction status (success/failure), (e) transaction amount, and (f) billing postcode. Baby Bloom does NOT receive or store your full card number, CVV, or expiry date.
APP 8 Compliance Basis: Stripe Payments Australia Pty Ltd processes Australian payments within Australia. For fraud detection and backup processing routed through Stripe Inc. (United States), Baby Bloom relies on APP 8.1 “reasonable steps” including the executed DPA, Stripe's Binding Corporate Rules, and PCI DSS Level 1 certification.
DPA Status: Pending execution — must be completed before launch
DPA link: https://stripe.com/au/legal/dpa

International Data Transfers and APP 8 Compliance:

Your personal information may be processed overseas by the providers listed above. In accordance with APP 8, we take reasonable steps to ensure that overseas recipients handle your personal information in compliance with the Australian Privacy Principles. These steps include:

Executed Data Processing Agreements with each overseas processor
Due diligence assessment of each processor's privacy and security practices
Contractual commitments to APP compliance as a condition of data sharing
Audit rights to verify processor compliance

Risks of International Data Transfer:

You should be aware that data processed overseas may be subject to different privacy laws and potentially government access requests. We mitigate these risks through the measures listed above, but you accept the residual risk of overseas processing by using the Platform.

10. Data Retention

We retain personal information for the following periods:

Identity documents (passport scans, WWCC card images, selfie photographs): Retained for the life of your active account. Deleted 90 days after account closure.

Children's data (developmental logs, medical information, special needs): Retained for the life of your active account. Deleted 90 days after account closure.

Biometric data (facial geometry):

Extracted facial geometry is retained on Baby Bloom's secure systems for the life of your active account
The original selfie photograph is deleted immediately after facial geometry is extracted and verified (typically within 24 hours)
Both facial geometry and the original photograph are deleted 90 days after account closure
Facial geometry is stored in a separate, encrypted database with restricted access
You may request deletion of biometric data at any time by contacting contact@babybloomsydney.com.au, except where retention is required by law

Form snapshots (connection forms, job posts): Retained for the life of your active account. Deleted 90 days after account closure.

Facebook verification screenshots:

Screenshots are retained only while verification is in progress (typically 1-2 business days)
Baby Bloom does not retain copies after verification is confirmed; screenshots are automatically deleted
Professionals uploading screenshots must redact other users' identifying information before uploading (see Professional ToS Section 9.2)
If a screenshot contains unredacted data of other Facebook users, Baby Bloom will request that the Professional re-submit a redacted version or use alternative verification method (e.g., referral code), and the unredacted screenshot will be deleted within 24 hours
Baby Bloom does not use screenshots for any purpose other than verification and does not analyze or store data from other Facebook users who are not Baby Bloom users

Verification audit trail (pass/fail result, date of verification, document type verified): Retained permanently in de-identified form. De-identified means that no personally identifiable information (names, dates of birth, document numbers) is retained — only the verification outcome and date. This data is used to track verification quality and may be disclosed to the OAIC for regulatory oversight.

Payment data:

Baby Bloom does not store your full card number, CVV, or expiry date. These are held exclusively by Stripe and never touch Baby Bloom's servers.
Baby Bloom retains: payment token, last four digits of card, card brand, transaction amounts, transaction dates, billing postcode, and refund/chargeback records.
Transaction records are retained for 7 years after the transaction date, as required by the Tax Administration Act 1953 (Cth) and the Income Tax Assessment Act 1997 (Cth) for financial record-keeping.
If you close your account, payment records are retained for the remainder of the 7-year period (not deleted at 90 days like other data categories).
You may request a copy of your payment history at any time by contacting compliance@babybloomsydney.com.au.

Cookie data: Retained per the expiry period of each cookie. See our Cookie Policy.

Why a 90-Day Grace Period?

The 90-day post-closure grace period exists to:

Allow time for dispute resolution (e.g., if there is a disagreement about payment or service)
Comply with record-keeping requirements under tax and employment law
Respond to regulatory requests (e.g., if a complaint is lodged with NSW Fair Trading, the Fair Work Commission, or the OAIC)

After 90 days, all personal information is permanently deleted, except for:

De-identified verification audit trails (date, outcome, document type) retained permanently
Data required by law to be retained (e.g., tax records for 5 years, if applicable)

Request for Expedited Deletion:

If you wish to request deletion of your data before the 90-day period ends, contact contact@babybloomsydney.com.au. We will review your request and may grant expedited deletion if there is no legal reason to retain the data.

11. Data Security

In accordance with APP 11, we take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include:

Encryption of data at rest and in transit;
Role-based access controls for Baby Bloom staff;
Logging of all sensitive admin actions with timestamps and the identity of the staff member;
Appropriate screening of staff members who have access to children's data and identity documents; and
Regular review of security measures.

12. Access, Correction & Deletion

In accordance with APPs 12 and 13, you have the right to:

Access: Request access to the personal information we hold about you.

Correction: Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

Deletion: Request deletion of your personal information, subject to our retention obligations and any applicable legal requirements.

Data export: Before closing your account, you may request an export of your data (including children's developmental logs and activity history).

To make a request, contact us at contact@babybloomsydney.com.au.

Access requests: We will provide access to your personal information within 10 business days. If we are unable to provide access within this timeframe, we will notify you and provide an expected completion date.

Correction requests: If you request correction and we refuse, we will provide written reasons. You may request that a statement of the refusal be attached to the record.

Deletion requests: We will review your deletion request and respond within 10 business days. We may refuse deletion if the data is required by law to be retained.

13. Notifiable Data Breaches

Baby Bloom complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988. A data breach is “notifiable” if it is likely to result in serious harm (e.g., identity theft, financial loss, psychological harm, compromise of sensitive information).

If we become aware of a notifiable data breach, we will:

Assess whether the breach is likely to result in serious harm
Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days
Provide information about the breach, the data affected, and steps individuals should take to protect themselves
Document the breach and our response for audit purposes

We also maintain a Data Breach Response Plan, available upon request, which details our procedures for detecting, investigating, and responding to data breaches.

14. Consumer Data Right

Baby Bloom does not currently collect or process financial data that triggers obligations under the Consumer Data Right (CDR) framework. If we introduce payment processing, payroll, or other financial data features in the future, CDR compliance will be assessed and implemented before those features are launched.

15. Cookies

Our website uses cookies and similar tracking technologies. For full details of the cookies we use, how to manage your preferences, and how to decline non-essential cookies, please see our Cookie Policy.

In summary, we use:

Essential cookies for session management and security;
Analytics cookies (such as Google Analytics) to understand how visitors use our website; and
Marketing cookies (such as Meta Pixel) to support our community outreach.

16. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us at compliance@babybloomsydney.com.au. Please include:

A detailed description of the issue
The date(s) the issue occurred
Any supporting documents

Our Response:

We will acknowledge receipt of your complaint within 5 business days and provide you with a reference number
We will investigate the complaint and provide a substantive response within 30 days, or sooner if possible
If investigation requires more than 30 days, we will provide you with an interim update explaining the delay and expected resolution date
Our response will include the outcome of the investigation and any corrective action taken

External Complaint:

If you are not satisfied with our response within 30 days, or if we do not respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

17. Automated Decision-Making

Baby Bloom uses artificial intelligence and algorithms in ways that may result in automated decisions affecting you. You have rights under the Privacy Act in relation to these decisions.

17.1 AI-Assisted Verification: Baby Bloom uses artificial intelligence (OpenAI GPT-4o) to assist in verifying Professional identity and WWCC status. AI makes a preliminary decision, but all decisions affecting access to the Platform are subject to human review by authorized Baby Bloom staff before being finalized. You have the right to request explanation of any negative verification decision.

17.2 Algorithmic Matching: The Platform uses an algorithm to match Professionals with Client requests based on availability, location, preferences, and other factors. This is an automated decision that determines which Professionals are shown to Clients. You may request explanation of why you were or were not matched to a particular request.

17.3 EdTech Insights: The EdTech tools use AI to analyze your children's developmental milestones and generate personalized activity suggestions and developmental insights. These are automated recommendations, not diagnoses, and should not be relied upon as professional medical or developmental advice.

17.4 Right to Explanation: If you believe an automated decision has been made about you (e.g., matching algorithm, verification decision, content recommendation), you may request explanation by emailing contact@babybloomsydney.com.au. We will provide explanation within 10 business days.

17.5 Right to Human Review: You may request that a human review any automated decision and make a final determination. Human review is not a challenge to the automated decision but a right to have a qualified staff member consider your case.

17.6 Right to Opt-Out: If you do not wish to participate in algorithmic matching, you may request manual matching, which is subject to availability.

18. Organizational Reportable Conduct Obligations

Baby Bloom acknowledges that under the Children's Guardian Act 2019 (NSW), organizations providing services to children must have systems to identify and respond to reportable conduct (conduct that could constitute a criminal offense, abuse, ill-treatment, psychological harm, grooming, or sexual misconduct involving children).

Baby Bloom's Head of Entity is required to:

Establish systems to identify and manage reportable conduct
Notify the Office of Children's Guardian within 7 business days of becoming aware of an allegation of reportable conduct
Cooperate with any investigation by the Office of Children's Guardian
Implement preventive measures and training

If you report to Baby Bloom a concern that a Childcare Professional may have engaged in reportable conduct (e.g., inappropriate touching, grooming, abuse), Baby Bloom will assess the allegation and notify the Office of Children's Guardian as required by law. This is a separate legal obligation from your personal mandatory reporting obligation (s.27) and does not replace your requirement to report directly to the Child Protection Helpline on 132 111.

19. Children's Online Privacy Code Readiness

Baby Bloom acknowledges that the Office of the Australian Information Commissioner (OAIC) is developing a Children's Online Privacy Code (expected implementation: 10 December 2026). This Code will impose specific requirements on organizations collecting children's data online.

We are currently assessing our compliance with the draft Code and will update this Privacy Policy as the Code is finalized. We are preparing to implement requirements including:

Simplified privacy notices for children
Default-to-private settings for children's data
Restrictions on use of children's data for profiling and algorithmic decision-making
Enhanced consent mechanisms for sensitive children's data
Regular review of algorithmic recommendations
Transparency about data sharing with third parties

Baby Bloom will provide an update to this Privacy Policy once the Code is finalized (expected April 2027). Parents and professionals will be notified of material changes to our children's data handling practices.

20. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or in-platform notification at least 14 days before the changes take effect.

The “Last updated” date at the top of this policy indicates when it was most recently revised.

21. Privacy Officer Contact

If you have questions about this Privacy Policy, requests for access or correction, or complaints about our privacy practices, please contact:

Privacy Officer
Baby Bloom, Sydney
ABN: 17 463 812 867
Address: 19 St Neot Avenue, Sydney NSW 2011

Contact Channels:

General Privacy Inquiries: contact@babybloomsydney.com.au
Data Access/Correction Requests: compliance@babybloomsydney.com.au
Privacy Complaints: compliance@babybloomsydney.com.au
Website: https://babybloomsydney.com.au/legal

We are committed to protecting your privacy and will respond to all inquiries within 10 business days.

This document should be reviewed by a qualified legal professional before publication.