How we protect your child's data — and what we're compliant with.
VoiceBloom is built for families and children. Your data is encrypted, never sold, and protected by industry-leading standards.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Our infrastructure providers Supabase and Vercel hold SOC 2 Type II certifications.
VoiceBloom Therapy and School/Clinic plans are HIPAA-compliant. We sign Business Associate Agreements (BAA) with all clinical subscribers. Contact hipaa@voicebloom.app to request your BAA.
VoiceBloom complies with GDPR for European users and CCPA for California users. You have the right to access, correct, and delete your data at any time. Email privacy@voicebloom.app to exercise your rights.
VoiceBloom is designed for use by adults (parents, therapists, teachers) on behalf of children. We comply with COPPA and do not knowingly collect personal data directly from children under 13.
VoiceBloom relies on the following trusted third-party providers:
| Provider | Purpose | Certifications |
|---|---|---|
| Supabase | Database and authentication | SOC 2 Type II |
| Vercel | Hosting and edge delivery | SOC 2 Type II |
| Stripe | Payment processing | PCI DSS Level 1 |
| Anthropic | AI processing (Claude) | Data not used for training |
| Resend | Email delivery | — |