Privacy & Trust
Student privacy isn't a feature. It's a foundation.
Blini is built for schools. That means student data protection is baked into every design decision: in eBlini (the browser-based practice tool) and in the Blini physical device. It's not added as an afterthought. Here's exactly how we handle data, and what protections are in place.
Our core commitments
No personal data stored during practice
Whether a student uses eBlini in a browser or the Blini physical device, audio is analyzed in real time and immediately discarded. No recording is ever made. The only data we keep is MIDI performance data and practice insights, nothing that could identify a student without an activated account.
Data transfers only to the device owner
When a student syncs their Blini device, data can only be transferred to the account of that device's registered owner. There is no way for a student to accidentally (or intentionally) access or transfer a peer's practice data.
Data is used only to serve students and teachers
Practice data collected by Blini is used exclusively to generate student insights and teacher analytics within the Blini platform. No secondary use. No behavioral profiling. No third-party analytics.
We never sell student data
Student data is never sold, shared with advertisers, or used for commercial purposes unrelated to the Blini service. Full stop.
How eBlini handles audio in the browser
eBlini is the browser-based version of Blini. No app download, no device required. A student opens a URL, grants microphone access for that session, and plays their instrument. Here's exactly what happens to the audio:
Microphone access is session-scoped
The browser requests microphone permission for that page only. Closing the tab ends access. We never retain persistent microphone access.
Audio is processed locally using the Web Audio API
All pitch detection, timing analysis, and note recognition happens directly in the student's browser using the Web Audio API. No raw audio leaves the device.
Only performance metadata is transmitted
We transmit only the derived performance data: notes detected, timing, duration, pitch accuracy scores. No audio stream is ever sent to our servers.
Anonymous by default
Without guardian activation, sessions are attributed to a card number only. We have no way to identify who played the session.
COPPA and FERPA : our directional stance
Note: Blini is currently in pilot phase. The following reflects our design intent and operational approach. We will publish formal compliance documentation prior to broad commercial launch.
COPPA (Children's Online Privacy Protection Act)
Blini is designed for use in a school context, where the school (acting as an agent for parents) provides consent for student participation. We do not collect personal information directly from students under 13 without verifiable parental consent or school authorization under the school-consent exception.
At the anonymous tier, eBlini collects no personal information from students whatsoever — only session performance data linked to a card number. When a guardian activates their child's QR card, we collect the guardian's email address (to verify identity) and the student's name (to display in the teacher dashboard). This activation is initiated by the parent, not the student, and is accompanied by explicit consent.
We collect only the data necessary to provide the practice tracking service: practice session metadata, pitch/tone analytics, and account information managed by the teacher or guardian. We do not collect contact information from students directly.
FERPA (Family Educational Rights and Privacy Act)
We treat the practice data collected through Blini as education records under FERPA. We operate as a "school official" with a "legitimate educational interest", meaning we have access to student data only to the extent necessary to provide the service.
Student records are accessible to teachers and school administrators within their own institution. We do not share records across institutions. Schools retain ownership and control of their students' data.
Security posture
TLS 1.3 in transit
All communication between devices, apps, and servers is encrypted with TLS 1.3.
AES-256 at rest
Stored data, including practice records and account information, is encrypted at rest.
Minimal data collection
We collect only what's needed for the service. No behavioral tracking, no ad tech.
Role-based access
Teachers see only their own students. Students see only their own data. Access is strictly scoped.
No third-party data sharing
We do not share student data with third parties except as required to operate the service (e.g., cloud hosting).
Regular security reviews
We conduct security reviews and will engage third-party penetration testing prior to public launch.