Privacy & Trust
Student privacy isn't a feature. It's a foundation.
Blini is built for schools. That means student data protection is baked into every design decision, not added as an afterthought. Here's exactly how we handle data, and what protections are in place.
Our core commitments
No personal data on the device
Blini devices store zero Personally Identifiable Information. Audio is analyzed in real time and never recorded or stored. The only data on a Blini device is MIDI performance data and practice insights — nothing that could identify a student.
Data transfers only to the device owner
When a student syncs their Blini device, data can only be transferred to the account of that device's registered owner. There is no way for a student to accidentally — or intentionally — access or transfer a peer's practice data.
Data is used only to serve students and teachers
At the class level, practice data collected by Blini is used exclusively to generate student insights and teacher analytics within the Blini platform. No secondary use. No behavioral profiling. No third-party analytics.
We never sell student data
Student data is never sold, shared with advertisers, or used for commercial purposes unrelated to the Blini service. Full stop.
COPPA and FERPA : our directional stance
Note: Blini is currently in pilot phase. The following reflects our design intent and operational approach. We will publish formal compliance documentation prior to broad commercial launch.
COPPA (Children's Online Privacy Protection Act)
Blini is designed to be used in a school context, where the school (acting as an agent for parents) provides consent for student participation. We do not collect personal information directly from students under 13 without verifiable parental consent or school authorization under the school-consent exception.
We collect only the data necessary to provide the practice tracking service: practice session metadata, pitch/tone analytics, and account information managed by the teacher. We do not collect contact information from students.
FERPA (Family Educational Rights and Privacy Act)
We treat the practice data collected through Blini as education records under FERPA. We operate as a "school official" with a "legitimate educational interest", meaning we have access to student data only to the extent necessary to provide the service.
Student records are accessible to teachers and school administrators within their own institution. We do not share records across institutions. Schools retain ownership and control of their students' data.
Security posture
TLS 1.3 in transit
All communication between devices, apps, and servers is encrypted with TLS 1.3.
AES-256 at rest
Stored data, including practice records and account information, is encrypted at rest.
Minimal data collection
We collect only what's needed for the service. No behavioral tracking, no ad tech.
Role-based access
Teachers see only their own students. Students see only their own data. Access is strictly scoped.
No third-party data sharing
We do not share student data with third parties except as required to operate the service (e.g., cloud hosting).
Regular security reviews
We conduct security reviews and will engage third-party penetration testing prior to public launch.