Trust is a key building block in brightwheel’s promise to put you first, with ongoing improvements to ensure the safety, privacy, security, and reliability of your experience. We are proud to offer:

If you need to print the FAQs contained in the article for your program, right-click in your browser window and select Print!

Brightwheel has the largest engineering team in the early education industry. In addition to 24x7 monitoring of all production data and infrastructure, there is an ongoing investment to employ the latest technology to keep your data safe.

All brightwheel application servers and databases are hosted within Amazon Web Services (AWS) data centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. AWS data center operations are accredited under:

Data center staff monitor electrical, mechanical, and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

View AWS SOC Compliance information here.

All brightwheel software is under continuous review. Brightwheel also undergoes periodic third-party security audits to ensure the safety of our application and infrastructure.

We do not sell any personal information to third parties, and your personal data is only used in accordance with our Privacy Policy. Programs can upload data, and they can access, download, or request that data from us at any time.

Brightwheel has partnered with a payment processor (Stripe) that is certified as PCI Level 1, the most stringent level of certification available. See their security site for detailed information about their security measures.

No one at brightwheel has any access to any customer banking records, and all families using brightwheel for payment have to go through a two-step authentication process to verify their accounts.

Brightwheel enables programs to stay compliant with FERPA. The Terms of Service and Privacy Policy have been written to protect student information in accordance with the FERPA requirements.

For HIPAA guidance, it is recommended you contact a HIPAA compliance officer directly. Although brightwheel meets many of the requirements of HIPAA, brightwheel does not certify HIPAA compliance for its platform. It’s important to note that the U.S. Department of Health & Human Services (HHS) has stated that HIPAA regulations do not apply to the type of information stored and collected in brightwheel or similar software. HHS explains that HIPAA does not apply to schools in most cases because a school: “(1) is not a HIPAA covered entity or (2) is a HIPAA covered entity but maintains health information only on students in records that are by definition “education records” under FERPA and, therefore, is not subject to the HIPAA Privacy Rule.

At this time, single sign-on is not a feature available on the brightwheel application. However, brightwheel is the most secure all-in-one childcare and preschool software, setting the standard as the first and only early education app to offer two-factor authentication at sign-in for enhanced account protection.

There is 24x7 monitoring by an in-house dedicated team, and if there is any suspicious activity observed, there are protocols in place to investigate and take action immediately, depending on the situation.

To catch any unusual account activity, there are email notices sent to admins anytime a new admin is added to the program and to parents anytime a new student contact has been added for their student. These email notices are immediate security measures in place to alert you of any unusual activity. Ensure you review these security notices to determine the appropriate steps to follow in the event you do not recognize the activity.

We have a full team dedicated to monitoring payments and use industry-leading software to pre-emptively block high-risk charges. Our payment processor, Stripe, uses a machine learning model and has a vast network of data to determine if cards or individuals have been involved in fraud or disputes in the past.

If a payer uses a fraudulent card that is later disputed, we will work with the program one-on-one to determine the best path forward. We understand how devastating this scenario can be, so our payment operations team looks at each case individually and communicates with your program to support you.

Activated parents can access their accounts until they are deactivated or removed from the student’s profile by the program. Activated parents and admins can request a parent’s account be deactivated, but the parent will ultimately have to finalize the deactivation using a link sent to them via email. Admins can remove a parent from a student’s profile at any time as well.

We suggest that a program administrator export any profile attachments and timecard/payroll reports needed for the staff member and then delete the profile.

It’s important to make sure that you export any information needed prior to deleting the profile to make this process as smooth as possible. It’s also important to note that once a staff member has been removed from brightwheel, their name will no longer appear in the drop-down menu when viewing Timecards and Payroll reports. If a report needs to be run after an employee has already been removed, please see our payroll for removed staff resource.

What actions can I take to keep my account as secure as possible?

How should I manage any photos and videos I’ve taken on my personal device and uploaded to brightwheel?

We recommend establishing a weekly practice of deleting all photos and videos you’ve taken on your personal device once they’ve been uploaded and shared to a student’s feed. This is a best practice to ensure photos and videos that don’t need to be don’t continue to be stored on your device.

What are the best practices for shared logins?

We strongly recommend you avoid sharing login information at your program. If multiple staff are using the same device, use Room Device Mode. If staff already share a login, remember to change passwords at the time of termination.

How can I best manage staff access at my program?

Review our Teacher and Staff Permissions resource to understand what role options are available to use in your program and then assign staff the appropriate role depending on your program’s needs.

How can I leverage brightwheel further to improve my program’s security and offerings?

If you’re not already using brightwheel Billing, we highly recommend implementing this feature in your program! You can encourage families to pay online using brightwheel, and they can add their own payment details. This way, families directly enter their payment details, and your program is not responsible for storing their information or safeguarding checks/cash until deposited.