Bloss Video and Photograph Policy
The purpose and scope of this policy
https://blossapp.com (the “Site”) and bloss app may include videos and photographs uploads (collectively, the “Content”), created by users of the Site in relation to the chat forum ‘The Clinic’ (detailed further below). This Content may include images or other personal information relating to children and young people.
The purpose of this policy is to:
- protect children and young people who may feature in the Content;
- set out the overarching principles that guide our approach to photographs/videos being taken of children and young people and uploaded to the Site; and
- ensure that we operate in line with our values and within the law when creating, using and sharing images of children and young people.
This policy has been created on the basis of legislation, policy and guidance that seeks to protect children in the United Kingdom.
We believe that:
- children and young people should never experience abuse of any kind; and
- we have a responsibility to promote the welfare of all children and young people and facilitate the sharing and use of the Content safely.
We have the authority to deem any Content inappropriate and, if deemed so, such Content will be removed from the Site.
We recognise that:
- sharing Content may be necessary in order to obtain advice from experts via The Clinic section of the Site and App;
- children, their parents and guardians have a right to decide whether their images are taken and how these may be used;
- consent to take images of children is only meaningful when children, their parents and carers understand how the images will be used and stored, and are fully aware of the potential risks associated with the use and distribution of these images; and
- there are potential risks associated with sharing images of children online.
However, before uploading content, Site users should seek to keep children and young people safe by:
- wherever possible, asking for written consent from a child and their parents or carers before taking and using a child’s image;
- wherever possible, explaining what images will be used for, how they will be stored and what potential risks are associated with sharing images of children;
- making it clear that if a child or their family withdraw consent for an image to be shared, it may not be possible to delete images that have already been shared or published;
- changing the names of children whose images are being used on the Site whenever possible (and only using first names if you do need to identify them);
- never publishing personal information about individual children and disguising any identifying information (for example the name of their school or a school uniform with a logo);
- reducing the risk of images being copied and used inappropriately by:
- only using images of children in appropriate clothing; and
- avoiding full face shots of children.
Any user uploading Content to the Site is solely responsible for its publication.
The Clinic and the safeguards we employ
The Clinic is a publicly accessible Site where data sharing and messaging, in particular, is encouraged. The Clinic has been designed on the premise of a digital forum where online discussion and sharing of views/challenges takes place. The sharing happens between both experts and users. A question may be posed or answered by an expert on the Site.
Preconditions for users to be able to access The Clinic, include that the person is signed up and logged in to the Site. Auth0 is used to support user authentication in the API gateway which follows numerous compliance standards outlined here.
Upon sign up the following information is collected:
- Email address
- Password (encrypted)
Data (including text, images and video) are stored securely using CloudSQL. Access to this is restricted with Identity Access Management (IAM). Databases are not publicly accessible. Google Cloud encrypts data at rest by default and backups are also encrypted and stored privately, and are not accessible outside of the GCP infrastructure. Secure Sockets Layer (SSL) certificates are in place.
Images: WordPress data is stored in Google Cloud Platform (Cloud Storage), Mobile is stored in Cloudinary.
Video: WordPress stores data in JetPack VideoPress, Mobile data is stored in Cloudinary.
A post, including its contents (image, video), made by a user and published on The Clinic is available to all registered users on the Site. There is an option for users to publish posts anonymously which will remove their name and details from the post.