Privacy Policy

Privacy-First by Design

Your privacy is the foundation of Bloom Journal. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our journaling application. Important: Bloom Journal is currently in pre-launch phase and available through our waitlist program.

As an independent developer, we are committed to transparency and giving you complete control over your personal data. Your journal is yours alone, and we implement privacy-by-design principles in every aspect of our service.

By using Bloom Journal or joining our waitlist, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

Zero-Knowledge Architecture

Bloom Journal is built with a zero-knowledge architecture, meaning:

• I cannot read your entries: All journal content is encrypted with keys only you control
• No server-side processing: All AI analysis happens on your device only
• Local-first storage: Your entries are stored locally on your device first

Information We Collect

Personal Information You Provide

We collect the following personal information that you voluntarily provide:

• Account Information: Email address, username, profile information
• Journal Content: Text entries, voice recordings, photos, and media (all encrypted end-to-end)
• App Preferences: Settings, themes, notification preferences
• Communications: Feedback, support requests, and correspondence with us
• Waitlist Information: Email address and communication preferences (pre-launch)

Information Automatically Collected

We automatically collect limited technical information necessary for app functionality:

• Device Information: Device type, operating system version, app version
• Usage Analytics: Feature usage, session duration, performance metrics (anonymized)
• Crash Reports: Technical diagnostic data to improve app stability
• Log Data: IP address, access times, and error logs (temporarily retained)

Information We Do NOT Collect

• Contact lists or address books
• Browsing history or web activity
• Financial or payment information (handled by Apple)
• Health or medical data
• Biometric data (Face ID/Touch ID processed on-device only)

How We Protect Your Data

Encryption & Security

• Secure Enclave: Encryption keys stored in your device's secure hardware
• Biometric Protection: Face ID, Touch ID, and passcode authentication
• No Cloud Keys: Encryption keys never leave your device

Additional Privacy Features

• Decoy Mode: Create fake entries to protect real content under duress
• Screen Protection: Prevent screenshots of sensitive content
• Offline First: App works fully offline, no network required for core features

AI and Machine Learning

Bloom Journal uses AI to provide insights and recommendations, but your privacy remains paramount:

• On-Device Only: All AI processing happens on your device, data never leaves
• No Training Data: Your entries are never used to train AI models
• Private Insights: Mood analysis and patterns computed locally
• Optional Features: You can disable AI features entirely if preferred

How We Use Your Information

We use your personal information only for the following purposes:

• App Functionality: Provide journaling features, sync across devices, data backup
• Personalization: Customize your experience, remember preferences
• Communication: Send important updates, respond to support requests
• Improvement: Analyze usage patterns to enhance app features (anonymized data only)
• Security: Protect against fraud, abuse, and security threats
• Legal Compliance: Meet legal obligations and enforce our terms

Legal Basis for Processing (GDPR)

• Consent: When you explicitly agree to data processing
• Contract Performance: To provide the services you've requested
• Legitimate Interest: For app improvement and security (anonymized data)
• Legal Obligation: When required by applicable laws

Data Sharing and Third Parties

We do not sell, trade, rent, or share your personal information with third parties for marketing purposes, ever. Limited sharing occurs only in these specific circumstances:

Service Providers

• Apple iCloud: Encrypted data backup and sync (if you enable this feature)
• Analytics Services: Anonymous, aggregated usage statistics only
• Email Service: For sending notifications and communications (waitlist emails)
• Cloud Infrastructure: Secure servers for app backend (encrypted data only)

Legal Requirements

• When required by law, court order, or legal process
• To protect rights, property, or safety of users or others
• In connection with legal proceedings or investigations
• Note: Due to encryption, we may not be technically able to access your journal content even when legally required

Your Data Rights

You have complete control over your data:

• Full Export: Download all your data in JSON or text format
• Selective Deletion: Delete individual entries or all data
• Account Deletion: Permanently delete your account and all associated data
• Privacy Dashboard: View exactly what data is stored and how it's used
• Granular Controls: Choose which features to enable or disable
• Data Portability: Take your data with you if you stop using the app

Data Retention

Your journal entries and personal data are retained only as long as you want them. When you delete content or your account, all associated data is permanently and securely deleted within 30 days. There are no hidden backups or data remnants.

Children's Privacy (COPPA Compliance)

Bloom Journal is designed for users 13 and older. We do not knowingly collect, use, or share personal information from children under 13 without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we discover that we have inadvertently collected personal information from a child under 13, we will:

• Delete the information immediately
• Not use or share the information
• Take steps to prevent future collection from that user

Parents: If you believe your child under 13 has provided personal information to us, please contact us immediately at the contact information below, and we will promptly delete all associated data.

International Users and Data Transfers

Bloom Journal complies with international privacy laws including:

• GDPR: European Union General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
• LGPD: Lei Geral de Proteção de Dados (Brazil)
• Other applicable regional privacy regulations

Data Transfers: Your personal information may be processed in countries other than your own. When we transfer data internationally, we implement appropriate safeguards including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions by competent data protection authorities
• Strong encryption and security measures
• Compliance with applicable data protection laws

Changes to This Policy

I may update this Privacy Policy to reflect new features or legal requirements. Any significant changes will be communicated through the app with at least 30 days' notice. Your continued use after changes constitutes acceptance, or you may delete your account if you disagree.

Contact Information and Data Protection Officer

For any privacy-related questions, concerns, or requests regarding your personal data, you can contact us:

• Email: privacy@bloomjournal.app
• Response Time: We will respond to all privacy inquiries within 30 days
• Data Protection Officer: Available for GDPR-related inquiries

You also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your privacy concerns adequately.